Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Keep receiving Security Request, Outbound Traffic Detected - Norton Po

Outbound Traffic Detected Norton Power Eraser Security Request

  • This topic is locked This topic is locked

#1
sleepyheads

sleepyheads

    New Member

  • Member
  • Pip
  • 9 posts

Hi, I keep receiving a "Security Request" Message.  It states that "Outbound Traffic Detected" and asks "Do you want to run Norton Power Eraser?"  Message will not go away...tried running Norton Power Eraser, checking box to not show this message...hitting cancel...nothing keeps this message from reappearing.  Thanks.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Bradley (administrator) on FATHERSDAYGIFT on 16-07-2015 10:56:57
Running from C:\Users\Bradley\Downloads
Loaded Profiles: Bradley (Available Profiles: Bradley)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Mindspark) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.0.124\NAV.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Rational Thought Solutions) C:\ProgramData\BRHCkQgSxr\xuhsepi.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.0.124\NAV.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(© 2015 Microsoft Corporation) C:\Users\Bradley\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Cisco) C:\Users\Bradley\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
() C:\Users\Bradley\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Octoshape ApS) C:\Users\Bradley\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.0.124\coNatHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-03-28] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-03-28] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [MapsGalaxy EPM Support] => "C:\PROGRA~2\MAPSGA~1\bar\1.bin\39medint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [MapsGalaxy AppIntegrator 32-bit] => C:\PROGRA~2\MAPSGA~1\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [MapsGalaxy AppIntegrator 64-bit] => C:\PROGRA~2\MAPSGA~1\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [FromDocToPDF EPM Support] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65medint.exe [11600 2015-06-08] (Mindspark)
HKLM-x32\...\Run: [MetroHotspot EPM Support] => "C:\PROGRA~2\METROH~1\bar\1.bin\ebmedint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [MetroHotspot AppIntegrator 32-bit] => C:\PROGRA~2\METROH~1\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [MetroHotspot AppIntegrator 64-bit] => C:\PROGRA~2\METROH~1\bar\1.bin\AppIntegrator64.exe
HKU\S-1-5-21-1235946050-1756256705-822490824-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1381648 2015-06-11] (Lavasoft)
HKU\S-1-5-21-1235946050-1756256705-822490824-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-1235946050-1756256705-822490824-1001\...\Run: [BingSvc] => C:\Users\Bradley\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1235946050-1756256705-822490824-1001\...\Run: [PCShowServer] => C:\Users\Bradley\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1631520 2015-05-21] (Cisco)
HKU\S-1-5-21-1235946050-1756256705-822490824-1001\...\Run: [Octoshape Streaming Services] => C:\Users\Bradley\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton AntiVirus\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton AntiVirus\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton AntiVirus\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
HKU\S-1-5-21-1235946050-1756256705-822490824-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
HKU\S-1-5-21-1235946050-1756256705-822490824-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
HKU\S-1-5-21-1235946050-1756256705-822490824-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/
URLSearchHook: HKU\S-1-5-21-1235946050-1756256705-822490824-1001 - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll No File
URLSearchHook: HKU\S-1-5-21-1235946050-1756256705-822490824-1001 - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
URLSearchHook: HKU\S-1-5-21-1235946050-1756256705-822490824-1001 - (No Name) - {cfd3c45d-7b48-42cb-8406-7d2479a6c60f} - C:\Program Files (x86)\MetroHotspot_eb\bar\1.bin\ebSrcAs.dll No File
SearchScopes: HKLM -> {8651C12D-0A87-47F5-AC22-46527D8CC5B4} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {8651C12D-0A87-47F5-AC22-46527D8CC5B4} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKU\S-1-5-21-1235946050-1756256705-822490824-1001 -> {8651C12D-0A87-47F5-AC22-46527D8CC5B4} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-1235946050-1756256705-822490824-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1235946050-1756256705-822490824-1001 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...r={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-26] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton AntiVirus\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-26] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Toolbar BHO -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} -> C:\PROGRA~2\MAPSGA~1\bar\1.bin\39bar.dll No File
BHO-x32: Search Assistant BHO -> {31262cad-1eef-42a3-acb5-e61cb31d530c} -> C:\Program Files (x86)\MetroHotspot_eb\bar\1.bin\ebSrcAs.dll No File
BHO-x32: Toolbar BHO -> {45e5803d-afb8-4d58-b0fb-81730a03fa98} -> C:\PROGRA~2\METROH~1\bar\1.bin\ebbar.dll No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Search Assistant BHO -> {71c1d63a-c944-428a-a5bd-ba513190e5d2} -> C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll No File
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Toolbar BHO -> {a235e1e3-6296-4710-af39-104a7faa6c7c} -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll [2015-06-08] (Mindspark)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Search Assistant BHO -> {f236ca79-3123-4afb-9f74-e98117ad5625} -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll [2015-06-08] (Mindspark)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton AntiVirus\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKLM-x32 - MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll No File
Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll [2015-06-08] (Mindspark)
Toolbar: HKLM-x32 - MetroHotspot - {4d6b1f44-cb4a-4f1b-9f2c-68f71589a37d} - C:\Program Files (x86)\MetroHotspot_eb\bar\1.bin\ebbar.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1235946050-1756256705-822490824-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-06-26] (Microsoft Corporation)
Winsock: Catalog9 01 C:\windows\SysWOW64\LavasoftTcpService.dll [342016 2015-06-11] (Lavasoft Limited)
Winsock: Catalog9 02 C:\windows\SysWOW64\LavasoftTcpService.dll [342016 2015-06-11] (Lavasoft Limited)
Winsock: Catalog9 03 C:\windows\SysWOW64\LavasoftTcpService.dll [342016 2015-06-11] (Lavasoft Limited)
Winsock: Catalog9 04 C:\windows\SysWOW64\LavasoftTcpService.dll [342016 2015-06-11] (Lavasoft Limited)
Winsock: Catalog9 16 C:\windows\SysWOW64\LavasoftTcpService.dll [342016 2015-06-11] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\windows\system32\LavasoftTcpService64.dll [422400 2015-06-11] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\windows\system32\LavasoftTcpService64.dll [422400 2015-06-11] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\windows\system32\LavasoftTcpService64.dll [422400 2015-06-11] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\windows\system32\LavasoftTcpService64.dll [422400 2015-06-11] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\windows\system32\LavasoftTcpService64.dll [422400 2015-06-11] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{7AECC379-3B27-478A-930E-757E76499896}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-31] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-26] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-17] ()
FF Plugin HKU\S-1-5-21-1235946050-1756256705-822490824-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Bradley\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-1235946050-1756256705-822490824-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Bradley\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Bradley\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-07-12] (Octoshape ApS)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.0.124\coFFPlgn [2015-07-15]
 
Chrome: 
=======
CHR Profile: C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-11]
CHR Extension: (Google Docs) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-11]
CHR Extension: (Google Drive) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-11]
CHR Extension: (YouTube) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-11]
CHR Extension: (Bing) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2015-07-11]
CHR Extension: (Norton Security Toolbar) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-07-12]
CHR Extension: (Google Search) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-11]
CHR Extension: (Google Sheets) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-11]
CHR Extension: (Norton Identity Safe) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-06-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-11]
CHR Extension: (Norton Safe) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-07-15]
CHR Extension: (Google Wallet) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-11]
CHR Extension: (Norton Security Toolbar) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-07-12]
CHR Extension: (Gmail) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-11]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.0.124\Exts\Chrome.crx [2015-07-11]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-1235946050-1756256705-822490824-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.0.124\Exts\Chrome.crx [2015-07-11]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
R2 FromDocToPDF_65Service; C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe [89424 2015-06-08] (Mindspark)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-17] (WildTangent)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-03-31] (Intel Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751792 2015-06-11] (Lavasoft Limited)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.0.124\NAV.exe [282016 2015-06-17] (Symantec Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [13312 2015-06-11] () [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-03-28] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 XuHSePi; C:\ProgramData\BRHCkQgSxr\XuHSePi.exe [2731504 2015-06-27] (Rational Thought Solutions)
S2 MapsGalaxy_39Service; C:\PROGRA~2\MAPSGA~1\bar\1.bin\39barsvc.exe [X]
S2 MetroHotspot_ebService; C:\PROGRA~2\METROH~1\bar\1.bin\ebbarsvc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7545008 2014-01-29] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.0.124\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-22] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 BtwSerialBus; C:\Windows\System32\drivers\BtwSerialBus.sys [150744 2013-09-09] (Broadcom Corporation.)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1605000.07C\ccSetx64.sys [165080 2015-06-04] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-06-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-06-16] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.0.124\Definitions\IPSDefs\20150715.001\IDSvia64.sys [692984 2015-07-10] (Symantec Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2014-03-31] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.0.124\Definitions\VirusDefs\20150715.041\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.0.124\Definitions\VirusDefs\20150715.041\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1605000.07C\SRTSP64.SYS [917720 2015-06-04] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1605000.07C\SRTSPX64.SYS [42200 2015-06-04] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NAVx64\1605000.07C\SYMEFASI64.SYS [1611992 2015-06-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1605000.07C\SymELAM.sys [23568 2015-06-04] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-07-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1605000.07C\Ironx64.SYS [288984 2015-06-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1605000.07C\SYMNETS.SYS [567512 2015-06-04] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-16 10:56 - 2015-07-16 10:57 - 00027340 _____ C:\Users\Bradley\Downloads\FRST.txt
2015-07-16 10:56 - 2015-07-16 10:56 - 00000000 ____D C:\FRST
2015-07-16 10:55 - 2015-07-16 10:55 - 02133504 _____ (Farbar) C:\Users\Bradley\Downloads\FRST64.exe
2015-07-15 20:41 - 2015-07-15 20:41 - 07726856 _____ (McAfee, Inc.) C:\Users\Bradley\Downloads\McAfeeSetup.exe
2015-07-15 15:28 - 2015-07-15 15:28 - 00000000 ____D C:\Users\Bradley\AppData\Local\CrashDumps
2015-07-14 23:51 - 2015-07-15 20:50 - 00000000 ____D C:\NPE
2015-07-14 23:48 - 2015-07-14 23:48 - 03088296 _____ (Symantec Corporation) C:\Users\Bradley\Downloads\NPE.exe
2015-07-14 22:57 - 2015-07-15 20:52 - 00000000 ____D C:\Users\Bradley\AppData\Local\NPE
2015-07-14 20:12 - 2015-07-14 20:12 - 00001132 _____ C:\Users\Bradley\Desktop\join.me.lnk
2015-07-14 20:12 - 2015-07-14 20:12 - 00001132 _____ C:\Users\Bradley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2015-07-14 20:12 - 2015-07-14 20:12 - 00000000 ____D C:\Users\Bradley\AppData\Local\LogMeIn
2015-07-14 20:12 - 2015-07-14 20:12 - 00000000 ____D C:\ProgramData\LogMeIn
2015-07-14 19:16 - 2015-07-14 20:12 - 00000000 ____D C:\Users\Bradley\AppData\Local\join.me
2015-07-14 19:06 - 2015-07-16 10:05 - 00000604 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-1235946050-1756256705-822490824-1001.job
2015-07-14 19:06 - 2015-07-16 09:09 - 00000700 _____ C:\windows\Tasks\G2MUploadTask-S-1-5-21-1235946050-1756256705-822490824-1001.job
2015-07-14 19:06 - 2015-07-14 19:06 - 00003716 _____ C:\windows\System32\Tasks\G2MUploadTask-S-1-5-21-1235946050-1756256705-822490824-1001
2015-07-14 19:06 - 2015-07-14 19:06 - 00003620 _____ C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1235946050-1756256705-822490824-1001
2015-07-14 19:06 - 2015-07-14 19:06 - 00000000 ____D C:\Users\Bradley\AppData\Local\Citrix
2015-07-14 15:08 - 2015-06-27 23:07 - 00442712 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-07-14 15:08 - 2015-06-27 23:07 - 00178008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-07-14 15:08 - 2015-06-27 23:06 - 01311960 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-07-14 15:08 - 2015-06-27 23:06 - 00332120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-07-14 15:08 - 2015-06-27 10:42 - 00747520 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-07-14 15:08 - 2015-06-26 21:13 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-07-14 15:08 - 2015-06-26 21:12 - 00401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-07-14 15:08 - 2015-06-26 21:12 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-07-14 15:08 - 2015-06-26 20:40 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-07-14 15:08 - 2015-06-26 20:05 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-07-14 15:08 - 2015-06-26 20:00 - 00989184 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-07-14 15:08 - 2015-06-26 19:53 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-07-14 15:08 - 2015-06-26 19:26 - 00802816 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-07-14 15:08 - 2015-06-24 20:31 - 04177920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-07-14 15:08 - 2015-06-15 16:41 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2015-07-14 15:08 - 2015-06-15 16:24 - 03320320 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-07-14 15:08 - 2015-06-15 15:16 - 00059904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2015-07-14 15:08 - 2015-06-15 15:09 - 03607552 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-07-14 15:08 - 2015-06-15 14:50 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-07-14 15:08 - 2015-06-15 13:57 - 02460160 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-07-14 15:08 - 2015-05-11 12:17 - 01201664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2015-07-14 15:08 - 2015-05-07 11:50 - 22292672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-07-14 15:08 - 2015-05-07 11:00 - 03109376 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2015-07-14 15:08 - 2015-05-07 10:53 - 19734960 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-07-14 15:08 - 2015-05-07 10:12 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2015-07-14 15:08 - 2015-05-07 09:21 - 00522240 _____ (Microsoft Corporation) C:\windows\system32\GeofenceMonitorService.dll
2015-07-14 15:08 - 2015-05-07 09:05 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\GeofenceMonitorService.dll
2015-07-14 15:08 - 2015-05-02 18:39 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-07-14 15:08 - 2015-04-29 17:22 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\WiFiDisplay.dll
2015-07-14 15:08 - 2015-04-24 20:25 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys
2015-07-14 15:08 - 2014-11-04 13:25 - 00059712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\kbdclass.sys
2015-07-14 15:08 - 2014-11-04 13:25 - 00051008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mouclass.sys
2015-07-14 15:08 - 2014-11-04 00:55 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sermouse.sys
2015-07-14 15:08 - 2014-11-04 00:54 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\i8042prt.sys
2015-07-14 15:08 - 2014-11-04 00:54 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\kbdhid.sys
2015-07-14 15:08 - 2014-11-04 00:54 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mouhid.sys
2015-07-14 15:07 - 2015-07-09 13:51 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-07-14 15:07 - 2015-07-09 12:40 - 00359936 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-07-14 15:07 - 2015-07-09 10:03 - 03701760 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-07-14 15:07 - 2015-07-09 09:54 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-07-14 15:07 - 2015-07-09 09:53 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-07-14 15:07 - 2015-07-09 09:50 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-07-14 15:07 - 2015-07-09 09:50 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-07-14 15:07 - 2015-07-09 09:48 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-07-14 15:07 - 2015-07-09 09:46 - 02229248 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-07-14 15:07 - 2015-07-09 09:38 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-07-14 15:07 - 2015-07-09 09:37 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-07-14 15:07 - 2015-07-09 09:35 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-07-14 15:07 - 2015-07-09 09:34 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-07-14 15:07 - 2015-07-03 07:52 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-07-14 15:07 - 2015-07-03 07:52 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-07-14 15:07 - 2015-07-03 07:50 - 00301056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-07-14 15:07 - 2015-07-03 07:50 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-07-14 15:07 - 2015-06-26 21:08 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-07-14 15:07 - 2015-06-26 21:08 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-07-14 15:07 - 2015-06-26 20:14 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-07-14 15:07 - 2015-06-15 16:39 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-07-14 15:07 - 2015-06-15 16:38 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-07-14 15:07 - 2015-06-15 16:26 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-07-14 15:07 - 2015-06-15 16:24 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-07-14 15:07 - 2015-06-15 16:02 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2015-07-14 15:07 - 2015-06-15 15:58 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-07-14 15:07 - 2015-06-15 15:57 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-07-14 15:07 - 2015-06-15 15:56 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-07-14 15:07 - 2015-06-15 15:55 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-07-14 15:07 - 2015-06-15 15:49 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-07-14 15:07 - 2015-06-15 15:41 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-07-14 15:07 - 2015-06-15 15:38 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-07-14 15:07 - 2015-06-15 15:36 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-07-14 15:07 - 2015-06-15 15:17 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-07-14 15:07 - 2015-06-15 15:16 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-07-14 15:07 - 2015-06-15 15:15 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-07-14 15:07 - 2015-06-15 15:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-07-14 15:07 - 2015-06-15 15:04 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-07-14 15:07 - 2015-06-15 15:03 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-07-14 15:07 - 2015-06-15 14:52 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-07-14 15:07 - 2015-06-15 14:47 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2015-07-14 15:07 - 2015-06-15 14:44 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-07-14 15:07 - 2015-06-15 14:43 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-07-14 15:07 - 2015-06-15 14:42 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-07-14 15:07 - 2015-06-15 14:41 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-07-14 15:07 - 2015-06-15 14:37 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-07-14 15:07 - 2015-06-15 14:32 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-07-14 15:07 - 2015-06-15 14:31 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-07-14 15:07 - 2015-06-15 14:30 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-07-14 15:07 - 2015-06-15 14:30 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-07-14 15:07 - 2015-06-15 14:17 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-07-14 15:07 - 2015-06-15 14:07 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-07-14 15:07 - 2015-06-15 14:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-07-14 15:07 - 2015-05-30 15:18 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-07-14 15:07 - 2015-05-30 13:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-07-14 15:07 - 2015-05-30 13:35 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-07-14 15:06 - 2015-06-29 16:43 - 00026288 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-07-14 15:06 - 2015-06-29 09:07 - 01145856 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-07-14 15:06 - 2015-06-29 09:07 - 01084928 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-07-14 15:06 - 2015-06-29 09:07 - 00764928 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-07-14 15:06 - 2015-06-29 09:07 - 00433152 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-07-14 15:06 - 2015-06-29 09:07 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-07-14 15:06 - 2015-06-26 17:21 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-07-14 15:06 - 2015-06-26 17:21 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-07-14 15:06 - 2015-06-15 23:36 - 01661576 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2015-07-14 15:06 - 2015-06-15 23:36 - 01212248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2015-07-14 15:06 - 2015-06-10 21:49 - 01380600 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-07-14 15:06 - 2015-06-10 10:13 - 01097216 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-07-14 15:06 - 2015-05-12 07:19 - 00294912 _____ (Microsoft Corporation) C:\windows\system32\SystemEventsBrokerServer.dll
2015-07-14 15:06 - 2015-05-11 10:34 - 00332800 _____ (Microsoft Corporation) C:\windows\system32\fhcpl.dll
2015-07-14 15:06 - 2015-05-07 10:47 - 00564224 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-07-14 15:06 - 2015-05-03 09:09 - 00274944 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-14 15:06 - 2015-05-03 08:58 - 00210944 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-14 15:06 - 2015-05-03 08:55 - 00971776 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2015-07-14 15:06 - 2015-05-03 08:49 - 00811008 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2015-07-14 15:06 - 2015-05-01 17:33 - 00410739 _____ C:\windows\system32\ApnDatabase.xml
2015-07-14 15:06 - 2015-04-28 07:13 - 00513480 _____ C:\windows\SysWOW64\locale.nls
2015-07-14 15:06 - 2015-04-28 07:13 - 00513480 _____ C:\windows\system32\locale.nls
2015-07-14 15:06 - 2015-04-23 09:47 - 03084288 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2015-07-14 15:05 - 2015-07-02 15:21 - 19877376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-07-14 15:05 - 2015-07-02 14:50 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-07-14 15:05 - 2015-07-02 14:49 - 25193984 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-07-14 15:05 - 2015-07-02 14:23 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-07-14 15:05 - 2015-07-02 14:19 - 12855296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-07-14 15:05 - 2015-07-02 13:55 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-07-14 15:05 - 2015-07-02 13:20 - 14453248 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-07-14 15:05 - 2015-07-02 12:59 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-07-14 15:05 - 2015-07-01 16:08 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-07-14 15:05 - 2015-07-01 15:14 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-07-14 15:05 - 2015-05-03 09:07 - 07784448 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2015-07-14 15:05 - 2015-05-03 08:57 - 05264384 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-14 15:05 - 2015-04-23 09:16 - 02471424 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2015-07-14 11:53 - 2015-07-14 11:53 - 00001772 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-14 11:53 - 2015-07-14 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-14 11:53 - 2015-07-14 11:53 - 00000000 ____D C:\Program Files\iTunes
2015-07-14 11:53 - 2015-07-14 11:53 - 00000000 ____D C:\Program Files\iPod
2015-07-14 11:53 - 2015-07-14 11:53 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-13 12:05 - 2015-07-13 12:05 - 00023745 _____ C:\Users\Bradley\Downloads\usaa_quicken (10).qfx
2015-07-12 23:48 - 2015-07-12 23:48 - 00023745 _____ C:\Users\Bradley\Downloads\usaa_quicken (9).qfx
2015-07-12 10:30 - 2015-07-12 10:30 - 14994072 _____ (DIRECTV) C:\Users\Bradley\Downloads\DIRECTV_Player_12.1.exe
2015-07-12 10:30 - 2015-07-12 10:30 - 00000000 ____D C:\Users\Bradley\AppData\Roaming\Octoshape
2015-07-12 10:30 - 2015-07-12 10:30 - 00000000 ____D C:\Users\Bradley\AppData\Roaming\Mozilla
2015-07-12 10:30 - 2015-07-12 10:30 - 00000000 ____D C:\Users\Bradley\AppData\Local\Octoshape
2015-07-12 10:30 - 2015-07-12 10:30 - 00000000 ____D C:\Users\Bradley\AppData\Local\DIRECTV Player
2015-07-11 15:10 - 2015-07-11 15:10 - 00000000 ____D C:\windows\System32\Tasks\Norton AntiVirus
2015-07-11 15:04 - 2015-07-11 15:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
2015-07-11 14:34 - 2015-07-11 14:34 - 00000000 ____D C:\Users\Bradley\Tracing
2015-07-11 14:11 - 2015-07-16 10:51 - 00000000 ____D C:\Users\Bradley\AppData\Roaming\Skype
2015-07-11 14:11 - 2015-07-11 14:11 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-07-11 14:11 - 2015-07-11 14:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-11 14:11 - 2015-07-11 14:11 - 00000000 ____D C:\Users\Bradley\AppData\Local\Skype
2015-07-11 14:11 - 2015-07-11 14:11 - 00000000 ____D C:\ProgramData\Skype
2015-07-11 14:11 - 2015-07-11 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-11 14:09 - 2015-07-11 14:10 - 40440448 _____ (Skype Technologies S.A.) C:\Users\Bradley\Downloads\SkypeSetupFull.exe
2015-07-08 23:41 - 2015-07-08 23:41 - 00026470 _____ C:\Users\Bradley\Downloads\usaa_quicken (8).qfx
2015-07-06 11:14 - 2015-07-06 11:14 - 00025095 _____ C:\Users\Bradley\Downloads\usaa_quicken (7).qfx
2015-07-02 23:47 - 2015-07-02 23:47 - 00000000 ____D C:\CouponAlert
2015-07-02 23:45 - 2015-07-02 23:45 - 00026698 _____ C:\Users\Bradley\Downloads\usaa_quicken (6).qfx
2015-07-01 14:11 - 2015-07-01 14:11 - 00026848 _____ C:\Users\Bradley\Downloads\usaa_quicken (5).qfx
2015-07-01 14:09 - 2015-07-01 14:09 - 00000083 _____ C:\Users\Bradley\Downloads\dl 89372_0003434080-S0120150701.qif
2015-06-29 13:22 - 2015-06-29 13:22 - 00004895 _____ C:\Users\Bradley\Downloads\June2015_3550.qfx
2015-06-29 13:21 - 2015-06-29 13:21 - 00012775 _____ C:\Users\Bradley\Downloads\June2015_8159.qfx
2015-06-29 13:19 - 2015-06-29 13:19 - 00001295 _____ C:\Users\Bradley\Downloads\stmt.qfx
2015-06-29 13:13 - 2015-06-29 13:13 - 00018648 _____ C:\Users\Bradley\Downloads\70023277_06292015.qfx
2015-06-29 13:07 - 2015-06-29 13:07 - 00001695 _____ C:\Users\Bradley\Downloads\transactions (1).qfx
2015-06-29 13:06 - 2015-06-29 13:06 - 00002783 _____ C:\Users\Bradley\Downloads\transactions.qfx
2015-06-29 13:01 - 2015-06-29 13:01 - 00026344 _____ C:\Users\Bradley\Downloads\usaa_quicken (4).qfx
2015-06-25 13:38 - 2015-06-25 13:38 - 00000000 ____D C:\Users\Bradley\AppData\Local\Wild Tangent
2015-06-25 13:36 - 2015-06-25 13:36 - 00000000 ____D C:\ProgramData\BlueStacks
2015-06-25 13:35 - 2015-06-25 13:36 - 00000000 ____D C:\Users\Bradley\AppData\Roaming\WildTangent
2015-06-25 13:29 - 2015-06-25 13:29 - 00018504 _____ C:\Users\Bradley\Downloads\70023277_06252015.qfx
2015-06-24 16:00 - 2015-07-08 23:43 - 04124672 _____ C:\Users\Bradley\Desktop\Bradley's Quicken Data.QDF-backup
2015-06-24 15:20 - 2015-06-24 15:20 - 00029232 _____ C:\Users\Bradley\Downloads\usaa_quicken (3).qfx
2015-06-24 01:03 - 2015-06-24 01:03 - 00409656 _____ C:\Users\Bradley\Downloads\photo (5).htm
2015-06-24 00:48 - 2015-06-24 00:48 - 00035888 _____ C:\Users\Bradley\Downloads\SAM.htm
2015-06-24 00:45 - 2015-06-24 00:45 - 00365830 _____ C:\Users\Bradley\Downloads\photo (4).htm
2015-06-24 00:43 - 2015-06-24 00:43 - 00367742 _____ C:\Users\Bradley\Downloads\photo (3).htm
2015-06-24 00:40 - 2015-06-24 00:40 - 00383392 _____ C:\Users\Bradley\Downloads\photo.htm
2015-06-24 00:40 - 2015-06-24 00:40 - 00376014 _____ C:\Users\Bradley\Downloads\photo (2).htm
2015-06-24 00:40 - 2015-06-24 00:40 - 00369794 _____ C:\Users\Bradley\Downloads\photo (1).htm
2015-06-24 00:39 - 2015-06-24 00:39 - 00378061 _____ C:\Users\Bradley\Downloads\Grand pa  and grandkids old truck.htm
2015-06-24 00:37 - 2015-06-24 00:37 - 00379394 _____ C:\Users\Bradley\Downloads\photo NAOM[.htm
2015-06-24 00:36 - 2015-06-24 00:36 - 00374419 _____ C:\Users\Bradley\Downloads\Braxton.htm
2015-06-21 16:44 - 2015-06-21 16:44 - 00029525 _____ C:\Users\Bradley\Downloads\usaa_quicken (2).qfx
2015-06-21 13:37 - 2015-06-21 23:19 - 00000000 ____D C:\windows\System32\Tasks\Norton Identity Safe
2015-06-21 09:38 - 2015-06-21 09:38 - 00000000 ____D C:\Users\Bradley\Documents\Symantec
2015-06-21 09:36 - 2015-07-11 15:04 - 00003220 _____ C:\windows\System32\Tasks\Norton WSC Integration
2015-06-21 09:36 - 2015-07-11 15:04 - 00002353 _____ C:\Users\Public\Desktop\Norton AntiVirus.LNK
2015-06-21 09:36 - 2015-07-11 15:04 - 00000000 ____D C:\windows\system32\Drivers\NAVx64
2015-06-21 09:36 - 2015-07-11 13:50 - 00102616 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2015-06-21 09:36 - 2015-07-11 13:50 - 00008166 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2015-06-21 09:36 - 2015-07-11 13:50 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-06-21 09:36 - 2015-06-21 09:36 - 00000000 ____D C:\Program Files (x86)\Norton AntiVirus
2015-06-21 09:35 - 2015-03-03 07:17 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-06-21 09:31 - 2015-07-11 15:04 - 00000000 ____D C:\ProgramData\Norton
2015-06-21 09:31 - 2015-07-11 13:49 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-06-21 09:31 - 2015-06-21 09:31 - 01021888 _____ (Symantec Corporation) C:\Users\Bradley\Downloads\NortonNAVDownloader.exe
2015-06-21 09:31 - 2015-06-21 09:31 - 00001323 _____ C:\Users\Bradley\Desktop\Norton Installation Files.lnk
2015-06-19 20:41 - 2015-06-19 20:41 - 00006862 _____ C:\Users\Bradley\Downloads\usaa_quicken (1).qfx
2015-06-19 20:41 - 2015-06-19 20:41 - 00000000 ____D C:\Users\Bradley\AppData\Local\QuickenWindow
2015-06-19 20:38 - 2015-06-19 20:38 - 00029685 _____ C:\Users\Bradley\Downloads\usaa_quicken.qfx
2015-06-19 18:32 - 2015-07-02 14:01 - 00067584 ___SH C:\Users\Bradley\Desktop\Thumbs.db
2015-06-17 23:44 - 2015-06-17 23:44 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-16 10:48 - 2015-06-09 16:53 - 00003958 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{F49F3D4F-5138-4B0F-AE9F-A74CA1875FFF}
2015-07-16 10:20 - 2015-06-09 16:43 - 01187519 _____ C:\windows\WindowsUpdate.log
2015-07-16 10:18 - 2015-06-11 23:02 - 00000936 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-16 10:00 - 2013-08-22 09:36 - 00000000 ____D C:\windows\system32\sru
2015-07-16 09:31 - 2015-06-11 23:05 - 00000000 ____D C:\ProgramData\BRHCkQgSxr
2015-07-16 09:20 - 2015-06-09 17:11 - 00000000 ____D C:\Users\Bradley\AppData\Roaming\.minecraft
2015-07-16 05:29 - 2013-08-22 09:36 - 00000000 ____D C:\windows\AppReadiness
2015-07-16 04:27 - 2013-08-22 09:20 - 00000000 ____D C:\windows\CbsTemp
2015-07-16 02:51 - 2015-06-11 00:08 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-07-16 02:51 - 2015-06-11 00:08 - 00000000 ___SD C:\windows\system32\GWX
2015-07-16 01:00 - 2015-06-10 23:47 - 00005006 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for FATHERSDAYGIFT-Bradley FathersDayGift
2015-07-15 21:18 - 2015-06-13 01:31 - 00000000 ____D C:\ProgramData\Radio
2015-07-15 20:54 - 2014-03-18 03:53 - 00891920 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-15 20:51 - 2015-06-11 23:02 - 00000932 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-15 20:51 - 2015-06-09 16:51 - 00000000 ____D C:\Users\Bradley\OneDrive
2015-07-15 20:49 - 2015-06-10 11:26 - 00000370 _____ C:\windows\Tasks\HPCeeScheduleForBradley.job
2015-07-15 20:49 - 2013-08-22 08:46 - 00023384 _____ C:\windows\setupact.log
2015-07-15 20:49 - 2013-08-22 08:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-15 20:49 - 2013-08-22 08:44 - 00494928 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-15 20:48 - 2015-03-10 20:04 - 00000000 ____D C:\Program Files\Common Files\mcafee
2015-07-15 20:48 - 2013-08-22 07:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-07-15 20:47 - 2013-08-22 09:36 - 00000000 ___RD C:\windows\ToastData
2015-07-15 20:47 - 2013-08-22 09:36 - 00000000 ____D C:\windows\WinStore
2015-07-15 20:43 - 2015-03-10 20:04 - 00000000 ____D C:\ProgramData\McAfee
2015-07-15 17:30 - 2015-06-12 17:30 - 00000370 _____ C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Bradley).job
2015-07-15 15:13 - 2015-06-11 23:02 - 00003908 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 15:13 - 2015-06-11 23:02 - 00003672 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 11:41 - 2015-06-10 11:26 - 00003188 _____ C:\windows\System32\Tasks\HPCeeScheduleForBradley
2015-07-15 11:41 - 2015-06-10 11:26 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-07-15 00:22 - 2015-06-11 00:09 - 00000000 ____D C:\windows\system32\appraiser
2015-07-15 00:22 - 2015-06-11 00:08 - 00000000 ___SD C:\windows\system32\CompatTel
2015-07-15 00:22 - 2015-06-10 21:24 - 00000000 ____D C:\windows\system32\MRT
2015-07-15 00:19 - 2015-06-09 16:54 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1235946050-1756256705-822490824-1001
2015-07-14 23:59 - 2015-06-09 16:46 - 00000000 ____D C:\Users\Bradley
2015-07-14 12:13 - 2015-06-12 12:43 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 11:53 - 2015-06-13 18:15 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-13 19:56 - 2013-08-22 09:36 - 00000000 ____D C:\windows\system32\NDF
2015-07-12 08:31 - 2014-03-18 03:44 - 00103974 _____ C:\windows\PFRO.log
2015-07-12 08:31 - 2013-08-22 09:36 - 00000000 ___HD C:\windows\ELAMBKUP
2015-07-11 20:06 - 2013-08-22 07:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-07-08 10:30 - 2015-06-11 23:10 - 00003452 _____ C:\windows\System32\Tasks\Uvrinsenlaaif
2015-07-08 10:30 - 2015-06-11 23:10 - 00000000 ____D C:\ProgramData\Uvrinsenlaaif
2015-07-06 15:24 - 2015-06-11 00:13 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-06 15:24 - 2015-06-11 00:13 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-04 18:23 - 2015-06-13 18:16 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-03 08:43 - 2015-06-10 21:24 - 130333168 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-07-02 23:39 - 2015-06-10 13:51 - 00172544 ___SH C:\Users\Bradley\Downloads\Thumbs.db
2015-07-01 15:14 - 2015-06-10 23:46 - 00000000 ____D C:\Program Files (x86)\Quicken
2015-06-26 03:20 - 2015-06-10 23:42 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-25 13:38 - 2015-03-10 19:57 - 00000000 ____D C:\ProgramData\WildTangent
2015-06-25 13:36 - 2015-03-10 19:57 - 00002463 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk
2015-06-25 13:36 - 2015-03-10 19:57 - 00002447 ____N C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2015-06-25 13:36 - 2015-03-10 19:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-25 13:36 - 2015-03-10 19:57 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2015-06-22 01:38 - 2015-06-12 07:10 - 00000000 ____D C:\ProgramData\Browser
2015-06-21 09:35 - 2015-03-10 19:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-06-19 20:42 - 2015-06-11 22:41 - 00000000 ____D C:\Users\Bradley\Documents\Quicken
2015-06-17 23:44 - 2015-06-13 18:17 - 00000000 ____D C:\Users\Bradley\AppData\Roaming\Apple Computer
 
Some files in TEMP:
====================
C:\Users\Bradley\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Bradley\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Bradley\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Bradley\AppData\Local\Temp\SetupO365HomePremRetail.x86.en-US_O365HomePremRetail_QJYNJ-4BRKM-FPMTC-3G97M-FF98R_act_1_.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-08 04:30
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Bradley at 2015-07-16 10:57:21
Running from C:\Users\Bradley\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1235946050-1756256705-822490824-500 - Administrator - Disabled)
Bradley (S-1-5-21-1235946050-1756256705-822490824-1001 - Administrator - Enabled) => C:\Users\Bradley
Guest (S-1-5-21-1235946050-1756256705-822490824-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1235946050-1756256705-822490824-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton AntiVirus (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton AntiVirus (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.30.223.232 - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9130 - Broadcom Corporation)
Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.2.5214 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.2.5426 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.2.5426 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3004 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.1.3004 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4119 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
DIRECTV Player (HKLM-x32\...\{d5698223-16c2-4651-a518-092994329493}) (Version: 12.1 - DIRECTV)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden
Farmington Tales 2 - Winter Crop (x32 Version: 3.0.2.59 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
FromDocToPDF Internet Explorer Toolbar  (HKLM-x32\...\FromDocToPDF_65bar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GoToMeeting 7.2.0.2759 (HKU\S-1-5-21-1235946050-1756256705-822490824-1001\...\GoToMeeting) (Version: 7.2.0.2759 - CitrixOnline)
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{4B4EDB7B-4F54-4B86-8A4A-E1C5803CA374}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{7FE016CC-DAA9-4E21-BD2F-98390D1E6F3F}) (Version: 7.6.23.8 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6496.0 - IDT)
Infinite HD™ App (HKU\S-1-5-21-1235946050-1756256705-822490824-1001\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
join.me (HKU\S-1-5-21-1235946050-1756256705-822490824-1001\...\JoinMe) (Version: 2.1.2.830 - LogMeIn, Inc.)
Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Jo's Dream Organic Coffee 2 (x32 Version: 3.0.2.59 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
MapsGalaxy Internet Explorer Toolbar  (HKLM-x32\...\MapsGalaxy_39bar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
MetroHotspot Internet Explorer Toolbar (HKLM-x32\...\MetroHotspot_ebbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1235946050-1756256705-822490824-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 3.0.2.59 - WildTangent) Hidden
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 22.5.0.124 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 3.0.2.59 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.8.8 - Intuit)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7316 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
Web Companion (HKLM-x32\...\{189bacee-d57d-4160-83b1-26c86f9f7fff}) (Version: 2.0.1025.2130 - Lavasoft)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1235946050-1756256705-822490824-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Bradley\AppData\Local\Citrix\GoToMeeting\2759\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1235946050-1756256705-822490824-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Bradley\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
29-06-2015 23:48:25 Removed SlimCleaner Plus
07-07-2015 04:33:25 Scheduled Checkpoint
14-07-2015 05:56:12 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1C65D131-042C-4D1A-8A45-ADD3AA122C6F} - System32\Tasks\Uvrinsenlaaif => C:\ProgramData\Uvrinsenlaaif\1.0.4.1\vugeooea.exe
Task: {3D316080-DC85-4795-9695-17221E1F92A1} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe
Task: {48337243-8B76-4A5F-B370-308C923FD2B0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {485DA70B-1F66-4D55-B1D8-F00D9B2A4ED3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-06-26] (Microsoft Corporation)
Task: {51494991-FC81-4BE2-97D0-683501C7901F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-04] (Hewlett-Packard Company)
Task: {530F0473-FC94-4E13-A807-FA1B93994133} - System32\Tasks\watchHealth => C:\ProgramData\CouponAlert\watcher\watcher.exe
Task: {557E84D8-8734-4E39-9ED4-DB227EEC46EA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {558E82AF-3E4A-48A2-8CBC-0AD731675EF3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {634F981A-E0A9-4C24-AE75-80F3E79874F2} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {74C9B19A-EAA7-488B-B78E-C9F967B1B09D} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {84758A73-52A8-4797-B1F0-4374C281785E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {8F05AC75-8155-421C-B6A1-22FA521AA9E8} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe
Task: {A1A93410-716A-4FB2-9C60-0B50959EAB55} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1235946050-1756256705-822490824-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {BEAE0AAD-85BA-4FA1-A66B-815662E90FFC} - System32\Tasks\HPCeeScheduleForBradley => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {C1244F87-3E17-466C-8206-0F6FF2D0BBAF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {C76DC5BF-C0FD-48BF-B14C-F5B6218F917D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {CE16404C-3738-46C8-BA5B-7E2A13354261} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D1A2B8DF-DFA5-4A86-B2BE-45F180A3C756} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.0.124\WSCStub.exe [2015-06-17] (Symantec Corporation)
Task: {D37C0678-2C7A-4687-A985-13C102491C3F} - System32\Tasks\G2MUpdateTask-S-1-5-21-1235946050-1756256705-822490824-1001 => C:\Users\Bradley\AppData\Local\Citrix\GoToMeeting\2759\g2mupdate.exe [2015-07-14] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {D9BA8675-8E30-4D07-8B59-8C9EDD5AA731} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Bradley) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {EA88FBE2-BCBB-4B88-AD1C-8D5BB8627D9E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-04] (Hewlett-Packard Company)
Task: {EAA20DBB-4D86-49F4-A7BA-91C3A60F036E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for FATHERSDAYGIFT-Bradley FathersDayGift => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-06-26] (Microsoft Corporation)
Task: {EE27F52B-ACF4-4623-BDD6-AC05497FDE96} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-11] (Google Inc.)
Task: {F189D80F-0036-4ADE-9720-987009F8C7FC} - System32\Tasks\G2MUploadTask-S-1-5-21-1235946050-1756256705-822490824-1001 => C:\Users\Bradley\AppData\Local\Citrix\GoToMeeting\2759\g2mupload.exe [2015-07-14] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F2566CB4-B894-43B5-B342-453FD4D4D3C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-11] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-1235946050-1756256705-822490824-1001.job => C:\Users\Bradley\AppData\Local\Citrix\GoToMeeting\2759\g2mupdate.exe
Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-1235946050-1756256705-822490824-1001.job => C:\Users\Bradley\AppData\Local\Citrix\GoToMeeting\2759\g2mupload.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForBradley.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Bradley).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-03-28 14:31 - 2014-03-28 14:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 14:27 - 2014-03-28 14:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 14:27 - 2014-03-28 14:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 14:27 - 2014-03-28 14:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 14:48 - 2014-03-28 14:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 14:48 - 2014-03-28 14:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-10 23:42 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-10 19:52 - 2014-04-14 19:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-06-26 03:18 - 2015-06-26 03:18 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-28 14:36 - 2014-03-28 14:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-05-21 19:09 - 2015-05-21 19:09 - 01383192 _____ () C:\Users\Bradley\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2015-06-11 23:02 - 2015-06-11 23:02 - 00072192 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-06-11 23:02 - 2015-06-11 23:02 - 00178176 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-06-11 23:02 - 2015-06-11 23:02 - 00040448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-06-11 23:02 - 2015-06-11 23:02 - 00026624 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2015-06-11 23:02 - 2015-06-11 23:02 - 00009216 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2015-06-11 23:02 - 2015-06-11 23:02 - 00117248 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-06-11 23:02 - 2015-06-11 23:02 - 00032768 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2015-05-21 19:09 - 2015-05-21 19:09 - 11422992 _____ () C:\Users\Bradley\AppData\Local\DIRECTV Player\PCShowServer.dll
2015-05-21 19:10 - 2015-05-21 19:10 - 00339216 _____ () C:\Users\Bradley\AppData\Local\DIRECTV Player\ndsLogStore.dll
2015-05-21 19:09 - 2015-05-21 19:09 - 03300112 _____ () C:\Users\Bradley\AppData\Local\DIRECTV Player\DrmSingleton.dll
2015-05-21 19:09 - 2015-05-21 19:09 - 02099992 _____ () C:\Users\Bradley\AppData\Local\DIRECTV Player\DiscoveryManager.dll
2015-05-21 19:09 - 2015-05-21 19:09 - 08345872 _____ () C:\Users\Bradley\AppData\Local\DIRECTV Player\gsttspplugin.dll
2015-05-21 19:09 - 2015-05-21 19:09 - 00688920 _____ () C:\Users\Bradley\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2015-05-21 19:10 - 2015-05-21 19:10 - 01403144 _____ () C:\Users\Bradley\AppData\Local\DIRECTV Player\libxml2-2.dll
2015-05-21 19:10 - 2015-05-21 19:10 - 00091896 _____ () C:\Users\Bradley\AppData\Local\DIRECTV Player\z.dll
2015-03-10 19:48 - 2014-03-31 03:56 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-06-26 03:18 - 2015-06-26 03:18 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-07-14 12:13 - 2015-07-13 15:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 12:13 - 2015-07-13 15:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
2015-07-14 12:13 - 2015-07-13 15:55 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Bradley\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1235946050-1756256705-822490824-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1235946050-1756256705-822490824-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1235946050-1756256705-822490824-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{DD01EBDC-4493-4814-92B2-07A0503733BD}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{8E81ADB0-1064-412C-B8F6-AF7E485E8E4D}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{257C5CF0-D417-4BC7-B74F-11198033A7E2}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{2BB65CA4-F2C5-4A23-9724-703DFD4B934D}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{F965BED9-1B3C-45E8-BF07-6E1D41AEE3C1}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{B6A5B2EC-2BE9-41CD-963B-BD4C7EA7691C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{CBE9ADC4-4836-4911-94FC-4A3A4FDE585C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{2871A5E4-1999-4A84-AE2F-EF156D84B00B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0919F5DD-68FE-4068-9FEE-9BC22C91CFDD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8FDAA6E7-4534-47EE-98B3-6B703FDF2F66}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8145ED52-D003-47D8-A7EC-CB60B6335967}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{93548883-AF4A-43F0-BE9B-75F59E7373DE}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{8818EC49-AAD4-4DD6-8E21-414FB7F5FD77}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{4ABA20E7-2BE7-4EF6-A54F-50053BFEB5A2}] => (Allow) C:\Users\Bradley\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{94E86CDE-45A0-40AB-A0B4-13F0DE5761E1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{0FFE2936-648C-4B67-BF6D-C491D6A7CC2E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{1F8F9EE7-427A-4B3F-BE60-09DCE76DE578}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{6CB9E3C0-BB84-423B-B8DF-CA36D3C576BF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{306E9D3F-BA16-4138-9D4A-55A118FC9878}C:\users\bradley\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\bradley\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [UDP Query User{94806B51-968E-4A91-9BEC-4ADC23A62847}C:\users\bradley\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\bradley\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [{D8495553-7734-4308-9999-0012675FF35E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9D4E4EEA-FA57-49F7-8EF3-69CCEC0AF210}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6DD8B6CD-AE66-4B0B-8178-AAB086FD2B49}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/15/2015 03:53:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: Flash.ocx, version: 18.0.0.203, time stamp: 0x55971b05
Exception code: 0xc0000005
Fault offset: 0x0034624b
Faulting process id: 0x272c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (07/15/2015 03:52:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x8007000e
Fault offset: 0x00014598
Faulting process id: 0x29bc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (07/15/2015 03:42:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: MSHTML.dll, version: 11.0.9600.17842, time stamp: 0x5565cf99
Exception code: 0xc0000005
Fault offset: 0x0053e8f0
Faulting process id: 0x2354
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (07/15/2015 03:29:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: Flash.ocx, version: 18.0.0.203, time stamp: 0x55971b05
Exception code: 0xc0000005
Fault offset: 0x0034624b
Faulting process id: 0x2830
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (07/15/2015 03:28:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OPBHOBrokerDsktop.exe, version: 8.0.1.11, time stamp: 0x5335c3d5
Faulting module name: combase.dll, version: 6.3.9600.17415, time stamp: 0x545044f9
Exception code: 0xc0000005
Fault offset: 0x000000000003a042
Faulting process id: 0x1870
Faulting application start time: 0xOPBHOBrokerDsktop.exe0
Faulting application path: OPBHOBrokerDsktop.exe1
Faulting module path: OPBHOBrokerDsktop.exe2
Report Id: OPBHOBrokerDsktop.exe3
Faulting package full name: OPBHOBrokerDsktop.exe4
Faulting package-relative application ID: OPBHOBrokerDsktop.exe5
 
Error: (07/15/2015 03:27:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: Flash.ocx, version: 18.0.0.203, time stamp: 0x55971b05
Exception code: 0xc0000005
Fault offset: 0x0034624b
Faulting process id: 0xa94
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (07/15/2015 08:57:02 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
 
Error: (07/14/2015 05:55:40 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
 
Error: (07/13/2015 10:26:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program javaw.exe version 8.0.25.18 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 15ec
 
Start Time: 01d0bd7e47ba27ed
 
Termination Time: 34
 
Application Path: C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
 
Report Id: f60b9e7f-297b-11e5-8268-7429aff1e510
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/13/2015 02:36:56 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
 
 
System errors:
=============
Error: (07/16/2015 10:57:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/16/2015 10:56:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/16/2015 10:55:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/16/2015 10:54:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/16/2015 10:53:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/16/2015 10:52:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/16/2015 10:51:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/16/2015 10:50:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/16/2015 10:49:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/16/2015 10:48:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office:
=========================
Error: (07/15/2015 03:53:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17840555fe1bbFlash.ocx18.0.0.20355971b05c00000050034624b272c01d0bf4892ccfe28C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\Macromed\Flash\Flash.ocxfd3a4cc4-2b3b-11e5-826a-7429aff1e510
 
Error: (07/15/2015 03:52:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17840555fe1bbKERNELBASE.dll6.3.9600.1741554504ade8007000e0001459829bc01d0bf473322137cC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\KERNELBASE.dllbf64a3b6-2b3b-11e5-826a-7429aff1e510
 
Error: (07/15/2015 03:42:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17840555fe1bbMSHTML.dll11.0.9600.178425565cf99c00000050053e8f0235401d0bf46d471a36cC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\MSHTML.dll6db60b34-2b3a-11e5-826a-7429aff1e510
 
Error: (07/15/2015 03:29:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17840555fe1bbFlash.ocx18.0.0.20355971b05c00000050034624b283001d0bf452f64c3e5C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\Macromed\Flash\Flash.ocxa48e1239-2b38-11e5-826a-7429aff1e510
 
Error: (07/15/2015 03:28:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OPBHOBrokerDsktop.exe8.0.1.115335c3d5combase.dll6.3.9600.17415545044f9c0000005000000000003a042187001d0bec3e360391aC:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exeC:\windows\SYSTEM32\combase.dll700f98c6-2b38-11e5-826a-7429aff1e510
 
Error: (07/15/2015 03:27:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17840555fe1bbFlash.ocx18.0.0.20355971b05c00000050034624ba9401d0bf4483b4413cC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx46661fba-2b38-11e5-826a-7429aff1e510
 
Error: (07/15/2015 08:57:02 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
 
Error: (07/14/2015 05:55:40 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
 
Error: (07/13/2015 10:26:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: javaw.exe8.0.25.1815ec01d0bd7e47ba27ed34C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exef60b9e7f-297b-11e5-8268-7429aff1e510
 
Error: (07/13/2015 02:36:56 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 36%
Total physical RAM: 12193.04 MB
Available physical RAM: 7715.6 MB
Total Virtual: 14049.04 MB
Available Virtual: 8928.51 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:1844.82 GB) (Free:1783.79 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:16.71 GB) (Free:2.12 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: A10B3609)
 
Partition: GPT Partition Type.
 
==================== End of log ============================
 

  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:

Hi, I'm currently analyzing your logs and working on a fix. However, I cannot find any information on the file below.
 

C:\ProgramData\Uvrinsenlaaif\1.0.4.1\vugeooea.exe


Do you recognize this file and the program? If so, please let me know. If not, let's let VirusTotal have a go at it and see if it's malicious.


Step 1: Scan file at VirusTotal
  • Please go to VirusTotal.org by clicking here
  • Please click on Choose File
  • When the window opens, navigate to the location listed in the box below and select file that is listed in that location.

    C:\ProgramData\Uvrinsenlaaif\1.0.4.1\vugeooea.exe

  • Once you have selected the file, click the blue Scan It! button.
  • VirusTotal will scan the file and produce a report for you. Please post the report in your next reply.

  • 0

#3
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
User returned.
  • 0

#5
sleepyheads

sleepyheads

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I do not recognize the file or program.  I've tried running VirusTotal but I can't find the file to scan it.


  • 0

#6
sleepyheads

sleepyheads

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I was able to find it and scan it...how do I post the report?


  • 0

#7
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I was able to find it and scan it...how do I post the report?


Hello :)

Copy the address after it finishes scanning in your address bar and post it in a reply to this thread. :thumbsup:
  • 0

#8
sleepyheads

sleepyheads

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

https://www.virustot...sis/1437371994/


  • 0

#9
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Ok, thank you. It's showing as clean, so we'll leave it where it's at. Let's get started cleaning! :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstalls

Please uninstall the following programs from your machine as they are adware/malware related. If one of the programs fails to uninstall, please move on to the next one in the list.
  • FromDocToPDF Internet Explorer Toolbar
  • MapsGalaxy Internet Explorer Toolbar
  • MetroHotspot Internet Explorer Toolbar
Step 2: Fix with FRST

Important: Before performing this step, please move FRST64.exe from C:\Users\Bradley\Downloads to the Desktop or the fix will not work. All tools must be run from the Desktop.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
(Mindspark) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe
C:\Program Files (x86)\FromDocToPDF_65
(Rational Thought Solutions) C:\ProgramData\BRHCkQgSxr\xuhsepi.exe
C:\ProgramData\BRHCkQgSxr
HKLM-x32\...\Run: [MapsGalaxy EPM Support] => "C:\PROGRA~2\MAPSGA~1\bar\1.bin\39medint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [MapsGalaxy AppIntegrator 32-bit] => C:\PROGRA~2\MAPSGA~1\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [MapsGalaxy AppIntegrator 64-bit] => C:\PROGRA~2\MAPSGA~1\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [FromDocToPDF EPM Support] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65medint.exe [11600 2015-06-08] (Mindspark)
C:\PROGRA~2\MAPSGA~1
HKLM-x32\...\Run: [MetroHotspot EPM Support] => "C:\PROGRA~2\METROH~1\bar\1.bin\ebmedint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [MetroHotspot AppIntegrator 32-bit] => C:\PROGRA~2\METROH~1\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [MetroHotspot AppIntegrator 64-bit] => C:\PROGRA~2\METROH~1\bar\1.bin\AppIntegrator64.exe
C:\PROGRA~2\METROH~1
URLSearchHook: HKU\S-1-5-21-1235946050-1756256705-822490824-1001 - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll No File
URLSearchHook: HKU\S-1-5-21-1235946050-1756256705-822490824-1001 - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
URLSearchHook: HKU\S-1-5-21-1235946050-1756256705-822490824-1001 - (No Name) - {cfd3c45d-7b48-42cb-8406-7d2479a6c60f} - C:\Program Files (x86)\MetroHotspot_eb\bar\1.bin\ebSrcAs.dll No File
SearchScopes: HKLM-x32 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKU\S-1-5-21-1235946050-1756256705-822490824-1001 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...r={searchTerms}
BHO-x32: Toolbar BHO -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} -> C:\PROGRA~2\MAPSGA~1\bar\1.bin\39bar.dll No File
BHO-x32: Search Assistant BHO -> {31262cad-1eef-42a3-acb5-e61cb31d530c} -> C:\Program Files (x86)\MetroHotspot_eb\bar\1.bin\ebSrcAs.dll No File
BHO-x32: Toolbar BHO -> {45e5803d-afb8-4d58-b0fb-81730a03fa98} -> C:\PROGRA~2\METROH~1\bar\1.bin\ebbar.dll No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Search Assistant BHO -> {71c1d63a-c944-428a-a5bd-ba513190e5d2} -> C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll No File
BHO-x32: Toolbar BHO -> {a235e1e3-6296-4710-af39-104a7faa6c7c} -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll [2015-06-08] (Mindspark)
BHO-x32: Search Assistant BHO -> {f236ca79-3123-4afb-9f74-e98117ad5625} -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll [2015-06-08] (Mindspark)
Toolbar: HKLM-x32 - MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll No File
Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll [2015-06-08] (Mindspark)
Toolbar: HKLM-x32 - MetroHotspot - {4d6b1f44-cb4a-4f1b-9f2c-68f71589a37d} - C:\Program Files (x86)\MetroHotspot_eb\bar\1.bin\ebbar.dll No File
Toolbar: HKU\S-1-5-21-1235946050-1756256705-822490824-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
R2 FromDocToPDF_65Service; C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe [89424 2015-06-08] (Mindspark)
R2 XuHSePi; C:\ProgramData\BRHCkQgSxr\XuHSePi.exe [2731504 2015-06-27] (Rational Thought Solutions)
S2 MapsGalaxy_39Service; C:\PROGRA~2\MAPSGA~1\bar\1.bin\39barsvc.exe [X]
S2 MetroHotspot_ebService; C:\PROGRA~2\METROH~1\bar\1.bin\ebbarsvc.exe [X]
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Things I need to see in your next post:

Fixlog.txt Log

  • 0

#10
sleepyheads

sleepyheads

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Bradley at 2015-07-21 11:03:00 Run:1
Running from C:\Users\Bradley\Desktop
Loaded Profiles: Bradley (Available Profiles: Bradley)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
(Mindspark) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe
C:\Program Files (x86)\FromDocToPDF_65
(Rational Thought Solutions) C:\ProgramData\BRHCkQgSxr\xuhsepi.exe
C:\ProgramData\BRHCkQgSxr
HKLM-x32\...\Run: [MapsGalaxy EPM Support] => "C:\PROGRA~2\MAPSGA~1\bar\1.bin\39medint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [MapsGalaxy AppIntegrator 32-bit] => C:\PROGRA~2\MAPSGA~1\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [MapsGalaxy AppIntegrator 64-bit] => C:\PROGRA~2\MAPSGA~1\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [FromDocToPDF EPM Support] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65medint.exe [11600 2015-06-08] (Mindspark)
C:\PROGRA~2\MAPSGA~1
HKLM-x32\...\Run: [MetroHotspot EPM Support] => "C:\PROGRA~2\METROH~1\bar\1.bin\ebmedint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [MetroHotspot AppIntegrator 32-bit] => C:\PROGRA~2\METROH~1\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [MetroHotspot AppIntegrator 64-bit] => C:\PROGRA~2\METROH~1\bar\1.bin\AppIntegrator64.exe
C:\PROGRA~2\METROH~1
URLSearchHook: HKU\S-1-5-21-1235946050-1756256705-822490824-1001 - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll No File
URLSearchHook: HKU\S-1-5-21-1235946050-1756256705-822490824-1001 - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
URLSearchHook: HKU\S-1-5-21-1235946050-1756256705-822490824-1001 - (No Name) - {cfd3c45d-7b48-42cb-8406-7d2479a6c60f} - C:\Program Files (x86)\MetroHotspot_eb\bar\1.bin\ebSrcAs.dll No File
SearchScopes: HKLM-x32 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKU\S-1-5-21-1235946050-1756256705-822490824-1001 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...r={searchTerms}
BHO-x32: Toolbar BHO -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} -> C:\PROGRA~2\MAPSGA~1\bar\1.bin\39bar.dll No File
BHO-x32: Search Assistant BHO -> {31262cad-1eef-42a3-acb5-e61cb31d530c} -> C:\Program Files (x86)\MetroHotspot_eb\bar\1.bin\ebSrcAs.dll No File
BHO-x32: Toolbar BHO -> {45e5803d-afb8-4d58-b0fb-81730a03fa98} -> C:\PROGRA~2\METROH~1\bar\1.bin\ebbar.dll No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Search Assistant BHO -> {71c1d63a-c944-428a-a5bd-ba513190e5d2} -> C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll No File
BHO-x32: Toolbar BHO -> {a235e1e3-6296-4710-af39-104a7faa6c7c} -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll [2015-06-08] (Mindspark)
BHO-x32: Search Assistant BHO -> {f236ca79-3123-4afb-9f74-e98117ad5625} -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll [2015-06-08] (Mindspark)
Toolbar: HKLM-x32 - MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll No File
Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll [2015-06-08] (Mindspark)
Toolbar: HKLM-x32 - MetroHotspot - {4d6b1f44-cb4a-4f1b-9f2c-68f71589a37d} - C:\Program Files (x86)\MetroHotspot_eb\bar\1.bin\ebbar.dll No File
Toolbar: HKU\S-1-5-21-1235946050-1756256705-822490824-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
R2 FromDocToPDF_65Service; C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe [89424 2015-06-08] (Mindspark)
R2 XuHSePi; C:\ProgramData\BRHCkQgSxr\XuHSePi.exe [2731504 2015-06-27] (Rational Thought Solutions)
S2 MapsGalaxy_39Service; C:\PROGRA~2\MAPSGA~1\bar\1.bin\39barsvc.exe [X]
S2 MetroHotspot_ebService; C:\PROGRA~2\METROH~1\bar\1.bin\ebbarsvc.exe [X]
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe => No running process found
C:\Program Files (x86)\FromDocToPDF_65 => moved successfully.
C:\ProgramData\BRHCkQgSxr\xuhsepi.exe => Could not close process
C:\ProgramData\BRHCkQgSxr => moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MapsGalaxy EPM Support => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MapsGalaxy AppIntegrator 32-bit => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MapsGalaxy AppIntegrator 64-bit => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FromDocToPDF EPM Support => value not found.
C:\PROGRA~2\MAPSGA~1 => moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MetroHotspot EPM Support => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MetroHotspot AppIntegrator 32-bit => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MetroHotspot AppIntegrator 64-bit => value removed successfully
C:\PROGRA~2\METROH~1 => moved successfully.
HKU\S-1-5-21-1235946050-1756256705-822490824-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} => value removed successfully
"HKCR\Wow6432Node\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295}" => key removed successfully
HKU\S-1-5-21-1235946050-1756256705-822490824-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4c60e5ab-5c68-4c59-abaa-885010b24b32} => value not found.
HKU\S-1-5-21-1235946050-1756256705-822490824-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cfd3c45d-7b48-42cb-8406-7d2479a6c60f} => value removed successfully
"HKCR\Wow6432Node\CLSID\{cfd3c45d-7b48-42cb-8406-7d2479a6c60f}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => key not found. 
"HKU\S-1-5-21-1235946050-1756256705-822490824-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => key removed successfully
HKCR\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e91a655-bb4b-4693-a05e-2edebc4c9d89}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{1e91a655-bb4b-4693-a05e-2edebc4c9d89}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31262cad-1eef-42a3-acb5-e61cb31d530c}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{31262cad-1eef-42a3-acb5-e61cb31d530c}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45e5803d-afb8-4d58-b0fb-81730a03fa98}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{45e5803d-afb8-4d58-b0fb-81730a03fa98}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71c1d63a-c944-428a-a5bd-ba513190e5d2}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{71c1d63a-c944-428a-a5bd-ba513190e5d2}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a235e1e3-6296-4710-af39-104a7faa6c7c} => key not found. 
HKCR\Wow6432Node\CLSID\{a235e1e3-6296-4710-af39-104a7faa6c7c} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f236ca79-3123-4afb-9f74-e98117ad5625} => key not found. 
HKCR\Wow6432Node\CLSID\{f236ca79-3123-4afb-9f74-e98117ad5625} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{364ea597-e728-4ce4-bb4a-ed846ef47970} => value removed successfully
"HKCR\Wow6432Node\CLSID\{364ea597-e728-4ce4-bb4a-ed846ef47970}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} => value not found.
HKCR\Wow6432Node\CLSID\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4d6b1f44-cb4a-4f1b-9f2c-68f71589a37d} => value removed successfully
"HKCR\Wow6432Node\CLSID\{4d6b1f44-cb4a-4f1b-9f2c-68f71589a37d}" => key removed successfully
HKU\S-1-5-21-1235946050-1756256705-822490824-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => value removed successfully
"HKCR\CLSID\{A13C2648-91D4-4BF3-BC6D-0079707C4389}" => key removed successfully
FromDocToPDF_65Service => Service not found.
XuHSePi => Service removed successfully
MapsGalaxy_39Service => Service removed successfully
MetroHotspot_ebService => Service removed successfully
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{B47BFA18-BEC8-4D12-8671-0A0C41E8913D} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 1.3 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 11:04:14 ====

  • 0

Advertisements


#11
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Looks good, let's continue. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Junkware Removal Tool Log

AdwCleaner Log

  • 0

#12
sleepyheads

sleepyheads

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 8.1 x64
Ran by Bradley on Wed 07/22/2015 at 12:30:16.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\windows\system32\tasks\SlimCleaner Plus (Scheduled Scan - Bradley)
Successfully deleted: [Task] C:\windows\system32\tasks\watchHealth
Successfully deleted: [Task] C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Bradley).job
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.FeedManager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.FeedManager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.HTMLMenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.HTMLMenu.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.HTMLPanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.HTMLPanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.MultipleButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.MultipleButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.PseudoTransparentPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.PseudoTransparentPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ScriptButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ScriptButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SettingsPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SettingsPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ThirdPartyInstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ThirdPartyInstaller.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MetroHotspot_eb.FeedManager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MetroHotspot_eb.FeedManager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MetroHotspot_eb.HTMLMenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MetroHotspot_eb.HTMLMenu.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MetroHotspot_eb.HTMLPanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MetroHotspot_eb.HTMLPanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MetroHotspot_eb.MultipleButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MetroHotspot_eb.MultipleButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MetroHotspot_eb.PseudoTransparentPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MetroHotspot_eb.PseudoTransparentPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MetroHotspot_eb.ScriptButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MetroHotspot_eb.ScriptButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MetroHotspot_eb.SettingsPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MetroHotspot_eb.SettingsPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MetroHotspot_eb.ThirdPartyInstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MetroHotspot_eb.ThirdPartyInstaller.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MetroHotspot_eb.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MetroHotspot_eb.ToolbarProtector.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] C:\Program Files (x86)\lavasoft\web companion
Successfully deleted: [Folder] C:\ProgramData\browser
Successfully deleted: [Folder] C:\ProgramData\lavasoft\web companion
Successfully deleted: [Folder] C:\ProgramData\radio
Successfully deleted: [Folder] C:\Users\Bradley\Appdata\Local\mapsgalaxy_39
Successfully deleted: [Folder] C:\Users\Bradley\Appdata\Local\slimware utilities inc
Successfully deleted: [Folder] C:\Users\Bradley\Appdata\Local\speed browser
Successfully deleted: [Folder] C:\Users\Bradley\Appdata\LocalLow\mapsgalaxy_39
Successfully deleted: [Folder] C:\Users\Bradley\AppData\Roaming\lavasoft\web companion
 
 
 
~~~ Chrome
 
 
[C:\Users\Bradley\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Bradley\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Bradley\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Bradley\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/22/2015 at 12:32:22.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v4.208 - Logfile created 22/07/2015 at 12:34:30
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Bradley - FATHERSDAYGIFT
# Running from : C:\Users\Bradley\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\prefs.js
File Found : C:\Program Files (x86)\65res.dll
File Found : C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bmkckgpgekmanipelfidlhmkfcjicion_0.localstorage
File Found : C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bmkckgpgekmanipelfidlhmkfcjicion_0.localstorage-journal
Folder Found : C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
Folder Found : C:\windows\SysWOW64\config\systemprofile\AppData\Local\speed browser
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F236CA79-3123-4AFB-9F74-E98117AD5625}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F236CA79-3123-4AFB-9F74-E98117AD5625}
Key Found : HKLM\SOFTWARE\SpeedBrowser
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v43.0.2357.134
 
[C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://us.lrd.yahoo.com/_ylt=Alfx3NRctm62dW1ZbWu9QdxfVXcA;_ylu=X3oDMTBkZ3F2ODY0BHNlYwNVSCBTZWFyY2g-;_ylg=X3oDMTFpNzk0NjhtBGludGwDdXMEbGFuZwNlbi11cwRwc3RhaWQDBHBzdGNhdANob21lBHB0A3NlY3Rpb25z;_ylv=0/SIG=11ukkoloc/EXP=1353674436/*-hxxp%3A//us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&fr=ush-movies&hspart=att&hsimp=yhs-att_001&type=yahoo_header_movies
[C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=IDSSNAV&chn=retail&geo=US&ver=2014&locale=en_US&gct=sb&qsrc=2869
 
*************************
 
AdwCleaner[R0].txt - [2759 bytes] - [22/07/2015 12:34:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2818 bytes] ##########
# AdwCleaner v4.208 - Logfile created 22/07/2015 at 12:35:35
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Bradley - FATHERSDAYGIFT
# Running from : C:\Users\Bradley\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Local\speed browser
Folder Deleted : C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
File Deleted : C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bmkckgpgekmanipelfidlhmkfcjicion_0.localstorage
File Deleted : C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bmkckgpgekmanipelfidlhmkfcjicion_0.localstorage-journal
File Deleted : C:\prefs.js
File Deleted : C:\Program Files (x86)\65res.dll
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F236CA79-3123-4AFB-9F74-E98117AD5625}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F236CA79-3123-4AFB-9F74-E98117AD5625}
Key Deleted : HKLM\SOFTWARE\SpeedBrowser
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v43.0.2357.134
 
[C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.lrd.yahoo.com/_ylt=Alfx3NRctm62dW1ZbWu9QdxfVXcA;_ylu=X3oDMTBkZ3F2ODY0BHNlYwNVSCBTZWFyY2g-;_ylg=X3oDMTFpNzk0NjhtBGludGwDdXMEbGFuZwNlbi11cwRwc3RhaWQDBHBzdGNhdANob21lBHB0A3NlY3Rpb25z;_ylv=0/SIG=11ukkoloc/EXP=1353674436/*-hxxp%3A//us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&fr=ush-movies&hspart=att&hsimp=yhs-att_001&type=yahoo_header_movies
[C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=IDSSNAV&chn=retail&geo=US&ver=2014&locale=en_US&gct=sb&qsrc=2869
 
*************************
 
AdwCleaner[R0].txt - [2897 bytes] - [22/07/2015 12:34:30]
AdwCleaner[S0].txt - [2854 bytes] - [22/07/2015 12:35:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2913  bytes] ##########
 

  • 0

#13
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
How is the machine performing? Have the alerts stopped?

Let's scan for orphans and remnants. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#14
sleepyheads

sleepyheads

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Machine is running good.  I'll get you those other reports tomorrow.  Thanks.


  • 0

#15
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Machine is running good.  I'll get you those other reports tomorrow.  Thanks.


:thumbsup: You're welcome.
  • 0






Similar Topics


Also tagged with one or more of these keywords: Outbound Traffic Detected, Norton Power Eraser, Security Request

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP