Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow performance [Closed]

Started by lawnguybri , Jul 29 2015 09:37 PM

  • This topic is locked This topic is locked

#1
lawnguybri
Posted 29 July 2015 - 09:37 PM

lawnguybri

    Member

  • Member
  • PipPipPip
  • 102 posts

Good evening. I have a Toshiba Satellite laptop, 6GB ram, running Windows 7 home premium. I have noticed recently that my computer has been 'bogging down', getting real slow, especially when on the internet. I don't always shut down my computer every time (should I?), many times I simply 'hibernate' it. When the computer slows down I find sometimes restarting it will clear it up, for a bit; After a while it'll slow down again. Recently it hasn't taken that long to start slowing down again. i try to keep the cookies / temp files clear as much as possible. Is there anything that could be slowing down my computer?

 

Thanks in adavance for any assistance :)

 

 


  • 0

Advertisements

#2
lawnguybri
Posted 29 July 2015 - 09:39 PM

lawnguybri

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
Ran by Brian Hillard (administrator) on BRIANHILLARD-PC (29-07-2015 23:29:25)
Running from C:\Users\Brian Hillard\Desktop
Loaded Profiles: Brian Hillard (Available Profiles: Brian Hillard)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\ns.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\ns.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Users\Brian Hillard\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
(SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_tray.exe
(Seagate LLC) C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-03-24] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [562304 2011-06-30] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [YMailAdvisor] => C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe [174424 2009-05-08] (Yahoo! Inc.)
HKLM-x32\...\Run: [SecureW2 Tray] => C:\Program Files (x86)\SecureW2\sw2_tray.exe [287112 2011-11-04] (SecureW2 B.V.)
HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [177448 2008-07-17] (Seagate LLC)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22012688 2015-06-20] (Google)
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\Run: [Amazon Music] => C:\Users\Brian Hillard\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-05] ()
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\Run: [OneDrive] => C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\OneDrive.exe [402632 2015-07-27] (Microsoft Corporation)
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4713.0209] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4713.0209"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4724.0224] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4724.0224"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4726.0226] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4726.0226"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5849.0427] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5849.0427"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-10-23]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-07-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-07-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-07-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-07-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-07-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-07-27] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....S&pvid=22.1.0.9
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....S&pvid=22.1.0.9
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....S&pvid=22.1.0.9
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....S&pvid=22.1.0.9
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {270DCF97-4042-44CC-BE0B-DF668B4A80D4} URL = http://www.google.co...ng}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {270DCF97-4042-44CC-BE0B-DF668B4A80D4} URL = http://www.google.co...ng}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000 -> DefaultScope {17946FA3-A27F-49F7-B255-788311E1EA3A} URL = http://search.condui...6631711609&UM=2
SearchScopes: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000 -> {17946FA3-A27F-49F7-B255-788311E1EA3A} URL = http://search.condui...6631711609&UM=2
SearchScopes: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000 -> {270DCF97-4042-44CC-BE0B-DF668B4A80D4} URL = http://www.google.co...1I7TSNP_enUS459
SearchScopes: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000 -> {81F5F0B8-320F-4D33-9B73-3ED145016BD3} URL = http://www.google.co...1I7TSNP_enUS459
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46
Tcpip\..\Interfaces\{B2EE03B5-815D-457B-84C5-1D9A0F9BF600}: [DhcpNameServer] 208.59.247.45 208.59.247.46
Tcpip\..\Interfaces\{ED326837-8CB6-4B2C-B089-B81B261A6F91}: [DhcpNameServer] 208.59.247.45 208.59.247.46

FireFox:
========
FF ProfilePath: C:\Users\Brian Hillard\AppData\Roaming\Mozilla\Firefox\Profiles\9ovvxo4c.default-1426767229255
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll [2012-11-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.1.0.5306261\npmathplugin.dll [2015-04-19] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2013-08-02] (Coupons, Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-07]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn [2015-07-29]
FF HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-07-07] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-03]
CHR Extension: (Google Drive) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-03]
CHR Extension: (YouTube) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-03]
CHR Extension: (Norton Security Toolbar) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-07-13]
CHR Extension: (Google Search) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-03]
CHR Extension: (BitTorrentControl_v12) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf [2014-05-03]
CHR Extension: (Norton Identity Safe) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-06-04]
CHR Extension: (WhiteSmoke New) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2014-05-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-27]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-06-27]
CHR Extension: (Google Wallet) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03]
CHR Extension: (Gmail) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-03]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\BRIANH~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-02]
CHR HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Brian Hillard\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2013-03-26]
CHR HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Brian Hillard\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-05-08]
CHR HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-21]
CHR HKLM-x32\...\Chrome\Extension: [cjkpeelhbaipjkogeledgpkllepmkdmc] - C:\Program Files (x86)\LyricSearch\Chrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Brian Hillard\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2013-03-26]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Brian Hillard\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-05-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2013-09-12] (Symantec Corporation)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\NS.exe [282016 2015-07-16] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150728.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-28] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20150729.001\IDSvia64.sys [692984 2015-06-19] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150729.008\ENG64.SYS [138488 2015-06-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150729.008\EX64.SYS [2146040 2015-06-23] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-29 23:29 - 2015-07-29 23:30 - 00032642 _____ C:\Users\Brian Hillard\Desktop\FRST.txt
2015-07-29 23:28 - 2015-07-29 23:28 - 02169856 _____ (Farbar) C:\Users\Brian Hillard\Desktop\FRST64.exe
2015-07-29 23:01 - 2015-07-29 23:01 - 00000000 ___HD C:\OneDriveTemp
2015-07-22 18:46 - 2015-07-22 18:46 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\{87371751-C19D-4AD3-AC73-8841F136469D}
2015-07-22 00:18 - 2015-07-22 00:18 - 00000000 ____D C:\windows\System32\Tasks\Norton Security
2015-07-09 00:32 - 2015-07-13 01:39 - 00000000 ____D C:\Users\Brian Hillard\Desktop\EnergyPath2015
2015-07-07 22:46 - 2015-07-07 22:52 - 00000000 ____D C:\Users\Brian Hillard\Downloads\Beck - Mellow Gold [mp3@320k]...Ctiger
2015-07-07 22:44 - 2015-07-07 22:44 - 00002728 _____ C:\Users\Brian Hillard\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-07-07 22:13 - 2015-07-09 21:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 21:45 - 2015-07-03 21:45 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\{06E015DE-0930-40B5-B9E0-3F4E03C11D9F}
2015-06-29 23:16 - 2015-06-29 23:16 - 00007605 _____ C:\Users\Brian Hillard\AppData\Local\Resmon.ResmonCfg
2015-06-29 00:57 - 2015-06-29 01:17 - 00000000 ____D C:\Users\Brian Hillard\Downloads\DAVID BOWIE - STUDIO DISCOGRAPHY [CHANNEL NEO]

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-29 23:29 - 2013-11-30 13:22 - 00000000 ____D C:\FRST
2015-07-29 23:21 - 2011-09-07 01:44 - 01482297 _____ C:\windows\WindowsUpdate.log
2015-07-29 23:14 - 2012-11-17 23:18 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-29 23:10 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-29 23:10 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-29 23:01 - 2014-10-12 02:34 - 00000000 ___RD C:\Users\Brian Hillard\OneDrive
2015-07-29 23:01 - 2013-06-02 09:54 - 00000000 ___RD C:\Users\Brian Hillard\Google Drive
2015-07-29 23:00 - 2011-09-07 02:03 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-29 23:00 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-29 23:00 - 2009-07-14 00:51 - 00098263 _____ C:\windows\setupact.log
2015-07-29 22:42 - 2011-09-07 02:03 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-27 21:16 - 2014-10-12 02:34 - 00002203 _____ C:\Users\Brian Hillard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-07-22 00:12 - 2015-01-04 22:11 - 00003216 _____ C:\windows\System32\Tasks\Norton WSC Integration
2015-07-22 00:12 - 2015-01-04 22:08 - 00000000 ____D C:\windows\system32\Drivers\NSx64
2015-07-22 00:12 - 2015-01-04 22:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2015-07-21 21:46 - 2015-01-04 22:10 - 00111344 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2015-07-21 21:46 - 2015-01-04 22:10 - 00008214 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2015-07-20 00:03 - 2011-11-25 17:22 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\CrashDumps
2015-07-19 00:06 - 2009-07-14 01:13 - 00781522 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-15 21:37 - 2011-09-07 02:03 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 21:37 - 2011-09-07 02:03 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 21:14 - 2012-11-17 23:18 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 21:14 - 2012-03-30 20:57 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 21:14 - 2011-08-01 03:32 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 20:54 - 2014-10-23 22:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-15 20:53 - 2014-12-24 11:39 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-14 21:39 - 2013-06-02 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-13 21:58 - 2011-02-06 15:50 - 00000000 ___RD C:\Users\Brian Hillard\Documents\Employment
2015-07-11 12:38 - 2010-11-20 23:47 - 01619576 _____ C:\windows\PFRO.log
2015-07-09 21:33 - 2013-01-13 01:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-09 02:25 - 2013-12-28 17:17 - 00000000 ____D C:\Users\Brian Hillard\AppData\Roaming\BitTorrent
2015-07-01 14:12 - 2013-05-30 00:05 - 00000000 ____D C:\Users\Brian Hillard\Documents\Mom
2015-06-29 21:57 - 2009-07-14 01:32 - 00000000 ____D C:\windows\system32\FxsTmp
2015-06-29 01:01 - 2015-06-25 23:11 - 00000000 ____D C:\Users\Brian Hillard\AppData\Roaming\tetrixultimate-ac9d881291c31e08d74262a5a050987f

==================== Files in the root of some directories =======

2015-06-29 23:16 - 2015-06-29 23:16 - 0007605 _____ () C:\Users\Brian Hillard\AppData\Local\Resmon.ResmonCfg
2013-01-05 01:53 - 2013-01-05 01:53 - 0017408 _____ () C:\Users\Brian Hillard\AppData\Local\WebpageIcons.db

Some files in TEMP:
====================
C:\Users\Brian Hillard\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Brian Hillard\AppData\Local\Temp\Seagate_Manager.exe
C:\Users\Brian Hillard\AppData\Local\Temp\x1hsq4uk.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-19 01:03

==================== End of log ============================


  • 0

#3
lawnguybri
Posted 29 July 2015 - 09:39 PM

lawnguybri

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-07-2015
Ran by Brian Hillard (2015-07-29 23:30:17)
Running from C:\Users\Brian Hillard\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3439052073-2592127164-3607994596-500 - Administrator - Disabled)
Brian Hillard (S-1-5-21-3439052073-2592127164-3607994596-1000 - Administrator - Enabled) => C:\Users\Brian Hillard
Guest (S-1-5-21-3439052073-2592127164-3607994596-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3439052073-2592127164-3607994596-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\Adobe Connect 9 Add-in) (Version: 11,2,385,0 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Amazon Add to Wish List IE Extension 1.2 (HKLM-x32\...\Amazon Add to Wish List IE Extension) (Version: 1.2 - Amazon)
Amazon Music (HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
BitTorrent (HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\BitTorrent) (Version: 7.9.3.40634 - BitTorrent Inc.)
Blackboard Collaborate Launcher (HKLM-x32\...\{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}) (Version: 1.2.0.0 - Blackboard)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bootstrapper (x32 Version: 1.1.1.0 - Minitab, Inc.) Hidden
CarMD (HKLM-x32\...\{251C65C0-15FF-4603-98BB-E4A61C7DA424}) (Version: 3.1.0 - carmd.com)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.2.51 - Conexant)
Coupon Companion Plugin (HKLM-x32\...\Coupon Companion Plugin) (Version: 1.26.152.152 - 215 Apps) <==== ATTENTION
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
FastStone Capture 7.0 (HKLM-x32\...\FastStone Capture) (Version: 7.0 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HHD Software Hex Editor 3.10 (HKLM-x32\...\{96DB0658-F44A-4899-BBD3-29261B18AE93}) (Version: 3.10.0.0000 - HHD Software)
HOMER 2.68 beta (HKLM-x32\...\HOMER_is1) (Version:  - )
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 7 Update 9 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170090}) (Version: 1.7.0.90 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 1.65.1.1000 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.65.1.1000 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\OneDriveSetup.exe) (Version: 17.3.5907.0716 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Minitab 16 (HKLM-x32\...\Minitab16) (Version: 16.2.3 - Minitab, Inc.)
Minitab16 (x32 Version: 16.2.3.0 - Minitab Inc) Hidden
Minitab16 (x32 Version: 16.2.3.0 - Minitab, Inc.) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netwaiting (HKLM-x32\...\{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}) (Version: 1.0.1 - Conexant Systems, Inc)
Norton Security (HKLM-x32\...\NS) (Version: 22.5.2.15 - Symantec Corporation)
OverDrive Media Console (HKLM-x32\...\{D647F06F-2908-487E-9CDA-DE52148CBF49}) (Version: 3.2.10 - OverDrive, Inc.)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Palringo (HKLM-x32\...\Palringo) (Version:  - Palringo Limited)
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.15 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Screen Recorder Launcher (HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\ScreenRecorderLauncher) (Version: 1.7 - )
Screencast-O-Matic (HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Seagate Manager Installer (HKLM-x32\...\InstallShield_{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}) (Version: 2.01.0013 - Seagate)
Seagate Manager Installer (x32 Version: 2.01.0013 - Seagate) Hidden
Secure Download Manager (HKLM-x32\...\{4A5667B2-5D13-46C2-85B5-9D46A6096F61}) (Version: 3.1.0 - Kivuto Solutions Inc.)
SecureW2 Enterprise Client 3.5.5 (HKLM-x32\...\SecureW2 Enterprise Client) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.09.00 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.09.00 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Wolfram CDF Player (M-WIN-D 10.1.0 5306379) (HKLM\...\M-WIN-D 10.1.0 5306379_is1) (Version: 10.1.0 - Wolfram Research, Inc.)
Wolfram Extras 10.1 (5306261) (HKLM\...\A-WIN-Extras 10.1.0 5306261_is1) (Version: 10.1.0 - Wolfram Research, Inc.)
Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version:  - )
Yahoo! Internet Mail (HKLM-x32\...\Yahoo! Mail) (Version:  - )
Yahoo! Mail Advisor (HKLM-x32\...\Yahoo! Mail Advisor) (Version:  - )
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

19-07-2015 01:10:34 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2013-08-15 23:22 - 00000098 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D7DF355-0F0C-4CC4-8A84-99D79384FFD9} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {3A65B433-E0CA-4AA2-8387-8572B9B70F73} - System32\Tasks\SecureW2 Task => C:\Program Files (x86)\SecureW2\sw2_tray.exe [2011-11-04] (SecureW2 B.V.)
Task: {40882D69-3BD4-475C-9D7F-8638B4B9F352} - \AmiUpdXp No Task File <==== ATTENTION
Task: {518F43C2-504B-4B32-89F7-95F0E8B3BA0D} - System32\Tasks\Minitab\Minitab Software Update Manager => C:\Program Files (x86)\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe
Task: {53C31FA4-1BB3-4991-8AB0-C73CA6756962} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {6324D6A2-D0A5-4694-ACF1-4945F237FCDF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {75A695D1-3D68-4EC8-A12D-1A0D71E957E9} - System32\Tasks\Lyrics Search Update => C:\Program Files (x86)\LyricSearch\LyricSearchUp.exe
Task: {9C733EC0-071B-495E-B887-E6D69426A323} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {B22CE07B-DAAD-4C18-AFF6-6353D9666C47} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {BB428D37-5988-4628-868D-C4FF51B9D4CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {C4193BEB-63E3-4F3F-8BA5-5608774EC13A} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {DC47A215-3D1D-4BC0-98A6-B5E2AA7C5A1E} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3439052073-2592127164-3607994596-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {DDD0424F-892A-46A5-8888-C2C6D85F5180} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {F096F395-9DC0-4560-AAEF-AC14D4201935} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {F948625C-1301-4064-A40B-0723C37F3D13} - System32\Tasks\{FC045A89-1E57-44B5-BFFA-87B3277509B5} => pcalua.exe -a "C:\Program Files (x86)\uTorrent\uTorrent.exe" -c /UNINSTALL
Task: {FEE7AB65-19D3-47C0-8EF1-D70BF4F7A7BD} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3439052073-2592127164-3607994596-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-04 22:18 - 2011-04-04 22:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 20:18 - 2010-11-18 20:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-12-15 18:19 - 2010-12-15 18:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2014-10-13 21:09 - 2014-09-05 20:54 - 06281536 _____ () C:\Users\Brian Hillard\AppData\Local\Amazon Music\Amazon Music Helper.exe
2011-06-10 00:09 - 2011-06-10 00:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-07-29 23:00 - 2015-07-29 23:00 - 00098816 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\win32api.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00110080 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\pywintypes27.dll
2015-07-29 23:00 - 2015-07-29 23:00 - 00364544 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\pythoncom27.dll
2015-07-29 23:00 - 2015-07-29 23:00 - 00045568 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\_socket.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 01161216 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\_ssl.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00320512 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\win32com.shell.shell.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00713216 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\_hashlib.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 01175040 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\wx._core_.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00805888 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\wx._gdi_.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00811008 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\wx._windows_.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 01062400 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\wx._controls_.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00735232 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\wx._misc_.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00682496 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\pysqlite2._sqlite.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00087552 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\_ctypes.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00119808 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\win32file.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00108544 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\win32security.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00007168 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\hashobjs_ext.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00068096 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\usb_ext.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00167936 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\win32gui.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00018432 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\win32event.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00128512 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\_elementtree.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00127488 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\pyexpat.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00013824 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\common.time34.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00036864 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\_psutil_windows.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00038912 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\win32inet.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00011264 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\win32crypt.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00070656 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\wx._html2.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00027136 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\_multiprocessing.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00020480 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\_yappi.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00035840 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\win32process.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00686080 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\unicodedata.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00122368 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\wx._wizard.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00024064 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\win32pipe.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00010240 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\select.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00025600 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\win32pdh.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00525640 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\windows._lib_cacheinvalidation.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00017408 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\win32profile.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00022528 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\win32ts.pyd
2015-07-29 23:00 - 2015-07-29 23:00 - 00078336 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI39162\wx._animate.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\ecollege.com -> ph.ecollege.com
IE trusted site: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\mathxl.com -> mathxl.com
IE trusted site: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\myitlab.com -> myitlab.com
IE trusted site: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\pearsoncmg.com -> pearsoncmg.com
IE trusted site: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\pearsoned.com -> pearsoned.com
IE trusted site: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\psu.edu -> *.cms.psu.edu
IE trusted site: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\tumblr.com -> hxxp://www.tumblr.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Brian Hillard\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.59.247.45 - 208.59.247.46
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4779291C-6B6B-4622-9330-643EA13DBB56}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{11FF5FA7-B6AB-498E-8D03-7157D30F54EB}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{94F75C43-1265-4F5E-A9AB-7C28DBC24B31}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{BA155A20-E7DE-4564-9BF9-B7BA436D00A9}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{20644481-4B23-4656-9126-CACA6A0AD027}] => (Allow) C:\Users\Brian Hillard\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2897AE79-F49C-4EE8-8BDE-1318AE80F0C4}] => (Allow) C:\Users\Brian Hillard\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{511DE74C-8584-43A1-8DF9-571CFC85430E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{20112683-8010-4CE8-898A-C89855A83535}] => (Allow) C:\Users\Brian Hillard\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{43D9B6C8-9D6C-46EF-879E-DCA6928E8C12}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ECAA2863-462C-4B56-8245-ADB3ED62C9CA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{344613D3-68AF-47F2-BC5B-1B771F31595E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9AC74860-E1CB-4F22-BF23-D062D36514CF}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\10.1\WolframCDFPlayer.exe
FirewallRules: [{B3C14BB5-AE63-4590-9FC5-956C0D3B75B1}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\10.1\WolframCDFPlayer.exe
FirewallRules: [{8AC90668-C3BC-45BC-8942-C985EDBB6BB4}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\10.1\MathKernel.exe
FirewallRules: [{624AFC5E-57D2-4582-BC46-56ADDD52D28C}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\10.1\MathKernel.exe
FirewallRules: [{49286B75-9146-47D9-91A2-E78D3F365D83}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\10.1\math.exe
FirewallRules: [{1C079F19-3950-4521-A04C-707EEB9B5CB2}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\10.1\math.exe
FirewallRules: [{1B23484B-5D8A-467D-94EC-ADC205AC9EF5}] => (Allow) C:\Users\Brian Hillard\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{EAD962A8-B201-4C2F-803E-EFDF2081BA0F}] => (Allow) C:\Users\Brian Hillard\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{BF3F6651-7540-4C0D-A91D-AAB5E9FFD526}] => (Allow) C:\Users\Brian Hillard\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{53A376E5-1B2D-47B0-A9C8-078124C5397E}] => (Allow) C:\Users\Brian Hillard\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4200C43F-3805-43F8-A788-78F35E09911D}] => (Allow) C:\Users\Brian Hillard\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7E07F685-3DE5-43EF-8CD3-23E1107A57D9}] => (Allow) C:\Users\Brian Hillard\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{52E371E1-BC8E-4B91-B306-F6AD56764004}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2015 11:01:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2015 11:00:55 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (07/29/2015 10:57:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x1e44
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (07/29/2015 10:21:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x5b8
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (07/29/2015 10:16:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0xde8
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (07/29/2015 10:14:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x1890
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (07/29/2015 10:03:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 74550569

Error: (07/29/2015 10:03:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 74550569

Error: (07/29/2015 10:03:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/29/2015 01:21:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013


System errors:
=============
Error: (07/29/2015 11:00:47 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (07/29/2015 11:00:47 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (07/29/2015 11:00:47 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (07/29/2015 10:57:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/29/2015 10:21:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 3 time(s).

Error: (07/29/2015 10:16:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (07/29/2015 10:14:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (07/29/2015 10:14:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/29/2015 01:16:39 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (07/29/2015 01:16:38 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.


Microsoft Office:
=========================
Error: (07/29/2015 11:01:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2015 11:00:55 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (07/29/2015 10:57:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c071e4401d0ca737672848dC:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dllb44062b1-3666-11e5-b2f9-e89a8fce6bf8

Error: (07/29/2015 10:21:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c075b801d0ca6e6636c94eC:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dlla56c0567-3661-11e5-b2f9-e89a8fce6bf8

Error: (07/29/2015 10:16:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c07de801d0ca6db1cc8538C:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dllf0b303e9-3660-11e5-b2f9-e89a8fce6bf8

Error: (07/29/2015 10:14:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c07189001d0ca6d683c9259C:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dlla78cd0e7-3660-11e5-b2f9-e89a8fce6bf8

Error: (07/29/2015 10:03:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 74550569

Error: (07/29/2015 10:03:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 74550569

Error: (07/29/2015 10:03:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/29/2015 01:21:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013


CodeIntegrity:
===================================
  Date: 2013-12-30 09:52:13.459
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-30 09:52:13.456
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-30 09:52:13.452
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-30 09:52:13.431
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-30 09:52:13.428
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-30 09:52:13.423
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-29 14:53:42.516
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-29 14:53:42.513
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-29 14:53:42.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-29 14:53:42.488
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 37%
Total physical RAM: 6091.86 MB
Available physical RAM: 3791.07 MB
Total Virtual: 12181.91 MB
Available Virtual: 9864.88 MB

==================== Drives ================================

Drive c: (TI106234W0C) (Fixed) (Total:682.64 GB) (Free:306.05 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 9DEB38F3)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=682.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.5 GB) - (Type=17)

==================== End of log ============================


  • 0

#4
Pyxis
Posted 04 August 2015 - 08:46 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :) I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
  • Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.
I hope you keep in mind these reminders. Let's get to work! :thumbsup:
  • Step 1

    Download 'AdwCleaner by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Read the Terms of Use and click I Agree.
    • Click Scan and choose Clean after.
    • Wait for it to finish. It won't take long.
    • Click OK for the next prompts. Your system will automatically reboot.
    • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner\AdwCleaner[S*].txt.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Download 'Junkware Removal Tool by thisisu' and save it to your desktop.
    • Ensure all programs and windows are closed before proceeding.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    If you haven't already, download 'Farbar Recovery Scan Tool by Farbar' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • The program will initialize. Press Yes to accept the disclaimer.
    • Put a check on Addition.
    • Press the Scan button after.
    • It will produce FRST.txt and Addition.txt on your desktop once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Addition.txt (Farbar Recovery Scan Tool)
    • FRST.txt (Farbar Recovery Scan Tool)
    • AdwCleaner[S*].txt (AdwCleaner)
    • JRT.txt (Junkware Removal Tool)

  • 0

#5
Pyxis
Posted 07 August 2015 - 10:30 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a new topic.
  • 0

#6
lawnguybri
Posted 08 August 2015 - 11:48 AM

lawnguybri

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

Adw log:

 

# AdwCleaner v4.208 - Logfile created 08/08/2015 at 01:57:39
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Brian Hillard - BRIANHILLARD-PC
# Running from : C:\Users\Brian Hillard\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : YahooAUService

***** [ Files / Folders ] *****

File Deleted : C:\Users\Brian Hillard\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml

***** [ Scheduled tasks ] *****

Task Deleted : AmiUpdXp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4E7C-A8BB-41EFD720FD77}
Key Deleted : HKCU\Software\PRODUCTSETUP
Key Deleted : HKCU\Software\AppDataLow\Software\Coupon Companion Plugin
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Companion Plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16450


-\\ Mozilla Firefox v39.0.3 (x86 en-US)


-\\ Google Chrome v44.0.2403.130

[C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=NS&chn=retail&geo=US&ver=22&locale=en_US&gct=sb&qsrc=2869

*************************

AdwCleaner[R0].txt - [2955 bytes] - [24/11/2013 12:15:50]
AdwCleaner[R1].txt - [3460 bytes] - [05/01/2014 22:19:23]
AdwCleaner[R2].txt - [2844 bytes] - [08/08/2015 01:55:56]
AdwCleaner[S0].txt - [3076 bytes] - [24/11/2013 12:17:10]
AdwCleaner[S1].txt - [3384 bytes] - [05/01/2014 22:22:49]
AdwCleaner[S2].txt - [2590 bytes] - [08/08/2015 01:57:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2649  bytes] ##########
 


  • 0

#7
lawnguybri
Posted 08 August 2015 - 11:49 AM

lawnguybri

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.5 (08.05.2015:1)
OS: Windows 7 Home Premium x64
Ran by Brian Hillard on Sat 08/08/2015 at  1:42:54.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [Service] yahooauservice [Reboot required]



~~~ Tasks

Successfully deleted: [Task] C:\windows\system32\tasks\Lyrics Search Update



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{17946FA3-A27F-49F7-B255-788311E1EA3A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}



~~~ Files

Successfully deleted: [File] C:\Users\Brian Hillard\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.ask.com_0.localstorage
Successfully deleted: [File] C:\Users\Brian Hillard\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.ask.com_0.localstorage-journal



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{06E015DE-0930-40B5-B9E0-3F4E03C11D9F}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{09715C7C-D6A5-4CAF-B281-DFFB9B12D1F8}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{0CD405FF-1C6D-4956-8555-47890352F4F6}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{17B017A6-1CD1-4EEC-A4B8-F11F28364DE9}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{18A3B11A-C577-4344-A833-BAA847E32EAD}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{1911F5B9-ACE8-4DCD-980A-E1AD3BAE4137}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{19B91468-5041-4BC9-B7D1-E9F2CC37421F}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{1A19A6A8-0CCE-4065-AAF2-426674875160}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{2B11929C-9D5C-4FF4-B6E5-76B350558566}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{2C70FB9B-C33D-43CA-A841-1854E009F457}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{2F7BF3C5-BF38-4BA8-9FDA-7ED69DDA625B}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{402CAEE6-A6E0-4BEB-8F69-BB07A78E27B4}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{448209D8-FCBD-4116-BCD7-F231C36FE194}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{4749C12E-E2F6-45BF-87A5-98265E3DB49A}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{4B38D3EB-AE6F-421F-9D1C-525217FDD98C}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{4CA7757D-E229-4EEC-91A1-89B5D49CE48A}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{4E6FD9CF-B33A-4B98-A0B1-7CC7FBBDE2ED}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{51CEB180-FEE3-42D4-ADA8-F708496CD75E}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{5304CF84-8062-40EF-9353-51961EE98BBA}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{5488A6CF-31BA-4BDE-93F8-7256C7449E6A}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{5A5877E3-F8A2-4FFE-86EC-9800F0D577CB}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{5F3CC5FD-6DB1-462A-B729-250B19DEFE6A}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{64233B67-87A2-4F43-96AF-29BD2F83D5EA}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{66EC44AA-15A1-4525-ABE7-E44DD2E3D727}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{68E0AD54-31C6-4D1C-B5E4-D7B58DBFB3E5}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{729C3A8C-1084-4E36-A9F7-8A27D4D2DE9C}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{74357711-278E-4EF5-AAFF-667BFD0C6182}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{75EEB3F9-6B4D-45DB-AFA4-88524CB9971A}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{763559D5-7A74-40C2-B9A3-F559DFFAE951}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{77A86B99-A0C6-4B00-A8F9-E9872AF5A1FD}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{77E21226-8A3D-462B-BCA5-D894316F81B7}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{7D40F1A6-7EE8-46BE-BBAE-4026F5CE22B2}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{7E438248-E9A8-4C61-8ED9-91155D3801FE}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{7E691B9B-CAE8-4230-8031-21F9CA2E2D31}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{8030AD91-099E-4953-A53A-CB1F3BA3C48C}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{80AAA16B-DABD-4B91-A838-87DC91079345}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{8186A807-15B5-43A7-B2AE-21B2C07506E8}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{81DB0563-C510-476E-A477-978A57165512}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{85FD3CA6-FC4B-48AE-A047-6986FF6E1BFB}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{87371751-C19D-4AD3-AC73-8841F136469D}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{88CF23EF-DCE5-432F-A9FE-D8355F9D25E5}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{8B868654-7AD6-4167-8A69-A00805ABAD3E}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{8BB6312B-700F-405C-A994-42DE13CD187A}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{8FC92F1E-BFCE-4D86-86D5-D2D6E9D7CE9E}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{93E2BB19-2C9F-415D-B25C-9505AA0E6987}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{97B037EB-F2BA-4ACF-ACDE-E652C909C81C}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{A493EF1B-C5D9-4931-8E0B-49323CD0F851}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{A6A0BD51-C37F-44BE-A2A7-19A8FF732F17}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{A6A2B32B-5982-406B-BAFF-249F11272938}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{ACC4BBCD-D9DF-4092-9FF9-1FAE4E87AE10}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{ACEAC1B6-B508-462E-872F-F27428E51E83}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{B11F4C36-9DD8-4607-830F-30BD69DC3BC7}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{B1460C23-8020-427B-B6AC-62B556AE694C}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{B7B9E188-1A57-49C2-9B83-1805E053D1F8}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{B7C40547-571E-42BE-8ADC-A8FE97FE35E0}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{B9772EA7-8FD9-4B48-BC56-59CB38127B5A}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{BA944E25-5123-4F0B-8703-181F067A6669}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{C08A059D-B40E-4228-B614-8889B423DE11}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{C603A958-BF74-4F7C-82A7-553DB7FBB5B0}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{CEB1C3E7-52AF-4A13-8AE0-FF18907EA00B}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{D0F2144A-DC37-4C21-8765-760D7BF0A605}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{D26830B3-24C1-4972-879C-86643AB1B8CE}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{DBF07F42-2410-4CB9-A5AB-0FB8BA368B1E}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{E4715DD6-E3E1-4331-B1E9-C49F9C0EE24D}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{E7D220A5-9BC9-497A-8266-429F2939E647}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{E8EFADDB-FC89-4ADD-BBD8-7CF03E75ED33}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{E9680A2A-90F7-472C-B129-FBDD21BD55CA}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{EE187015-8090-4FFC-8DFA-35D25369A80F}
Successfully deleted: [Empty Folder] C:\Users\Brian Hillard\Appdata\Local\{F13C37B2-083D-4A8F-A9A0-1AA09756AC72}
Successfully deleted: [Folder] C:\Program Files (x86)\coupons
Successfully deleted: [Folder] C:\Program Files (x86)\kakao
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\coupons
Successfully deleted: [Folder] C:\Users\Brian Hillard\Appdata\Local\cre
Successfully deleted: [Folder] C:\Users\Brian Hillard\Appdata\Local\kakao
Successfully deleted: [Folder] C:\Users\Brian Hillard\Appdata\LocalLow\datamngr



~~~ FireFox

Emptied folder: C:\Users\Brian Hillard\AppData\Roaming\mozilla\firefox\profiles\9ovvxo4c.default-1426767229255\minidumps [9 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Brian Hillard\Appdata\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Successfully deleted: [Folder] C:\Users\Brian Hillard\Appdata\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi

[C:\Users\Brian Hillard\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Brian Hillard\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Brian Hillard\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Brian Hillard\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  dknkjnkhedbanphkkpbpcgoblmkbfhlf,
  klibnahbojhkanfgaglnlalfkgpcppfi
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/08/2015 at  1:49:07.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#8
lawnguybri
Posted 08 August 2015 - 11:55 AM

lawnguybri

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-08-2015
Ran by Brian Hillard (administrator) on BRIANHILLARD-PC (08-08-2015 13:50:21)
Running from C:\Users\Brian Hillard\Desktop
Loaded Profiles: Brian Hillard (Available Profiles: Brian Hillard)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\ns.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\ns.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Users\Brian Hillard\AppData\Local\Amazon Music\Amazon Music Helper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Seagate LLC) C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-03-24] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [562304 2011-06-30] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [YMailAdvisor] => C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe [174424 2009-05-08] (Yahoo! Inc.)
HKLM-x32\...\Run: [SecureW2 Tray] => C:\Program Files (x86)\SecureW2\sw2_tray.exe [287112 2011-11-04] (SecureW2 B.V.)
HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [177448 2008-07-17] (Seagate LLC)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22012688 2015-06-20] (Google)
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\Run: [Amazon Music] => C:\Users\Brian Hillard\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-05] ()
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4713.0209] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4713.0209"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4724.0224] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4724.0224"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4726.0226] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4726.0226"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5849.0427] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5849.0427"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-10-23]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....S&pvid=22.1.0.9
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....S&pvid=22.1.0.9
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....S&pvid=22.1.0.9
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....S&pvid=22.1.0.9
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {270DCF97-4042-44CC-BE0B-DF668B4A80D4} URL = http://www.google.co...ng}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> {270DCF97-4042-44CC-BE0B-DF668B4A80D4} URL = http://www.google.co...ng}&rlz=1I7TSNP
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000 -> {270DCF97-4042-44CC-BE0B-DF668B4A80D4} URL = http://www.google.co...1I7TSNP_enUS459
SearchScopes: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000 -> {81F5F0B8-320F-4D33-9B73-3ED145016BD3} URL = http://www.google.co...1I7TSNP_enUS459
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46
Tcpip\..\Interfaces\{B2EE03B5-815D-457B-84C5-1D9A0F9BF600}: [DhcpNameServer] 208.59.247.45 208.59.247.46
Tcpip\..\Interfaces\{ED326837-8CB6-4B2C-B089-B81B261A6F91}: [DhcpNameServer] 208.59.247.45 208.59.247.46

FireFox:
========
FF ProfilePath: C:\Users\Brian Hillard\AppData\Roaming\Mozilla\Firefox\Profiles\9ovvxo4c.default-1426767229255
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll [2012-11-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.1.0.5306261\npmathplugin.dll [2015-04-19] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2013-08-02] (Coupons, Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-08-06]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn [2015-08-08]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-08-06] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-03]
CHR Extension: (Google Drive) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-03]
CHR Extension: (YouTube) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-03]
CHR Extension: (Norton Security Toolbar) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-07-13]
CHR Extension: (Google Search) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-03]
CHR Extension: (Norton Identity Safe) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-06-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-27]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-06-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03]
CHR Extension: (Gmail) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-03]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\BRIANH~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-02]
CHR HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-21]
CHR HKLM-x32\...\Chrome\Extension: [cjkpeelhbaipjkogeledgpkllepmkdmc] - C:\Program Files (x86)\LyricSearch\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2013-09-12] (Symantec Corporation)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\NS.exe [282016 2015-07-16] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150728.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-28] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20150807.001\IDSvia64.sys [692984 2015-06-19] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150807.017\ENG64.SYS [138488 2015-06-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150807.017\EX64.SYS [2146040 2015-06-23] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-08 02:04 - 2015-08-08 02:04 - 00000000 ____D C:\Users\Brian Hillard\Desktop\FRST-OlderVersion
2015-08-08 01:59 - 2015-08-08 02:00 - 00002733 _____ C:\Users\Brian Hillard\Desktop\AdwCleaner[S2].txt
2015-08-08 01:54 - 2015-08-08 01:54 - 00000000 ____D C:\Users\Brian Hillard\Desktop\Calc SS
2015-08-08 01:49 - 2015-08-08 01:49 - 00011399 _____ C:\Users\Brian Hillard\Desktop\JRT.txt
2015-08-07 22:07 - 2015-08-07 22:07 - 01797896 _____ (Malwarebytes Corporation) C:\Users\Brian Hillard\Desktop\JRT.exe
2015-08-07 22:06 - 2015-08-07 22:06 - 02248704 _____ C:\Users\Brian Hillard\Desktop\AdwCleaner.exe
2015-08-06 22:59 - 2015-08-06 23:12 - 00000000 ____D C:\Users\Brian Hillard\Desktop\iphone pics 8-6
2015-08-06 22:41 - 2015-08-08 01:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-06 00:16 - 2015-08-06 00:39 - 00000000 ____D C:\ProgramData\WindSolutions
2015-08-06 00:16 - 2015-08-06 00:38 - 00000000 ____D C:\Users\Brian Hillard\AppData\Roaming\WindSolutions
2015-08-06 00:16 - 2015-08-06 00:16 - 00001411 _____ C:\Users\Brian Hillard\Desktop\CopyTrans Control Center.lnk
2015-08-06 00:16 - 2015-08-06 00:16 - 00000000 ____D C:\Users\Brian Hillard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2015-08-06 00:07 - 2015-08-06 00:07 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\Macroplant_LLC
2015-08-06 00:07 - 2015-08-06 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
2015-08-06 00:07 - 2015-08-06 00:07 - 00000000 ____D C:\Program Files (x86)\iExplorer
2015-08-02 14:13 - 2015-08-02 14:13 - 00000000 ____D C:\Users\Brian Hillard\Desktop\New folder
2015-07-31 22:48 - 2015-07-31 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-07-31 22:48 - 2015-07-31 22:48 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-07-30 23:25 - 2015-07-30 23:25 - 00034304 _____ C:\Users\Brian Hillard\Downloads\je-d-17.03.02.04.cz.580.k.xls
2015-07-30 22:08 - 2015-07-30 22:08 - 00293888 _____ C:\Users\Brian Hillard\Downloads\su-f-01.01.01.22_y-2011.xls
2015-07-30 22:08 - 2015-07-30 22:08 - 00293888 _____ C:\Users\Brian Hillard\Downloads\su-f-01.01.01.22_y-2011 (1).xls
2015-07-29 23:30 - 2015-07-29 23:30 - 00045632 _____ C:\Users\Brian Hillard\Desktop\Addition.txt
2015-07-29 23:29 - 2015-08-08 13:52 - 00030036 _____ C:\Users\Brian Hillard\Desktop\FRST.txt
2015-07-29 23:28 - 2015-08-08 02:04 - 02170368 _____ (Farbar) C:\Users\Brian Hillard\Desktop\FRST64.exe
2015-07-22 00:18 - 2015-07-22 00:18 - 00000000 ____D C:\windows\System32\Tasks\Norton Security
2015-07-09 00:32 - 2015-07-13 01:39 - 00000000 ____D C:\Users\Brian Hillard\Desktop\EnergyPath2015

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-08 13:51 - 2011-09-07 01:44 - 01668277 _____ C:\windows\WindowsUpdate.log
2015-08-08 13:50 - 2013-11-30 13:22 - 00000000 ____D C:\FRST
2015-08-08 13:47 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-08 13:47 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-08 13:42 - 2011-09-07 02:03 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-08 13:40 - 2013-06-02 09:54 - 00000000 ___RD C:\Users\Brian Hillard\Google Drive
2015-08-08 13:39 - 2011-09-07 02:03 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-08 13:38 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-08 13:38 - 2009-07-14 00:51 - 00099047 _____ C:\windows\setupact.log
2015-08-08 02:04 - 2014-10-12 02:34 - 00000000 ___RD C:\Users\Brian Hillard\OneDrive
2015-08-08 01:59 - 2013-01-13 01:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-08 01:59 - 2010-11-20 23:47 - 01619936 _____ C:\windows\PFRO.log
2015-08-08 01:57 - 2013-11-24 12:15 - 00000000 ____D C:\AdwCleaner
2015-08-08 01:45 - 2011-11-25 11:27 - 00000000 ____D C:\Users\Brian Hillard
2015-08-08 01:14 - 2012-11-17 23:18 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-08-02 14:07 - 2012-05-19 22:23 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\Windows Live
2015-07-31 22:48 - 2014-10-23 22:32 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-07-22 00:12 - 2015-01-04 22:11 - 00003216 _____ C:\windows\System32\Tasks\Norton WSC Integration
2015-07-22 00:12 - 2015-01-04 22:08 - 00000000 ____D C:\windows\system32\Drivers\NSx64
2015-07-22 00:12 - 2015-01-04 22:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2015-07-21 21:46 - 2015-01-04 22:10 - 00111344 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2015-07-21 21:46 - 2015-01-04 22:10 - 00008214 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2015-07-20 00:03 - 2011-11-25 17:22 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\CrashDumps
2015-07-19 00:06 - 2009-07-14 01:13 - 00781522 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-15 21:37 - 2011-09-07 02:03 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 21:37 - 2011-09-07 02:03 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 21:14 - 2012-11-17 23:18 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 21:14 - 2012-03-30 20:57 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 21:14 - 2011-08-01 03:32 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 20:54 - 2014-10-23 22:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-15 20:53 - 2014-12-24 11:39 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-14 21:39 - 2013-06-02 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-13 21:58 - 2011-02-06 15:50 - 00000000 ___RD C:\Users\Brian Hillard\Documents\Employment
2015-07-09 02:25 - 2013-12-28 17:17 - 00000000 ____D C:\Users\Brian Hillard\AppData\Roaming\BitTorrent

==================== Files in the root of some directories =======

2015-06-29 23:16 - 2015-06-29 23:16 - 0007605 _____ () C:\Users\Brian Hillard\AppData\Local\Resmon.ResmonCfg
2013-01-05 01:53 - 2013-01-05 01:53 - 0017408 _____ () C:\Users\Brian Hillard\AppData\Local\WebpageIcons.db

Some files in TEMP:
====================
C:\Users\Brian Hillard\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Brian Hillard\AppData\Local\Temp\Quarantine.exe
C:\Users\Brian Hillard\AppData\Local\Temp\Seagate_Manager.exe
C:\Users\Brian Hillard\AppData\Local\Temp\sqlite3.dll
C:\Users\Brian Hillard\AppData\Local\Temp\x1hsq4uk.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-02 23:14

==================== End of log ============================

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-08-2015
Ran by Brian Hillard (2015-08-08 13:52:45)
Running from C:\Users\Brian Hillard\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3439052073-2592127164-3607994596-500 - Administrator - Disabled)
Brian Hillard (S-1-5-21-3439052073-2592127164-3607994596-1000 - Administrator - Enabled) => C:\Users\Brian Hillard
Guest (S-1-5-21-3439052073-2592127164-3607994596-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3439052073-2592127164-3607994596-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\Adobe Connect 9 Add-in) (Version: 11,2,385,0 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Amazon Add to Wish List IE Extension 1.2 (HKLM-x32\...\Amazon Add to Wish List IE Extension) (Version: 1.2 - Amazon)
Amazon Music (HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
BitTorrent (HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\BitTorrent) (Version: 7.9.3.40634 - BitTorrent Inc.)
Blackboard Collaborate Launcher (HKLM-x32\...\{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}) (Version: 1.2.0.0 - Blackboard)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bootstrapper (x32 Version: 1.1.1.0 - Minitab, Inc.) Hidden
CarMD (HKLM-x32\...\{251C65C0-15FF-4603-98BB-E4A61C7DA424}) (Version: 3.1.0 - carmd.com)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.2.51 - Conexant)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\CopyTrans Suite) (Version: 4.002 - WindSolutions)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
FastStone Capture 7.0 (HKLM-x32\...\FastStone Capture) (Version: 7.0 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HHD Software Hex Editor 3.10 (HKLM-x32\...\{96DB0658-F44A-4899-BBD3-29261B18AE93}) (Version: 3.10.0.0000 - HHD Software)
HOMER 2.68 beta (HKLM-x32\...\HOMER_is1) (Version:  - )
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iExplorer 3.7.8.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 7 Update 9 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170090}) (Version: 1.7.0.90 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 1.65.1.1000 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.65.1.1000 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Minitab 16 (HKLM-x32\...\Minitab16) (Version: 16.2.3 - Minitab, Inc.)
Minitab16 (x32 Version: 16.2.3.0 - Minitab Inc) Hidden
Minitab16 (x32 Version: 16.2.3.0 - Minitab, Inc.) Hidden
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netwaiting (HKLM-x32\...\{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}) (Version: 1.0.1 - Conexant Systems, Inc)
Norton Security (HKLM-x32\...\NS) (Version: 22.5.2.15 - Symantec Corporation)
OverDrive Media Console (HKLM-x32\...\{D647F06F-2908-487E-9CDA-DE52148CBF49}) (Version: 3.2.10 - OverDrive, Inc.)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Palringo (HKLM-x32\...\Palringo) (Version:  - Palringo Limited)
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.15 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Screen Recorder Launcher (HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\ScreenRecorderLauncher) (Version: 1.7 - )
Screencast-O-Matic (HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Seagate Manager Installer (HKLM-x32\...\InstallShield_{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}) (Version: 2.01.0013 - Seagate)
Seagate Manager Installer (x32 Version: 2.01.0013 - Seagate) Hidden
Secure Download Manager (HKLM-x32\...\{4A5667B2-5D13-46C2-85B5-9D46A6096F61}) (Version: 3.1.0 - Kivuto Solutions Inc.)
SecureW2 Enterprise Client 3.5.5 (HKLM-x32\...\SecureW2 Enterprise Client) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.09.00 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.09.00 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Wolfram CDF Player (M-WIN-D 10.1.0 5306379) (HKLM\...\M-WIN-D 10.1.0 5306379_is1) (Version: 10.1.0 - Wolfram Research, Inc.)
Wolfram Extras 10.1 (5306261) (HKLM\...\A-WIN-Extras 10.1.0 5306261_is1) (Version: 10.1.0 - Wolfram Research, Inc.)
Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version:  - )
Yahoo! Internet Mail (HKLM-x32\...\Yahoo! Mail) (Version:  - )
Yahoo! Mail Advisor (HKLM-x32\...\Yahoo! Mail Advisor) (Version:  - )
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)

==================== Restore Points =========================

19-07-2015 01:10:34 Scheduled Checkpoint
08-08-2015 01:43:01 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-07-31 22:48 - 00000128 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
਍⸰⸰⸰ऱ獭灳畬⹳捭晡敥挮浯਍

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D7DF355-0F0C-4CC4-8A84-99D79384FFD9} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {3A65B433-E0CA-4AA2-8387-8572B9B70F73} - System32\Tasks\SecureW2 Task => C:\Program Files (x86)\SecureW2\sw2_tray.exe [2011-11-04] (SecureW2 B.V.)
Task: {518F43C2-504B-4B32-89F7-95F0E8B3BA0D} - System32\Tasks\Minitab\Minitab Software Update Manager => C:\Program Files (x86)\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe
Task: {53C31FA4-1BB3-4991-8AB0-C73CA6756962} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {6324D6A2-D0A5-4694-ACF1-4945F237FCDF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {9C733EC0-071B-495E-B887-E6D69426A323} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {B22CE07B-DAAD-4C18-AFF6-6353D9666C47} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {BB428D37-5988-4628-868D-C4FF51B9D4CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {C4193BEB-63E3-4F3F-8BA5-5608774EC13A} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {DC47A215-3D1D-4BC0-98A6-B5E2AA7C5A1E} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3439052073-2592127164-3607994596-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {DDD0424F-892A-46A5-8888-C2C6D85F5180} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {F096F395-9DC0-4560-AAEF-AC14D4201935} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {F948625C-1301-4064-A40B-0723C37F3D13} - System32\Tasks\{FC045A89-1E57-44B5-BFFA-87B3277509B5} => pcalua.exe -a "C:\Program Files (x86)\uTorrent\uTorrent.exe" -c /UNINSTALL
Task: {FEE7AB65-19D3-47C0-8EF1-D70BF4F7A7BD} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3439052073-2592127164-3607994596-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-04 22:18 - 2011-04-04 22:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 20:18 - 2010-11-18 20:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-12-15 18:19 - 2010-12-15 18:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2014-10-13 21:09 - 2014-09-05 20:54 - 06281536 _____ () C:\Users\Brian Hillard\AppData\Local\Amazon Music\Amazon Music Helper.exe
2011-06-10 00:09 - 2011-06-10 00:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00306984 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2015-08-08 13:39 - 2015-08-08 13:39 - 00098816 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\win32api.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00110080 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\pywintypes27.dll
2015-08-08 13:39 - 2015-08-08 13:39 - 00364544 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\pythoncom27.dll
2015-08-08 13:39 - 2015-08-08 13:39 - 00045568 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\_socket.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 01161216 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\_ssl.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00320512 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\win32com.shell.shell.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00713216 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\_hashlib.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 01175040 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\wx._core_.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00805888 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\wx._gdi_.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00811008 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\wx._windows_.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 01062400 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\wx._controls_.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00735232 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\wx._misc_.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00682496 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\pysqlite2._sqlite.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00087552 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\_ctypes.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00119808 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\win32file.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00108544 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\win32security.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00007168 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\hashobjs_ext.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00068096 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\usb_ext.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00167936 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\win32gui.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00018432 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\win32event.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00128512 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\_elementtree.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00127488 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\pyexpat.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00013824 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\common.time34.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00036864 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\_psutil_windows.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00038912 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\win32inet.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00011264 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\win32crypt.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00070656 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\wx._html2.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00027136 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\_multiprocessing.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00020480 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\_yappi.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00035840 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\win32process.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00686080 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\unicodedata.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00122368 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\wx._wizard.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00024064 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\win32pipe.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00010240 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\select.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00025600 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\win32pdh.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00525640 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\windows._lib_cacheinvalidation.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00017408 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\win32profile.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00022528 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\win32ts.pyd
2015-08-08 13:39 - 2015-08-08 13:39 - 00078336 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI37242\wx._animate.pyd
2015-07-15 21:14 - 2015-07-15 21:14 - 17448624 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\ecollege.com -> ph.ecollege.com
IE trusted site: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\mathxl.com -> mathxl.com
IE trusted site: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\myitlab.com -> myitlab.com
IE trusted site: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\pearsoncmg.com -> pearsoncmg.com
IE trusted site: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\pearsoned.com -> pearsoned.com
IE trusted site: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\psu.edu -> *.cms.psu.edu
IE trusted site: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\tumblr.com -> hxxp://www.tumblr.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Brian Hillard\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.59.247.45 - 208.59.247.46
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4779291C-6B6B-4622-9330-643EA13DBB56}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{11FF5FA7-B6AB-498E-8D03-7157D30F54EB}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{94F75C43-1265-4F5E-A9AB-7C28DBC24B31}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{BA155A20-E7DE-4564-9BF9-B7BA436D00A9}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{20644481-4B23-4656-9126-CACA6A0AD027}] => (Allow) C:\Users\Brian Hillard\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2897AE79-F49C-4EE8-8BDE-1318AE80F0C4}] => (Allow) C:\Users\Brian Hillard\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{511DE74C-8584-43A1-8DF9-571CFC85430E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{43D9B6C8-9D6C-46EF-879E-DCA6928E8C12}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ECAA2863-462C-4B56-8245-ADB3ED62C9CA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{344613D3-68AF-47F2-BC5B-1B771F31595E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9AC74860-E1CB-4F22-BF23-D062D36514CF}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\10.1\WolframCDFPlayer.exe
FirewallRules: [{B3C14BB5-AE63-4590-9FC5-956C0D3B75B1}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\10.1\WolframCDFPlayer.exe
FirewallRules: [{8AC90668-C3BC-45BC-8942-C985EDBB6BB4}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\10.1\MathKernel.exe
FirewallRules: [{624AFC5E-57D2-4582-BC46-56ADDD52D28C}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\10.1\MathKernel.exe
FirewallRules: [{49286B75-9146-47D9-91A2-E78D3F365D83}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\10.1\math.exe
FirewallRules: [{1C079F19-3950-4521-A04C-707EEB9B5CB2}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\10.1\math.exe
FirewallRules: [{1B23484B-5D8A-467D-94EC-ADC205AC9EF5}] => (Allow) C:\Users\Brian Hillard\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{EAD962A8-B201-4C2F-803E-EFDF2081BA0F}] => (Allow) C:\Users\Brian Hillard\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{BF3F6651-7540-4C0D-A91D-AAB5E9FFD526}] => (Allow) C:\Users\Brian Hillard\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{53A376E5-1B2D-47B0-A9C8-078124C5397E}] => (Allow) C:\Users\Brian Hillard\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4200C43F-3805-43F8-A788-78F35E09911D}] => (Allow) C:\Users\Brian Hillard\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7E07F685-3DE5-43EF-8CD3-23E1107A57D9}] => (Allow) C:\Users\Brian Hillard\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{789A9A9F-2BA5-41E4-9952-067FE062D105}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/08/2015 01:53:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x19f4
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (08/08/2015 01:53:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x9b0
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (08/08/2015 01:52:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x1b3c
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (08/08/2015 01:52:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x1a60
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (08/08/2015 01:51:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x19b4
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (08/08/2015 01:51:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x1994
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (08/08/2015 01:50:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x1b4
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (08/08/2015 01:50:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x19dc
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (08/08/2015 01:49:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x1b10
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (08/08/2015 01:49:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x1bf0
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3


System errors:
=============
Error: (08/08/2015 01:53:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 23 time(s).

Error: (08/08/2015 01:53:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 22 time(s).

Error: (08/08/2015 01:52:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 21 time(s).

Error: (08/08/2015 01:52:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 20 time(s).

Error: (08/08/2015 01:51:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 19 time(s).

Error: (08/08/2015 01:51:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 18 time(s).

Error: (08/08/2015 01:50:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 17 time(s).

Error: (08/08/2015 01:50:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 16 time(s).

Error: (08/08/2015 01:49:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 15 time(s).

Error: (08/08/2015 01:49:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 14 time(s).


Microsoft Office:
=========================
Error: (08/08/2015 01:53:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c0719f401d0d20324e963ffC:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dll62b39917-3df6-11e5-967a-e89a8fce6bf8

Error: (08/08/2015 01:53:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c079b001d0d20312fe5615C:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dll50ba0c06-3df6-11e5-967a-e89a8fce6bf8

Error: (08/08/2015 01:52:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c071b3c01d0d20301182a3dC:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dll3ed3b91e-3df6-11e5-967a-e89a8fce6bf8

Error: (08/08/2015 01:52:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c071a6001d0d202ef311401C:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dll2ced3f25-3df6-11e5-967a-e89a8fce6bf8

Error: (08/08/2015 01:51:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c0719b401d0d202dd423578C:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dll1b10fe82-3df6-11e5-967a-e89a8fce6bf8

Error: (08/08/2015 01:51:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c07199401d0d202cb5552c7C:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dll091882e5-3df6-11e5-967a-e89a8fce6bf8

Error: (08/08/2015 01:50:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c071b401d0d202b96e3c8cC:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dllf7292f2b-3df5-11e5-967a-e89a8fce6bf8

Error: (08/08/2015 01:50:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c0719dc01d0d202a77e257fC:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dlle54d3ca9-3df5-11e5-967a-e89a8fce6bf8

Error: (08/08/2015 01:49:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c071b1001d0d2029597ab86C:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dlld3570b05-3df5-11e5-967a-e89a8fce6bf8

Error: (08/08/2015 01:49:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c071bf001d0d202839d5b22C:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dllc15f049a-3df5-11e5-967a-e89a8fce6bf8


CodeIntegrity:
===================================
  Date: 2013-12-30 09:52:13.459
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-30 09:52:13.456
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-30 09:52:13.452
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-30 09:52:13.431
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-30 09:52:13.428
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-30 09:52:13.423
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-29 14:53:42.516
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-29 14:53:42.513
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-29 14:53:42.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-29 14:53:42.488
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 47%
Total physical RAM: 6091.86 MB
Available physical RAM: 3178.84 MB
Total Virtual: 12181.91 MB
Available Virtual: 9148.34 MB

==================== Drives ================================

Drive c: (TI106234W0C) (Fixed) (Total:682.64 GB) (Free:288.47 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 9DEB38F3)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=682.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.5 GB) - (Type=17)

==================== End of log ============================


  • 0

#9
Pyxis
Posted 09 August 2015 - 08:23 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
  • Step 1

    Upon careful inspection, your log indicates that the program(s) listed below is installed on your computer. I would like to request for the removal of the program(s) as it is unwanted due to its association with either malware or bloatware. Please proceed to uninstalling by going to Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7). If Windows says it cannot locate the program(s) and that it prompts for it to be removed from the list instead, do so by allowing it.
    • McAfee Security Scan Plus
    Inform me if you encounter problems in the removal process.
  • Step 2

    Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
    CloseProcesses:
EmptyTemp:
Hosts:

Task: {F948625C-1301-4064-A40B-0723C37F3D13} - System32\Tasks\{FC045A89-1E57-44B5-BFFA-87B3277509B5} => pcalua.exe -a "C:\Program Files (x86)\uTorrent\uTorrent.exe" -c /UNINSTALL
Task: {FEE7AB65-19D3-47C0-8EF1-D70BF4F7A7BD} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3439052073-2592127164-3607994596-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {DC47A215-3D1D-4BC0-98A6-B5E2AA7C5A1E} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3439052073-2592127164-3607994596-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
2015-07-31 22:48 - 2014-10-23 22:32 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-07-31 22:48 - 2015-07-31 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-07-31 22:48 - 2015-07-31 22:48 - 00000000 ____D C:\Program Files\McAfee Security Scan
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-27]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-06-27]
CHR HKLM-x32\...\Chrome\Extension: [cjkpeelhbaipjkogeledgpkllepmkdmc] - C:\Program Files (x86)\LyricSearch\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\BRIANH~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-02]
CHR HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-08-06] <==== ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....S&pvid=22.1.0.9
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....S&pvid=22.1.0.9
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....S&pvid=22.1.0.9
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....S&pvid=22.1.0.9
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {270DCF97-4042-44CC-BE0B-DF668B4A80D4} URL = http://www.google.co...ng}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> {270DCF97-4042-44CC-BE0B-DF668B4A80D4} URL = http://www.google.co...ng}&rlz=1I7TSNP
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000 -> {270DCF97-4042-44CC-BE0B-DF668B4A80D4} URL = http://www.google.co...1I7TSNP_enUS459
SearchScopes: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000 -> {81F5F0B8-320F-4D33-9B73-3ED145016BD3} URL = http://www.google.co...1I7TSNP_enUS459
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4713.0209] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4713.0209"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4724.0224] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4724.0224"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4726.0226] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4726.0226"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5849.0427] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5849.0427"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2013-08-02] (Coupons, Inc.)

RemoveProxy:
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
    • Run your copy of FRST. It is important to ensure it is located in your desktop.
    • Press the Fix button.
    • It will produce a log (fixlog.txt) once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • fixlog.txt (Farbar Recovery Scan Tool)

  • 0

#10
lawnguybri
Posted 09 August 2015 - 09:01 PM

lawnguybri

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

I hope this is alright / complete. I was letting the FRST fix run while I was doing schoolwork, and I checked on it at some point and it had just stalled. hadn't made any progress / or done anything in over  minutes. Check the FRST window and it was unresponsive, even after a few more minutes. Had to restart the comp :/

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:06-08-2015
Ran by Brian Hillard (2015-08-09 22:33:06) Run:1
Running from C:\Users\Brian Hillard\Desktop
Loaded Profiles: Brian Hillard (Available Profiles: Brian Hillard)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
EmptyTemp:
Hosts:

Task: {F948625C-1301-4064-A40B-0723C37F3D13} - System32\Tasks\{FC045A89-1E57-44B5-BFFA-87B3277509B5} => pcalua.exe -a "C:\Program Files (x86)\uTorrent\uTorrent.exe" -c /UNINSTALL
Task: {FEE7AB65-19D3-47C0-8EF1-D70BF4F7A7BD} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3439052073-2592127164-3607994596-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {DC47A215-3D1D-4BC0-98A6-B5E2AA7C5A1E} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3439052073-2592127164-3607994596-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
2015-07-31 22:48 - 2014-10-23 22:32 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-07-31 22:48 - 2015-07-31 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-07-31 22:48 - 2015-07-31 22:48 - 00000000 ____D C:\Program Files\McAfee Security Scan
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-27]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-06-27]
CHR HKLM-x32\...\Chrome\Extension: [cjkpeelhbaipjkogeledgpkllepmkdmc] - C:\Program Files (x86)\LyricSearch\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\BRIANH~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-02]
CHR HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-08-06] <==== ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....S&pvid=22.1.0.9
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....S&pvid=22.1.0.9
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....S&pvid=22.1.0.9
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....S&pvid=22.1.0.9
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {270DCF97-4042-44CC-BE0B-DF668B4A80D4} URL = http://www.google.co...ng}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> {270DCF97-4042-44CC-BE0B-DF668B4A80D4} URL = http://www.google.co...ng}&rlz=1I7TSNP
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000 -> {270DCF97-4042-44CC-BE0B-DF668B4A80D4} URL = http://www.google.co...1I7TSNP_enUS459
SearchScopes: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3439052073-2592127164-3607994596-1000 -> {81F5F0B8-320F-4D33-9B73-3ED145016BD3} URL = http://www.google.co...1I7TSNP_enUS459
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4713.0209] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4713.0209"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4724.0224] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4724.0224"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4726.0226] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4726.0226"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5849.0427] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5849.0427"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\...\RunOnce: [Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2013-08-02] (Coupons, Inc.)

RemoveProxy:
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
*****************

Processes closed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F948625C-1301-4064-A40B-0723C37F3D13}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F948625C-1301-4064-A40B-0723C37F3D13}" => key removed successfully
C:\Windows\System32\Tasks\{FC045A89-1E57-44B5-BFFA-87B3277509B5} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FC045A89-1E57-44B5-BFFA-87B3277509B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FEE7AB65-19D3-47C0-8EF1-D70BF4F7A7BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEE7AB65-19D3-47C0-8EF1-D70BF4F7A7BD}" => key removed successfully
C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3439052073-2592127164-3607994596-1000 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3439052073-2592127164-3607994596-1000" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC47A215-3D1D-4BC0-98A6-B5E2AA7C5A1E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC47A215-3D1D-4BC0-98A6-B5E2AA7C5A1E}" => key removed successfully
C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3439052073-2592127164-3607994596-1000 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3439052073-2592127164-3607994596-1000" => key removed successfully
"C:\ProgramData\McAfee Security Scan" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus" => File/Folder not found.
"C:\Program Files\McAfee Security Scan" => File/Folder not found.
C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg => moved successfully.
C:\Users\Brian Hillard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjkpeelhbaipjkogeledgpkllepmkdmc" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => key removed successfully
C:\Users\BRIANH~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx => moved successfully.
"HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
C:\Program Files (x86)\mozilla firefox\firefox.cfg => moved successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{270DCF97-4042-44CC-BE0B-DF668B4A80D4}" => key removed successfully
HKCR\CLSID\{270DCF97-4042-44CC-BE0B-DF668B4A80D4} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{270DCF97-4042-44CC-BE0B-DF668B4A80D4}" => key removed successfully
HKCR\Wow6432Node\CLSID\{270DCF97-4042-44CC-BE0B-DF668B4A80D4} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{270DCF97-4042-44CC-BE0B-DF668B4A80D4}" => key removed successfully
HKCR\CLSID\{270DCF97-4042-44CC-BE0B-DF668B4A80D4} => key not found.
"HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{81F5F0B8-320F-4D33-9B73-3ED145016BD3}" => key removed successfully
HKCR\CLSID\{81F5F0B8-320F-4D33-9B73-3ED145016BD3} => key not found.
C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe not found.
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\amd64 => value removed successfully
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4713.0209 => value removed successfully
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64 => value removed successfully
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4724.0224 => value removed successfully
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64 => value removed successfully
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.4726.0226 => value removed successfully
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64 => value removed successfully
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5849.0427 => value removed successfully
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64 => value removed successfully
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512 => value removed successfully
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64 => value removed successfully
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Brian Hillard\AppData\Local\Microsoft\OneDrive\17.3.5907.0716 => value removed successfully
C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll => moved successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{9533373B-49AA-4B4E-A0F6-5E9E4FE50DAD} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========
 


  • 0

Advertisements

#11
Pyxis
Posted 10 August 2015 - 02:11 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
It looks like it went through. :) How is your computer running?
  • Step 1

    Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.
    • Double-click mbam-setup-*.exe and proceed to installing the program.
      • Accept the License Agreement.
      • At the end, untick Enable free trial of Malwarebytes Anti-Malware Premium and ensure Launch Malwarebytes' Anti-Malware is checked.
      • Click Finish after.
    • Once the program has loaded, navigate to the Settings tab and select Detection and Protection.
      • Tick the Scan For Rootkits box.
    • Go back to the Dashboard and select Update Now. Click Scan Now after.
      • Updates can sometimes still be present. Be sure to select Update Now again if you are prompted.
      • Once the scan is complete, click Apply Actions.
      • If you are prompted to reboot, allow it by pressing Yes.
    • Navigate to the program's History tab to retrieve the log.
      • Click Application Logs and double-click on the most recent Scan Log.
      • Export the log to your desktop as a .TXT file.
      • You can also choose to directly copy the log by selecting Copy to Clipboard.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • mbam-log-YYYY-MM-DD (HH-MM-SS).xml (Malwarebytes Anti-Malware)

  • 0

#12
lawnguybri
Posted 12 August 2015 - 07:03 AM

lawnguybri

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

I'm going to jump on this tonight...buried with schoolwork right now :/


  • 0

#13
Pyxis
Posted 13 August 2015 - 06:48 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
No worries, I'll be here. :)
  • 0

#14
lawnguybri
Posted 14 August 2015 - 11:59 PM

lawnguybri

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/15/2015
Scan Time: 12:31 AM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.15.01
Rootkit Database: v2015.08.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Brian Hillard

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 420998
Time Elapsed: 1 hr, 4 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.TopArcadeHits.A, HKU\S-1-5-21-3439052073-2592127164-3607994596-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CF190686-9E72-403C-B99D-682ABDB63C5B}, Quarantined, [f627f712d4b7b28400baa72727db55ab],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211181104}, Quarantined, [1706ff0a7a11ef476ff9b2f2030106fa],
PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FB0201DB-8B20-4C83-AD68-EE9FE94DF819}, Quarantined, [a57815f44d3e2d09ee114c60f80ce020],

Registry Values: 2
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211181104}|AppName, Coupon Companion Plugin-bg.exe, Quarantined, [1706ff0a7a11ef476ff9b2f2030106fa]
PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FB0201DB-8B20-4C83-AD68-EE9FE94DF819}|AppPath, C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar, Quarantined, [a57815f44d3e2d09ee114c60f80ce020]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#15
Pyxis
Posted 15 August 2015 - 03:53 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
How is your computer performing? :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP