Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Outbound Traffic detected. is my computer infected?


  • This topic is locked This topic is locked

#1
wiggy01

wiggy01

    New Member

  • Member
  • Pip
  • 9 posts

Hi I keep getting this message from Nortons to Download and run Nortons Power Eraser. 

 

norton.png

 

I have Run Nortons Power Eraser and it did fix some problems but this message keep coming up constantly. I have re run the program and it comes up that everything is ok.  I tried to do some research as to why this would be happening which has led me to posting this topic incase it is malwaye or spyware or something imbedded in the computer that nortons does not recognise.

this is my sons computer that it is happening to so I cant say exactly what he has been doing on it but he is big at online gaming and trying to download cheats/hacks for his games and automatic mouse clickers. I hope this information helps and that you can help me sort out what is going on with this computer. thanks in advance.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
Ran by tyson (administrator) on 2-GOOD-4-YOU (05-08-2015 11:07:45)
Running from C:\Users\tyson\Desktop
Loaded Profiles: tyson (Available Profiles: tyson)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe
(Mindspark) C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\bjbarsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(System  SoftLab) C:\Program Files (x86)\Spyware Process Detector\spd323.exe
(Mindspark) C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\APPINTEGRATOR.EXE
(Mindspark) C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\AppIntegrator64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\wimserv.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM-x32\...\Run: [gmsd_au_75] => [X]
HKLM-x32\...\Run: [Undeaddies EPM Support] => C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\bjmedint.exe [12824 2015-07-18] (Mindspark)
HKLM-x32\...\Run: [Undeaddies AppIntegrator 32-bit] => C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\AppIntegrator.exe [230424 2015-07-18] (Mindspark)
HKLM-x32\...\Run: [Undeaddies AppIntegrator 64-bit] => C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\AppIntegrator64.exe [265752 2015-07-18] (Mindspark)
HKU\S-1-5-21-2629672351-3235976141-394711740-1001\...\Run: [spdetector3] => C:\Program Files (x86)\Spyware Process Detector\spd323.exe [435200 2013-03-08] (System  SoftLab)
HKU\S-1-5-21-2629672351-3235976141-394711740-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1610664 2015-07-30] (Valve Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.7.0.11
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hot...&cc=AU&unqvl=90
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.7.0.11
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.7.0.11
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.7.0.11
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2629672351-3235976141-394711740-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2629672351-3235976141-394711740-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hot...&cc=au&unqvl=90
HKU\S-1-5-21-2629672351-3235976141-394711740-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKU\S-1-5-21-2629672351-3235976141-394711740-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-2629672351-3235976141-394711740-1001 - (No Name) - {2b6d0223-234f-4ebd-95b5-3d05cfa291ad} - C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\bjSrcAs.dll (Mindspark)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hot...&cc=AU&unqvl=90
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hot...&cc=AU&unqvl=90
SearchScopes: HKLM-x32 -> {d0287e19-d8e7-4ed6-9afc-0ad2b565d7b7} URL = http://int.search.tb...or={searchTerms}
SearchScopes: HKU\S-1-5-21-2629672351-3235976141-394711740-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2629672351-3235976141-394711740-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hot...&cc=AU&unqvl=90
SearchScopes: HKU\S-1-5-21-2629672351-3235976141-394711740-1001 -> {d0287e19-d8e7-4ed6-9afc-0ad2b565d7b7} URL = http://int.search.tb...or={searchTerms}
BHO: No Name -> {20C8A4E4-B07E-49E5-AFEE-7533695314C8} ->  No File
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-15] (Google Inc.)
BHO: No Name -> {E0461D6A-385A-4CA3-B9D8-2383DF2591C4} ->  No File
BHO-x32: Search Assistant BHO -> {3d0740b0-2c6f-4414-bc4f-3b778104253a} -> C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\bjSrcAs.dll [2015-07-18] (Mindspark)
BHO-x32: Toolbar BHO -> {56720efe-4ccf-4d00-947d-da33e8a7d3cf} -> C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\bjbar.dll [2015-07-18] (Mindspark)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-15] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-15] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Undeaddies - {f017cbdf-9abf-40ec-b851-17baef0cfb36} - C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\bjbar.dll [2015-07-18] (Mindspark)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-15] (Google Inc.)
Toolbar: HKU\S-1-5-21-2629672351-3235976141-394711740-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-15] (Google Inc.)
Toolbar: HKU\S-1-5-21-2629672351-3235976141-394711740-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [348488 2015-06-16] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [348488 2015-06-16] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [348488 2015-06-16] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [348488 2015-06-16] (Lavasoft Limited)
Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [348488 2015-06-16] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-06-16] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-06-16] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-06-16] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-06-16] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-06-16] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{883DAA76-D97C-4CD0-B6B8-54FF95E2B738}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{BEA8E17A-26AB-413F-AF3D-47927D2BC284}: [DhcpNameServer] 127.0.0.1

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Plugin HKU\S-1-5-21-2629672351-3235976141-394711740-1001: @nsroblox.roblox.com/launcher -> C:\Users\tyson\AppData\Local\Roblox\Versions\version-f14afd2ae3d44173\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2629672351-3235976141-394711740-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\tyson\AppData\Local\Roblox\Versions\version-f14afd2ae3d44173\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-08-01]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-22]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-22]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-17] (Symantec Corporation)
R2 Undeaddies_bjService; C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\bjbarsvc.exe [90648 2015-07-18] (Mindspark)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 0313861422811714mcinstcleanup; C:\Users\tyson\AppData\Local\Temp\031386~1.EXE -cleanup -nolog [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69904 2014-04-01] (ASUS Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150728.001\BHDrvx64.sys [1650936 2015-07-24] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-28] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150804.001\IDSvia64.sys [692984 2015-07-10] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150804.001\ENG64.SYS [138488 2015-07-10] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150804.001\EX64.SYS [2146040 2015-07-10] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605020.00F\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-11] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys
S1 pfnfd_1_10_0_8; system32\drivers\pfnfd_1_10_0_8.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-05 11:07 - 2015-08-05 11:08 - 00021877 _____ C:\Users\tyson\Desktop\FRST.txt
2015-08-05 11:07 - 2015-08-05 11:07 - 00000000 ____D C:\FRST
2015-08-05 11:04 - 2015-08-05 11:04 - 02169856 _____ (Farbar) C:\Users\tyson\Desktop\FRST64.exe
2015-08-01 22:24 - 2015-08-01 22:24 - 00008006 _____ C:\Users\tyson\Desktop\wohwoh.rbxl
2015-08-01 21:30 - 2015-08-01 21:30 - 00009688 _____ C:\Users\tyson\Desktop\Place1.rbxl
2015-08-01 05:18 - 2015-08-01 05:18 - 00000000 ____D C:\NPE
2015-07-30 18:56 - 2015-07-30 18:56 - 00000000 ____D C:\Windows\SysWOW64\X86
2015-07-30 18:56 - 2015-07-30 18:56 - 00000000 ____D C:\Windows\SysWOW64\AMD64
2015-07-30 18:56 - 2015-07-30 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightningDownloader
2015-07-30 18:55 - 2015-07-31 06:55 - 00000000 ____D C:\ProgramData\{7b07e0dc-3ac8-85e3-7b07-7e0dc3ac8370}
2015-07-29 18:09 - 2015-08-05 10:39 - 00000000 ____D C:\Users\tyson\AppData\Local\NPE
2015-07-29 18:09 - 2015-07-29 18:09 - 00000000 ____D C:\Users\tyson\AppData\Roaming\LightningDownloader
2015-07-29 18:08 - 2015-07-30 18:56 - 00002075 _____ C:\Users\Public\Desktop\LightningDownloader.lnk
2015-07-29 18:08 - 2015-07-30 18:56 - 00000000 ____D C:\Program Files (x86)\LightningDownloader
2015-07-29 18:05 - 2015-08-03 18:11 - 00000000 ____D C:\Program Files (x86)\Avira Browser Safety
2015-07-29 18:04 - 2015-07-30 20:07 - 00000000 ____D C:\Program Files (x86)\CuitThePrice
2015-07-29 18:04 - 2015-07-30 18:55 - 00000000 ____D C:\ProgramData\2824990498962711343
2015-07-28 18:35 - 2015-07-25 23:34 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-26 10:56 - 2015-07-26 10:56 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2015-07-26 10:40 - 2015-07-26 10:40 - 00000000 ____D C:\Users\tyson\AppData\Roaming\ATI
2015-07-26 10:40 - 2015-07-26 10:40 - 00000000 ____D C:\Users\tyson\AppData\Local\ATI
2015-07-26 10:40 - 2015-07-26 10:40 - 00000000 ____D C:\ProgramData\ATI
2015-07-25 21:43 - 2015-07-25 21:43 - 00000407 _____ C:\Users\tyson\Desktop\CD Drive - Shortcut.lnk
2015-07-25 20:43 - 1997-03-24 16:42 - 00314368 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2015-07-25 18:47 - 2015-07-25 18:47 - 00000000 ____D C:\Users\tyson\Documents\Flight Simulator X Files
2015-07-25 18:31 - 2015-07-25 18:31 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2015-07-25 18:31 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-07-25 18:31 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-07-25 18:31 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-07-25 18:31 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-07-25 18:31 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-07-25 18:31 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-07-25 18:31 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-07-25 18:31 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-07-25 18:31 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-07-25 18:31 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-07-25 18:31 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-07-25 18:31 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-07-25 18:31 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-07-25 18:31 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-07-25 18:31 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-07-25 18:31 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-07-25 18:31 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-07-25 18:31 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-07-25 18:31 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-07-25 18:31 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-07-25 18:31 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-07-25 18:31 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-07-25 18:08 - 2015-07-25 18:08 - 00000000 ____D C:\Windows\PCHEALTH
2015-07-25 17:58 - 2015-07-25 17:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2015-07-25 17:53 - 2015-08-01 05:39 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-25 17:53 - 2015-07-25 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-22 15:06 - 2015-07-15 00:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-22 15:06 - 2015-07-15 00:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-22 15:06 - 2015-07-15 00:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-22 15:06 - 2015-07-15 00:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-18 18:55 - 2015-07-18 18:56 - 00000000 ____D C:\Users\tyson\AppData\Local\Undeaddies_bj
2015-07-18 18:55 - 2015-07-18 18:55 - 00000000 ____D C:\Program Files (x86)\Undeaddies_bj
2015-07-15 15:56 - 2015-07-10 05:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 15:56 - 2015-07-10 04:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 15:56 - 2015-07-10 02:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 15:56 - 2015-07-10 01:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 15:56 - 2015-07-10 01:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 15:56 - 2015-07-10 01:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-15 15:56 - 2015-07-10 01:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 15:56 - 2015-07-10 01:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 15:56 - 2015-07-10 01:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 15:56 - 2015-07-10 01:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 15:56 - 2015-07-10 01:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 15:56 - 2015-07-10 01:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 15:56 - 2015-07-10 01:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 15:56 - 2015-06-27 13:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 15:56 - 2015-06-27 13:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 15:56 - 2015-06-27 12:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 15:55 - 2015-07-03 07:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 15:55 - 2015-07-03 06:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 15:55 - 2015-07-03 06:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 15:55 - 2015-07-03 06:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 15:55 - 2015-07-03 06:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 15:55 - 2015-07-03 05:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 15:55 - 2015-07-03 05:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 15:55 - 2015-07-03 04:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 15:55 - 2015-07-02 08:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 15:55 - 2015-07-02 07:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 15:55 - 2015-06-30 08:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 15:55 - 2015-06-30 01:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 15:55 - 2015-06-30 01:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 15:55 - 2015-06-30 01:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 15:55 - 2015-06-30 01:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 15:55 - 2015-06-28 15:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 15:55 - 2015-06-28 15:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 15:55 - 2015-06-28 15:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 15:55 - 2015-06-28 15:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 15:55 - 2015-06-28 02:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 15:55 - 2015-06-27 13:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 15:55 - 2015-06-27 13:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 15:55 - 2015-06-27 13:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 15:55 - 2015-06-27 12:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-15 15:55 - 2015-06-27 12:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 15:55 - 2015-06-27 12:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 15:55 - 2015-06-27 11:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-15 15:55 - 2015-06-27 11:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 15:55 - 2015-06-27 09:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 15:55 - 2015-06-27 09:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 15:55 - 2015-06-25 12:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 15:55 - 2015-06-16 08:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 15:55 - 2015-06-16 08:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 15:55 - 2015-06-16 07:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 15:55 - 2015-06-16 07:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 15:55 - 2015-06-16 06:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 15:55 - 2015-06-16 05:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 15:55 - 2015-05-31 07:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-15 15:55 - 2015-05-31 05:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-15 15:55 - 2015-05-31 05:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-15 15:55 - 2015-05-12 04:17 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-07-15 15:55 - 2015-05-08 03:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-15 15:55 - 2015-05-08 03:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-15 15:55 - 2015-05-08 02:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-15 15:55 - 2015-05-08 02:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-15 15:55 - 2015-05-08 01:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-15 15:55 - 2015-05-08 01:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-15 15:55 - 2015-05-04 01:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 15:55 - 2015-05-04 00:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 15:55 - 2015-05-04 00:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-15 15:55 - 2015-05-04 00:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-15 15:55 - 2015-05-03 10:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-15 15:55 - 2015-04-30 09:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-15 15:55 - 2015-04-25 12:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-15 15:55 - 2014-11-05 05:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-07-15 15:55 - 2014-11-05 05:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-07-15 15:55 - 2014-11-04 16:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-07-15 15:55 - 2014-11-04 16:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-07-15 15:55 - 2014-11-04 16:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-07-15 15:55 - 2014-11-04 16:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-07-15 15:54 - 2015-06-16 08:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 15:54 - 2015-06-16 08:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 15:54 - 2015-06-16 08:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 15:54 - 2015-06-16 08:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 15:54 - 2015-06-16 08:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-15 15:54 - 2015-06-16 07:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 15:54 - 2015-06-16 07:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 15:54 - 2015-06-16 07:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-15 15:54 - 2015-06-16 07:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 15:54 - 2015-06-16 07:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-15 15:54 - 2015-06-16 07:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-15 15:54 - 2015-06-16 07:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 15:54 - 2015-06-16 07:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 15:54 - 2015-06-16 07:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-15 15:54 - 2015-06-16 07:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 15:54 - 2015-06-16 07:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 15:54 - 2015-06-16 07:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 15:54 - 2015-06-16 07:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 15:54 - 2015-06-16 07:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 15:54 - 2015-06-16 06:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 15:54 - 2015-06-16 06:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-15 15:54 - 2015-06-16 06:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 15:54 - 2015-06-16 06:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 15:54 - 2015-06-16 06:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-15 15:54 - 2015-06-16 06:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 15:54 - 2015-06-16 06:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-15 15:54 - 2015-06-16 06:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-15 15:54 - 2015-06-16 06:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 15:54 - 2015-06-16 06:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 15:54 - 2015-06-16 06:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 15:54 - 2015-06-16 06:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-15 15:54 - 2015-06-16 06:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 15:54 - 2015-06-16 06:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 15:54 - 2015-06-11 13:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 15:54 - 2015-06-11 02:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 15:54 - 2015-05-12 23:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-15 15:54 - 2015-04-28 23:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-15 15:54 - 2015-04-28 23:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-15 15:53 - 2015-06-16 15:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 15:53 - 2015-06-16 15:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 15:53 - 2015-05-02 09:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-15 15:52 - 2015-05-12 02:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-15 15:52 - 2015-05-08 02:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-15 15:52 - 2015-05-04 01:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-15 15:52 - 2015-05-04 00:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-15 15:52 - 2015-04-24 01:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-15 15:52 - 2015-04-24 01:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-13 14:06 - 2015-07-13 14:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-07-11 12:24 - 2015-07-26 10:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-07-10 23:39 - 2015-08-02 04:39 - 00000000 ___HD C:\$Windows.~BT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-05 11:02 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-05 11:01 - 2015-01-31 13:29 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5A7B1E5E-C99B-4552-A99D-6E23B999896F}
2015-08-05 10:49 - 2014-07-03 11:20 - 02000227 _____ C:\Windows\WindowsUpdate.log
2015-08-05 10:28 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\system32\NDF
2015-08-05 10:27 - 2015-01-31 12:54 - 00000081 _____ C:\Users\tyson\AppData\Roaming\sp_data.sys
2015-08-04 18:02 - 2015-05-13 19:10 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2015-08-04 18:02 - 2015-05-13 19:10 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2015-08-04 18:00 - 2014-03-18 20:03 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-04 17:59 - 2015-07-01 20:11 - 00000000 ____D C:\Users\tyson\AppData\Local\CrashDumps
2015-08-03 20:52 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\AppReadiness
2015-08-02 09:03 - 2015-01-31 12:59 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2629672351-3235976141-394711740-1001
2015-08-02 08:54 - 2015-03-05 07:23 - 00000000 ____D C:\Games
2015-08-02 04:46 - 2014-05-17 06:47 - 00000000 ____D C:\Windows\Panther
2015-08-01 21:23 - 2015-02-01 11:59 - 00000000 ____D C:\Users\tyson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-08-01 21:23 - 2015-02-01 11:53 - 00001378 _____ C:\Users\tyson\Desktop\ROBLOX Studio.lnk
2015-08-01 19:25 - 2015-02-01 11:57 - 00001366 _____ C:\Users\tyson\Desktop\ROBLOX Player.lnk
2015-08-01 05:32 - 2015-01-31 12:59 - 00000000 ___DO C:\Users\tyson\OneDrive
2015-08-01 05:30 - 2013-08-23 00:46 - 00027514 _____ C:\Windows\setupact.log
2015-08-01 05:30 - 2013-08-23 00:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-01 05:16 - 2013-08-22 23:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-31 17:00 - 2015-06-20 05:39 - 00000000 ____D C:\Users\tyson\AppData\Roaming\Auto Mouse Click by MurGee.com
2015-07-29 18:57 - 2013-08-23 01:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-07-29 18:10 - 2015-02-02 03:39 - 00000000 ____D C:\ProgramData\Norton
2015-07-29 15:37 - 2013-08-23 01:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-29 15:37 - 2013-08-22 23:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-07-28 18:30 - 2015-04-14 11:40 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-26 10:50 - 2015-02-02 03:59 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-07-26 10:50 - 2015-02-02 03:58 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2015-07-26 10:49 - 2015-07-05 11:07 - 00002275 _____ C:\Users\Public\Desktop\Norton 360 Premier.LNK
2015-07-26 10:48 - 2013-08-23 00:44 - 00346384 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-26 10:47 - 2014-03-18 19:54 - 00077620 _____ C:\Windows\PFRO.log
2015-07-26 10:45 - 2015-01-31 12:50 - 00000000 ____D C:\Users\tyson
2015-07-25 20:44 - 2014-07-03 11:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-25 18:31 - 2015-03-05 07:28 - 00104553 _____ C:\Windows\DirectX.log
2015-07-24 20:28 - 2015-01-31 14:06 - 00000000 ____D C:\Users\tyson\AppData\Local\Google
2015-07-22 15:17 - 2015-02-02 03:59 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-07-22 15:17 - 2015-02-02 03:59 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-07-21 20:20 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\rescache
2015-07-19 18:29 - 2015-01-31 12:53 - 00000363 _____ C:\Users\tyson\Downloads\RecentPlaces.lnk
2015-07-19 18:23 - 2015-04-14 11:40 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-19 18:23 - 2013-08-23 01:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-19 18:23 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\WinStore
2015-07-19 18:20 - 2015-01-31 12:53 - 00000000 ____D C:\Users\tyson\AppData\Local\VirtualStore
2015-07-15 17:59 - 2015-02-07 06:24 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 17:59 - 2015-02-07 06:24 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 17:58 - 2015-01-31 15:03 - 00000000 ____D C:\Windows\system32\MRT
2015-07-14 07:10 - 2015-05-16 19:46 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 07:10 - 2015-04-18 19:04 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

==================== Files in the root of some directories =======

2015-01-31 12:54 - 2015-08-05 10:27 - 0000081 _____ () C:\Users\tyson\AppData\Roaming\sp_data.sys
2014-07-03 11:25 - 2014-07-03 11:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-17 06:02 - 2012-09-07 21:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-05-17 06:02 - 2009-07-22 20:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-17 06:02 - 2012-09-07 21:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\ProgramData\SetStretch.VBS

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-26 20:33

==================== End of log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by tyson (2015-08-05 11:08:31)
Running from C:\Users\tyson\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2629672351-3235976141-394711740-500 - Administrator - Disabled)
Guest (S-1-5-21-2629672351-3235976141-394711740-501 - Limited - Disabled)
tyson (S-1-5-21-2629672351-3235976141-394711740-1001 - Administrator - Enabled) => C:\Users\tyson

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{04883BF4-5CC9-AC05-057E-5D77EE738513}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.8 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)
Auto Mouse Click v6.0 (HKLM-x32\...\{F5E3859D-0720-41F0-BAF5-4CBCDFD8F406}_is1) (Version: 6.0 - MurGee.com)
Avira Browser Safety (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - ) <==== ATTENTION
bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION
CutTuhEPrice (HKLM-x32\...\{A2C98B47-B5F4-94AA-281D-4135416774CF}) (Version:  - )
Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - kids (HKLM-x32\...\WildTangentGameProvider-asus-kids) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
LightningDownloader (HKLM-x32\...\{0F44DC3H-6E62-4961-A14B-95323C512F9B}_is1) (Version: 1.0 - LightningDownloader)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for tyson (HKU\S-1-5-21-2629672351-3235976141-394711740-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for tyson (HKU\S-1-5-21-2629672351-3235976141-394711740-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Spyware Process Detector v3.23.2 (HKLM-x32\...\Spyware Process Detector_is1) (Version: 3.23.2 - System SoftLab)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Undeaddies Internet Explorer Toolbar (HKLM-x32\...\Undeaddies_bjbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse  (03/18/2014 6.0.0.35) (HKLM\...\DAA6E0EEB715139C1CEA332C78AB4609FB3C211B) (Version: 03/18/2014 6.0.0.35 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
World of Tanks (HKU\S-1-5-21-2629672351-3235976141-394711740-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2629672351-3235976141-394711740-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\tyson\AppData\Local\Roblox\Versions\version-f14afd2ae3d44173\RobloxProxy64.dll (ROBLOX Corporation)

==================== Restore Points =========================

15-07-2015 16:10:51 Windows Update
19-07-2015 18:20:27 Windows Update
22-07-2015 22:17:06 Windows Update
25-07-2015 17:51:22 Installed Steam
29-07-2015 15:35:52 Windows Update
01-08-2015 05:22:37 Norton_Power_Eraser_20150801052235059

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3CE71C20-A6E8-4A8B-AEFD-692FA4BB41EB} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-20] (Symantec Corporation)
Task: {46673790-328E-4A10-B706-95C246E5F0B4} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2014-02-12] (ASUS)
Task: {47F8A701-FF75-4F05-B808-0E98138D9032} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {4A2759A6-A15F-48A7-B1C7-68CF61B446F7} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {4EC1E502-C010-4DEB-8395-1A05B7A834DD} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {5568B230-B24C-4E52-8B8A-1E4C598E88CB} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-15] (ASUSTek Computer Inc.)
Task: {64037C97-642E-44D8-89EB-82DF8AB62B98} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {6E3D3BE7-3EA0-492D-B92C-E5FC69FAEDB3} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-03] (ASUS)
Task: {6FBC2244-6DBF-44D9-83EC-B0B09EBFDCF7} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-20] (Symantec Corporation)
Task: {751661A8-72EA-44B7-B220-14E0AF4E951D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {9FEF29F6-4A8B-495F-B7BE-06E3D566D93D} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {A5B45C23-30CD-4092-92AF-6950A52DA6EB} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {BD44C765-CD13-4FA5-B102-E5B40C239927} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-04-01] (AsusTek)
Task: {F021648C-B76A-485C-8690-A434AE109381} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2014-02-12] ()
Task: {F0C4D9FA-E463-4B96-A74C-D21492E76199} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe [2015-07-17] (Symantec Corporation)
Task: {FD369C32-90E7-485E-BA6E-338A21CB2959} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-28] (ASUSTek Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2014-02-12 10:08 - 2014-02-12 10:08 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-02-24 20:59 - 2014-02-24 20:59 - 00109056 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSHomeCloudAPI.dll
2014-04-03 07:46 - 2014-04-03 07:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-04-03 07:46 - 2014-04-03 07:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-04-03 07:46 - 2014-04-03 07:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-04-03 07:46 - 2014-04-03 07:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\tyson\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2629672351-3235976141-394711740-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tyson\AppData\Local\Microsoft\Windows\INetCache\IE\V65DE3IL\IMG_0042[1].JPG
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{51D12F63-EB9D-465D-8D70-EF1DE5F3A30A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B7385461-FAE8-4ED3-B46E-97B2398AFFB5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6AFB8AF8-ADCD-43D1-9F7B-8D415F96F79A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{673B9328-1A5A-411A-B99F-9BFD8A6AD859}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2015 05:59:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17924, time stamp: 0x55959290
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000005
Fault offset: 0x000000000003d85e
Faulting process id: 0x858
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5

Error: (07/31/2015 04:44:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RobloxPlayerBeta.exe version 0.206.0.62132 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2664

Start Time: 01d0cb5563cfe537

Termination Time: 513

Application Path: C:\Users\tyson\AppData\Local\Roblox\Versions\version-f14afd2ae3d44173\RobloxPlayerBeta.exe

Report Id: 921fc051-374f-11e5-826f-7824af23aa57

Faulting package full name:

Faulting package-relative application ID:

Error: (07/31/2015 04:09:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: jscript9.dll, version: 11.0.9600.17923, time stamp: 0x559457fb
Exception code: 0xc0000005
Fault offset: 0x00013c31
Faulting process id: 0x29d8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/30/2015 05:48:19 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/27/2015 08:42:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fsx.exe, version: 10.0.60905.0, time stamp: 0x44fd0a92
Faulting module name: KERNEL32.DLL, version: 6.3.9600.17415, time stamp: 0x545049be
Exception code: 0xc0000005
Fault offset: 0x00016fbb
Faulting process id: 0xa54
Faulting application start time: 0xfsx.exe0
Faulting application path: fsx.exe1
Faulting module path: fsx.exe2
Report Id: fsx.exe3
Faulting package full name: fsx.exe4
Faulting package-relative application ID: fsx.exe5

Error: (07/27/2015 08:35:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fsx.exe, version: 10.0.60905.0, time stamp: 0x44fd0a92
Faulting module name: atiumdag.dll, version: 9.14.10.984, time stamp: 0x52124dd6
Exception code: 0xc0000005
Fault offset: 0x00037ece
Faulting process id: 0x1bd4
Faulting application start time: 0xfsx.exe0
Faulting application path: fsx.exe1
Faulting module path: fsx.exe2
Report Id: fsx.exe3
Faulting package full name: fsx.exe4
Faulting package-relative application ID: fsx.exe5

Error: (07/27/2015 04:52:19 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/27/2015 12:28:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fsx.exe, version: 10.0.60905.0, time stamp: 0x44fd0a92
Faulting module name: ai_player.dll, version: 10.0.60905.0, time stamp: 0x44fd0f32
Exception code: 0xc0000005
Fault offset: 0x00031319
Faulting process id: 0xb88
Faulting application start time: 0xfsx.exe0
Faulting application path: fsx.exe1
Faulting module path: fsx.exe2
Report Id: fsx.exe3
Faulting package full name: fsx.exe4
Faulting package-relative application ID: fsx.exe5

Error: (07/27/2015 12:07:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fsx.exe, version: 10.0.60905.0, time stamp: 0x44fd0a92
Faulting module name: atiumdag.dll, version: 9.14.10.984, time stamp: 0x52124dd6
Exception code: 0xc000041d
Fault offset: 0x00037eaa
Faulting process id: 0xb34
Faulting application start time: 0xfsx.exe0
Faulting application path: fsx.exe1
Faulting module path: fsx.exe2
Report Id: fsx.exe3
Faulting package full name: fsx.exe4
Faulting package-relative application ID: fsx.exe5

Error: (07/27/2015 12:07:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fsx.exe, version: 10.0.60905.0, time stamp: 0x44fd0a92
Faulting module name: atiumdag.dll, version: 9.14.10.984, time stamp: 0x52124dd6
Exception code: 0xc0000005
Fault offset: 0x00037eaa
Faulting process id: 0xb34
Faulting application start time: 0xfsx.exe0
Faulting application path: fsx.exe1
Faulting module path: fsx.exe2
Report Id: fsx.exe3
Faulting package full name: fsx.exe4
Faulting package-relative application ID: fsx.exe5

System errors:
=============
Error: (08/05/2015 10:39:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (08/05/2015 10:28:17 AM) (Source: DCOM) (EventID: 10010) (User: 2-GOOD-4-YOU)
Description: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}

Error: (08/04/2015 08:08:45 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (08/04/2015 08:08:44 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (08/04/2015 07:34:40 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (08/04/2015 07:34:39 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (08/04/2015 07:34:31 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (08/04/2015 07:34:30 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (08/04/2015 07:34:28 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (08/04/2015 07:34:28 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Microsoft Office:
=========================
Error: (08/04/2015 05:59:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792455959290ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85e85801d0ce8b8419751cC:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dllc2860266-3a7e-11e5-8272-7824af23aa57

Error: (07/31/2015 04:44:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RobloxPlayerBeta.exe0.206.0.62132266401d0cb5563cfe537513C:\Users\tyson\AppData\Local\Roblox\Versions\version-f14afd2ae3d44173\RobloxPlayerBeta.exe921fc051-374f-11e5-826f-7824af23aa57

Error: (07/31/2015 04:09:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17840555fe1bbjscript9.dll11.0.9600.17923559457fbc000000500013c3129d801d0cb576388f464C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\jscript9.dllbc9f83c0-374a-11e5-826f-7824af23aa57

Error: (07/30/2015 05:48:19 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/27/2015 08:42:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fsx.exe10.0.60905.044fd0a92KERNEL32.DLL6.3.9600.17415545049bec000000500016fbba5401d0c8581c2b041fC:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exeC:\Windows\SYSTEM32\KERNEL32.DLL21c4fa4d-344c-11e5-826e-7824af23aa57

Error: (07/27/2015 08:35:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fsx.exe10.0.60905.044fd0a92atiumdag.dll9.14.10.98452124dd6c000000500037ece1bd401d0c857b09e8152C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exeC:\Windows\SYSTEM32\atiumdag.dll3c27f56a-344b-11e5-826e-7824af23aa57

Error: (07/27/2015 04:52:19 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/27/2015 12:28:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: fsx.exe10.0.60905.044fd0a92ai_player.dll10.0.60905.044fd0f32c000000500031319b8801d0c7ac72416ca0C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exeC:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\ai_player.dll96048977-33a2-11e5-826e-7824af23aa57

Error: (07/27/2015 12:07:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: fsx.exe10.0.60905.044fd0a92atiumdag.dll9.14.10.98452124dd6c000041d00037eaab3401d0c7ac3569f497C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exeC:\Windows\SYSTEM32\atiumdag.dllac73b80c-339f-11e5-826e-7824af23aa57

Error: (07/27/2015 12:07:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: fsx.exe10.0.60905.044fd0a92atiumdag.dll9.14.10.98452124dd6c000000500037eaab3401d0c7ac3569f497C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exeC:\Windows\SYSTEM32\atiumdag.dllaa3524fb-339f-11e5-826e-7824af23aa57

==================== Memory info ===========================

Processor: AMD A8-5550M APU with Radeon™ HD Graphics
Percentage of memory in use: 37%
Total physical RAM: 7378.4 MB
Available physical RAM: 4630.14 MB
Total Virtual: 16594.4 MB
Available Virtual: 10328.36 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:199.76 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:398.07 GB) (Free:397.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: FA5FB210)

Partition: GPT Partition Type.

==================== End of log ============================


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

First
Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome via control panel .
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

Next step remove programs

Please remove these programs from your programs an features list, Start > Control panel > Programs an features. In the list find the program listed below and uninstall it.
  • Avira Browser Safety
  • bestadblocke
  • CutTuhEPrice
  • Undeaddies Internet Explorer Toolbar
    If a program will not remove skip it and keep following instructions please.

    Next run fix with FRST

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.
    start
    CloseProcesses:
    CreateRestorePoint:
    C:\Program Files (x86)\Undeaddies_bj
    HKLM-x32\...\Run: [gmsd_au_75] => [X]
    HKLM-x32\...\Run: [Undeaddies EPM Support] => C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\bjmedint.exe [12824 2015-07-18] (Mindspark)
    HKLM-x32\...\Run: [Undeaddies AppIntegrator 32-bit] => C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\AppIntegrator.exe [230424 2015-07-18] (Mindspark)
    HKLM-x32\...\Run: [Undeaddies AppIntegrator 64-bit] => C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\AppIntegrator64.exe [265752 2015-07-18] (Mindspark)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hot...&cc=AU&unqvl=90
    HKU\S-1-5-21-2629672351-3235976141-394711740-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hot...&cc=au&unqvl=90
    URLSearchHook: HKU\S-1-5-21-2629672351-3235976141-394711740-1001 - (No Name) - {2b6d0223-234f-4ebd-95b5-3d05cfa291ad} - C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\bjSrcAs.dll (Mindspark)
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hot...&cc=AU&unqvl=90
    SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hot...&cc=AU&unqvl=90
    SearchScopes: HKLM-x32 -> {d0287e19-d8e7-4ed6-9afc-0ad2b565d7b7} URL = http://int.search.tb...or={searchTerms}
    SearchScopes: HKU\S-1-5-21-2629672351-3235976141-394711740-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hot...&cc=AU&unqvl=90
    SearchScopes: HKU\S-1-5-21-2629672351-3235976141-394711740-1001 -> {d0287e19-d8e7-4ed6-9afc-0ad2b565d7b7} URL = http://int.search.tb...or={searchTerms}
    BHO: No Name -> {20C8A4E4-B07E-49E5-AFEE-7533695314C8} ->  No File
    BHO: No Name -> {E0461D6A-385A-4CA3-B9D8-2383DF2591C4} ->  No File
    BHO-x32: Search Assistant BHO -> {3d0740b0-2c6f-4414-bc4f-3b778104253a} -> C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\bjSrcAs.dll [2015-07-18] (Mindspark)
    BHO-x32: Toolbar BHO -> {56720efe-4ccf-4d00-947d-da33e8a7d3cf} -> C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\bjbar.dll [2015-07-18] (Mindspark)
    Toolbar: HKLM-x32 - Undeaddies - {f017cbdf-9abf-40ec-b851-17baef0cfb36} - C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\bjbar.dll [2015-07-18] (Mindspark)
    R2 Undeaddies_bjService; C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\bjbarsvc.exe [90648 2015-07-18] (Mindspark)
    S2 0313861422811714mcinstcleanup; C:\Users\tyson\AppData\Local\Temp\031386~1.EXE -cleanup -nolog [X]
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
    S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X]
    S1 pfnfd_1_10_0_8; system32\drivers\pfnfd_1_10_0_8.sys [X]
    2015-07-29 18:09 - 2015-07-29 18:09 - 00000000 ____D C:\Users\tyson\AppData\Roaming\LightningDownloader
    2015-07-29 18:08 - 2015-07-30 18:56 - 00002075 _____ C:\Users\Public\Desktop\LightningDownloader.lnk
    2015-07-29 18:08 - 2015-07-30 18:56 - 00000000 ____D C:\Program Files (x86)\LightningDownloader
    2015-07-29 18:05 - 2015-08-03 18:11 - 00000000 ____D C:\Program Files (x86)\Avira Browser Safety
    2015-07-29 18:04 - 2015-07-30 20:07 - 00000000 ____D C:\Program Files (x86)\CuitThePrice
    2015-07-29 18:04 - 2015-07-30 18:55 - 00000000 ____D C:\ProgramData\2824990498962711343
    2015-08-05 10:27 - 2015-01-31 12:54 - 00000081 _____ C:\Users\tyson\AppData\Roaming\sp_data.sys
    C:\ProgramData\SetStretch.VBS
    Task: {4EC1E502-C010-4DEB-8395-1A05B7A834DD} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    C:\Program Files (x86)\AnyProtectEx
    Task: {9FEF29F6-4A8B-495F-B7BE-06E3D566D93D} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {A5B45C23-30CD-4092-92AF-6950A52DA6EB} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    AlternateDataStreams: C:\Users\tyson\OneDrive:ms-properties
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    RemoveProxy:
    hosts:
    Emptytemp:
    
    • Click Format and ensure Wordwrap is unchecked.
      Save as Fixlist.txt to your Desktop (Must be in this location)
      Run FRST/FRST64 and press the Fix button just once and wait.
      If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
      The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

      Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

      Next Scan for adware and "Clean"
    • Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the logfile button and the log will open in Notepad.
    • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
    • Click on the Clean button follow the prompts.
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner
    • Next Scan for additional adware.

      thisisujrt.gif Please download Junkware Removal Tool to your Desktop.
      Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
      Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
      The tool will open and start scanning your system.
      Please be patient as this can take a while to complete, depending on your system's specifications.
      On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
      Please post the contents of JRT.txt into your reply.

      In your next reply post;
    • Fixlog.txt
    • The AdwCleaner [SO].txt Log
    • The JRT.txt Log


      Thanks
      Joe :)


  • 0

#3
wiggy01

wiggy01

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi I have signed into my google sync and have scrolled down the page, there was no stop and clear option?


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
I'd continue with step 4 then in the Chrome "uninstall" instructions and remove it via the control panel. Then follow the rest of my instructions.

Thanks
Joe
  • 0

#5
wiggy01

wiggy01

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Thanks joe, I wasn't too sure if it would make a difference or not. I have done step 4 but it appears google chrome wasn't installed on my computer because I it was not in the programs list to add/ remove from the control panel. the only thing I had was google toolbar. m going to keep going and start re installing google chrome now.


  • 0

#6
wiggy01

wiggy01

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi Joe I have completed all the tasks and I will post the logs bellow. One more thing while removing the programs from control panel I notices there was a program called

Spyware Process Detector v3.23.2 on there and after restarting the computer it automatically comes up. I  tried to remove this program from the control panel but it came up with a error telling me that I could not remove it. is this program harmful and how do I get rid of it?

Thank you for all of your help so far and sorry for adding something into the mix so late!

 

Fix result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by tyson (2015-08-06 09:20:19) Run:1
Running from C:\Users\tyson\Desktop
Loaded Profiles: tyson (Available Profiles: tyson)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
C:\Program Files (x86)\Undeaddies_bj
HKLM-x32\...\Run: [gmsd_au_75] => [X]
HKLM-x32\...\Run: [Undeaddies EPM Support] => C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\bjmedint.exe [12824 2015-07-18] (Mindspark)
HKLM-x32\...\Run: [Undeaddies AppIntegrator 32-bit] => C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\AppIntegrator.exe [230424 2015-07-18] (Mindspark)
HKLM-x32\...\Run: [Undeaddies AppIntegrator 64-bit] => C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\AppIntegrator64.exe [265752 2015-07-18] (Mindspark)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hot...&cc=AU&unqvl=90
HKU\S-1-5-21-2629672351-3235976141-394711740-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hot...&cc=au&unqvl=90
URLSearchHook: HKU\S-1-5-21-2629672351-3235976141-394711740-1001 - (No Name) - {2b6d0223-234f-4ebd-95b5-3d05cfa291ad} - C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\bjSrcAs.dll (Mindspark)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hot...&cc=AU&unqvl=90
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hot...&cc=AU&unqvl=90
SearchScopes: HKLM-x32 -> {d0287e19-d8e7-4ed6-9afc-0ad2b565d7b7} URL = http://int.search.tb...or={searchTerms}
SearchScopes: HKU\S-1-5-21-2629672351-3235976141-394711740-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hot...&cc=AU&unqvl=90
SearchScopes: HKU\S-1-5-21-2629672351-3235976141-394711740-1001 -> {d0287e19-d8e7-4ed6-9afc-0ad2b565d7b7} URL = http://int.search.tb...or={searchTerms}
BHO: No Name -> {20C8A4E4-B07E-49E5-AFEE-7533695314C8} ->  No File
BHO: No Name -> {E0461D6A-385A-4CA3-B9D8-2383DF2591C4} ->  No File
BHO-x32: Search Assistant BHO -> {3d0740b0-2c6f-4414-bc4f-3b778104253a} -> C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\bjSrcAs.dll [2015-07-18] (Mindspark)
BHO-x32: Toolbar BHO -> {56720efe-4ccf-4d00-947d-da33e8a7d3cf} -> C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\bjbar.dll [2015-07-18] (Mindspark)
Toolbar: HKLM-x32 - Undeaddies - {f017cbdf-9abf-40ec-b851-17baef0cfb36} - C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\bjbar.dll [2015-07-18] (Mindspark)
R2 Undeaddies_bjService; C:\Program Files (x86)\Undeaddies_bj\bar\1.bin\bjbarsvc.exe [90648 2015-07-18] (Mindspark)
S2 0313861422811714mcinstcleanup; C:\Users\tyson\AppData\Local\Temp\031386~1.EXE -cleanup -nolog [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X]
S1 pfnfd_1_10_0_8; system32\drivers\pfnfd_1_10_0_8.sys [X]
2015-07-29 18:09 - 2015-07-29 18:09 - 00000000 ____D C:\Users\tyson\AppData\Roaming\LightningDownloader
2015-07-29 18:08 - 2015-07-30 18:56 - 00002075 _____ C:\Users\Public\Desktop\LightningDownloader.lnk
2015-07-29 18:08 - 2015-07-30 18:56 - 00000000 ____D C:\Program Files (x86)\LightningDownloader
2015-07-29 18:05 - 2015-08-03 18:11 - 00000000 ____D C:\Program Files (x86)\Avira Browser Safety
2015-07-29 18:04 - 2015-07-30 20:07 - 00000000 ____D C:\Program Files (x86)\CuitThePrice
2015-07-29 18:04 - 2015-07-30 18:55 - 00000000 ____D C:\ProgramData\2824990498962711343
2015-08-05 10:27 - 2015-01-31 12:54 - 00000081 _____ C:\Users\tyson\AppData\Roaming\sp_data.sys
C:\ProgramData\SetStretch.VBS
Task: {4EC1E502-C010-4DEB-8395-1A05B7A834DD} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
C:\Program Files (x86)\AnyProtectEx
Task: {9FEF29F6-4A8B-495F-B7BE-06E3D566D93D} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {A5B45C23-30CD-4092-92AF-6950A52DA6EB} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
AlternateDataStreams: C:\Users\tyson\OneDrive:ms-properties
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
C:\Program Files (x86)\Undeaddies_bj => moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_au_75 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Undeaddies EPM Support => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Undeaddies AppIntegrator 32-bit => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Undeaddies AppIntegrator 64-bit => value not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2629672351-3235976141-394711740-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2629672351-3235976141-394711740-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{2b6d0223-234f-4ebd-95b5-3d05cfa291ad} => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => key removed successfully
HKCR\Wow6432Node\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d0287e19-d8e7-4ed6-9afc-0ad2b565d7b7}" => key removed successfully
HKCR\Wow6432Node\CLSID\{d0287e19-d8e7-4ed6-9afc-0ad2b565d7b7} => key not found.
"HKU\S-1-5-21-2629672351-3235976141-394711740-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => key removed successfully
HKCR\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
"HKU\S-1-5-21-2629672351-3235976141-394711740-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d0287e19-d8e7-4ed6-9afc-0ad2b565d7b7}" => key removed successfully
HKCR\CLSID\{d0287e19-d8e7-4ed6-9afc-0ad2b565d7b7} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20C8A4E4-B07E-49E5-AFEE-7533695314C8}" => key removed successfully
HKCR\CLSID\{20C8A4E4-B07E-49E5-AFEE-7533695314C8} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0461D6A-385A-4CA3-B9D8-2383DF2591C4}" => key removed successfully
HKCR\CLSID\{E0461D6A-385A-4CA3-B9D8-2383DF2591C4} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d0740b0-2c6f-4414-bc4f-3b778104253a} => key not found.
HKCR\Wow6432Node\CLSID\{3d0740b0-2c6f-4414-bc4f-3b778104253a} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56720efe-4ccf-4d00-947d-da33e8a7d3cf} => key not found.
HKCR\Wow6432Node\CLSID\{56720efe-4ccf-4d00-947d-da33e8a7d3cf} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{f017cbdf-9abf-40ec-b851-17baef0cfb36} => value not found.
HKCR\Wow6432Node\CLSID\{f017cbdf-9abf-40ec-b851-17baef0cfb36} => key not found.
Undeaddies_bjService => service not found.
0313861422811714mcinstcleanup => service removed successfully
gupdate => service removed successfully
gupdatem => service removed successfully
LavasoftTcpService => service removed successfully
pfnfd_1_10_0_8 => service removed successfully
C:\Users\tyson\AppData\Roaming\LightningDownloader => moved successfully.
C:\Users\Public\Desktop\LightningDownloader.lnk => moved successfully.
C:\Program Files (x86)\LightningDownloader => moved successfully.
C:\Program Files (x86)\Avira Browser Safety => moved successfully.
C:\Program Files (x86)\CuitThePrice => moved successfully.
C:\ProgramData\2824990498962711343 => moved successfully.
C:\Users\tyson\AppData\Roaming\sp_data.sys => moved successfully.
C:\ProgramData\SetStretch.VBS => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EC1E502-C010-4DEB-8395-1A05B7A834DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EC1E502-C010-4DEB-8395-1A05B7A834DD}" => key removed successfully
C:\Windows\System32\Tasks\APSnotifierPP1 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => key removed successfully
"C:\Program Files (x86)\AnyProtectEx" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FEF29F6-4A8B-495F-B7BE-06E3D566D93D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FEF29F6-4A8B-495F-B7BE-06E3D566D93D}" => key removed successfully
C:\Windows\System32\Tasks\APSnotifierPP3 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5B45C23-30CD-4092-92AF-6950A52DA6EB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5B45C23-30CD-4092-92AF-6950A52DA6EB}" => key removed successfully
C:\Windows\System32\Tasks\APSnotifierPP2 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => key removed successfully
C:\Windows\Tasks\APSnotifierPP1.job => moved successfully.
C:\Windows\Tasks\APSnotifierPP2.job => moved successfully.
C:\Windows\Tasks\APSnotifierPP3.job => moved successfully.
C:\Users\tyson\OneDrive => ":ms-properties" ADS removed successfully.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

=========  netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2629672351-3235976141-394711740-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2629672351-3235976141-394711740-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 423.8 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 09:21:12 ====

 

 

# AdwCleaner v4.208 - Logfile created 06/08/2015 at 09:34:18
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : tyson - 2-GOOD-4-YOU
# Running from : C:\Users\tyson\Desktop\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\a5ab6318000057eb
Folder Deleted : C:\ProgramData\{7b07e0dc-3ac8-85e3-7b07-7e0dc3ac8370}
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightningDownloader
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\PhraseFinder_1.10.0.8
Folder Deleted : C:\Users\tyson\AppData\Local\globalUpdate
Folder Deleted : C:\Users\tyson\AppData\Roaming\AnyProtectEx
Folder Deleted : C:\Users\tyson\AppData\Roaming\omiga-plus
Folder Deleted : C:\Users\tyson\AppData\Roaming\OpenCandy
File Deleted : C:\Program Files (x86)\bjres.dll
File Deleted : C:\Windows\patsearch.bin
File Deleted : C:\Windows\SysWOW64\OptimizerMonitor.ini
File Deleted : C:\Windows\SysWOW64\OptimizerMonitorOff.ini
File Deleted : C:\Windows\System32\OptimizerMonitorOff.ini
File Deleted : C:\Windows\System32\drivers\Msft_Kernel_webinstrNHKT_01009.Wdf

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\eaa5af21-0b81-d8fd-2301-804f6e1aeec8
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BAB45F-0A8A-48B5-8C46-F2A8C7EEFAEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{94D4476C-892A-4FF2-AE91-1A5FB2D2F126}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software\BlockAndSurf
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\omiga-plusSoftware
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\PhraseFinder_1.10.0.8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3H-6E62-4961-A14B-95323C512F9B}_is1
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istart.webssearches.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nortonsafe.search.ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\polarbytes-auto-clicker.en.softonic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\undeaddies.dl.tb.ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Google Chrome v44.0.2403.130

*************************

AdwCleaner[R0].txt - [4863 bytes] - [06/08/2015 09:32:13]
AdwCleaner[S0].txt - [4464 bytes] - [06/08/2015 09:34:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4523  bytes] ##########

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.5 (08.05.2015:1)
OS: Windows 8.1 x64
Ran by tyson on Thu 06/08/2015 at  9:44:31.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\Users\tyson\AppData\Roaming\sp_data.sys

 

~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\lavasoft\web companion
Successfully deleted: [Folder] C:\ProgramData\lavasoft\web companion
Successfully deleted: [Folder] C:\Users\tyson\AppData\Roaming\lavasoft\web companion
Successfully deleted: [Folder] C:\Windows\SysWOW64\amd64
Successfully deleted: [Folder] C:\Windows\SysWOW64\x86

 

~~~ Chrome

[C:\Users\tyson\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\tyson\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\tyson\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\tyson\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/08/2015 at  9:47:28.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Spyware Process Detector v3.23.2

We can get to that. We have a ways to go yet.

Is outbound traffic still being detected ?


Next
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.
Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#8
wiggy01

wiggy01

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

im just scanning with the Malwarebytes Anti-Malware now, no I haven't had the out bound traffic detected come up again after the last lot of scans but I did have to disable my antivirus firmware. I have turned it back on to see if it will pop up.


  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
OK,

Please post the Malwarebytes log when finished.

This will be the next set of instructions for you "after Malwarebytes has finished and you have posted the log"

Next
See if you can remove spyware processes detector with Revo uninstaller

To do that

Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.

    Let me know the outcome.

    Next
  • Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Right click and run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.




  • 0

#10
wiggy01

wiggy01

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

this is the results from the scan

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/08/2015
Scan Time: 12:46 PM
Logfile: Malwarebytesscan.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.05.07
Rootkit Database: v2015.08.04.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: tyson

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 347112
Time Elapsed: 10 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{372ab9f0}, Quarantined, [5fdcc4411279300624a5584930d43ac6],
PUP.Optional.Cinema.A, HKU\S-1-5-18\SOFTWARE\CinemaP-1.9cV30.01-nv-ie, Quarantined, [89b24eb7c1ca2e08d46b66d433d0f907],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, Quarantined, [c576976e414aab8b8ea2920c7a8af010],
PUP.Optional.Cinema.A, HKU\S-1-5-21-2629672351-3235976141-394711740-1001\SOFTWARE\CinemaP-1.9cV30.01-nv-ie, Quarantined, [a29938cd286356e0132c7fbb2cd72ed2],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Very good, just some left overs. Try the next instructions I posted in post #9...
  • 0

#12
wiggy01

wiggy01

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

whoops sorry I must have accidentally skimmed over that one. I have just run that one.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
Ran by tyson (administrator) on 2-GOOD-4-YOU (06-08-2015 13:16:54)
Running from C:\Users\tyson\Desktop
Loaded Profiles: tyson (Available Profiles: tyson)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKU\S-1-5-21-2629672351-3235976141-394711740-1001\...\Run: [spdetector3] => C:\Program Files (x86)\Spyware Process Detector\spd323.exe [435200 2013-03-08] (System  SoftLab)
HKU\S-1-5-21-2629672351-3235976141-394711740-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1610664 2015-07-30] (Valve Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.7.0.11
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.7.0.11
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.7.0.11
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.7.0.11
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2629672351-3235976141-394711740-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2629672351-3235976141-394711740-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKU\S-1-5-21-2629672351-3235976141-394711740-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2629672351-3235976141-394711740-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2629672351-3235976141-394711740-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{883DAA76-D97C-4CD0-B6B8-54FF95E2B738}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{BEA8E17A-26AB-413F-AF3D-47927D2BC284}: [DhcpNameServer] 127.0.0.1

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Plugin HKU\S-1-5-21-2629672351-3235976141-394711740-1001: @nsroblox.roblox.com/launcher -> C:\Users\tyson\AppData\Local\Roblox\Versions\version-f14afd2ae3d44173\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2629672351-3235976141-394711740-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\tyson\AppData\Local\Roblox\Versions\version-f14afd2ae3d44173\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-08-06]

Chrome:
=======
CHR Profile: C:\Users\tyson\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\tyson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-06]
CHR Extension: (Google Docs) - C:\Users\tyson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-06]
CHR Extension: (Google Drive) - C:\Users\tyson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-06]
CHR Extension: (YouTube) - C:\Users\tyson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\tyson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-08-06]
CHR Extension: (Google Search) - C:\Users\tyson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-06]
CHR Extension: (Google Sheets) - C:\Users\tyson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-06]
CHR Extension: (Norton Identity Safe) - C:\Users\tyson\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-08-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\tyson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tyson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-06]
CHR Extension: (Gmail) - C:\Users\tyson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-06]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-22]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-22]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-17] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69904 2014-04-01] (ASUS Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150728.001\BHDrvx64.sys [1650936 2015-07-24] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-28] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150805.001\IDSvia64.sys [692984 2015-07-10] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150805.002\ENG64.SYS [138488 2015-07-10] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150805.002\EX64.SYS [2146040 2015-07-10] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605020.00F\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-11] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-06 13:01 - 2015-08-06 13:01 - 00001650 _____ C:\Users\tyson\Desktop\Malwarebytesscan.txt
2015-08-06 12:42 - 2015-08-06 12:45 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-06 12:42 - 2015-08-06 12:42 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-06 12:42 - 2015-08-06 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-06 12:42 - 2015-08-06 12:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-06 12:42 - 2015-08-06 12:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-06 12:42 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-06 12:42 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-06 12:42 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-06 12:39 - 2015-08-06 12:39 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\tyson\Desktop\mbam-setup-2.1.8.1057.exe
2015-08-06 09:47 - 2015-08-06 09:47 - 00001485 _____ C:\Users\tyson\Desktop\JRT.txt
2015-08-06 09:41 - 2015-08-06 09:41 - 01797896 _____ (Malwarebytes Corporation) C:\Users\tyson\Desktop\JRT.exe
2015-08-06 09:32 - 2015-08-06 09:34 - 00000000 ____D C:\AdwCleaner
2015-08-06 09:31 - 2015-08-06 09:31 - 02248704 _____ C:\Users\tyson\Desktop\adwcleaner_4.208.exe
2015-08-06 08:48 - 2015-08-06 08:48 - 00002277 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-06 08:48 - 2015-08-06 08:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-06 08:46 - 2015-08-06 12:51 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-06 08:46 - 2015-08-06 09:36 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-06 08:46 - 2015-08-06 08:46 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-06 08:46 - 2015-08-06 08:46 - 00003658 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-05 11:08 - 2015-08-05 11:09 - 00026093 _____ C:\Users\tyson\Desktop\Addition.txt
2015-08-05 11:07 - 2015-08-06 13:16 - 00017149 _____ C:\Users\tyson\Desktop\FRST.txt
2015-08-05 11:07 - 2015-08-06 13:16 - 00000000 ____D C:\FRST
2015-08-05 11:04 - 2015-08-05 11:04 - 02169856 _____ (Farbar) C:\Users\tyson\Desktop\FRST64.exe
2015-08-01 22:24 - 2015-08-01 22:24 - 00008006 _____ C:\Users\tyson\Desktop\wohwoh.rbxl
2015-08-01 21:30 - 2015-08-01 21:30 - 00009688 _____ C:\Users\tyson\Desktop\Place1.rbxl
2015-08-01 05:18 - 2015-08-01 05:18 - 00000000 ____D C:\NPE
2015-07-29 18:09 - 2015-08-05 10:39 - 00000000 ____D C:\Users\tyson\AppData\Local\NPE
2015-07-28 18:35 - 2015-07-25 23:34 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-26 10:56 - 2015-07-26 10:56 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2015-07-26 10:40 - 2015-07-26 10:40 - 00000000 ____D C:\Users\tyson\AppData\Roaming\ATI
2015-07-26 10:40 - 2015-07-26 10:40 - 00000000 ____D C:\Users\tyson\AppData\Local\ATI
2015-07-26 10:40 - 2015-07-26 10:40 - 00000000 ____D C:\ProgramData\ATI
2015-07-25 21:43 - 2015-07-25 21:43 - 00000407 _____ C:\Users\tyson\Desktop\CD Drive - Shortcut.lnk
2015-07-25 20:43 - 1997-03-24 16:42 - 00314368 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2015-07-25 18:47 - 2015-07-25 18:47 - 00000000 ____D C:\Users\tyson\Documents\Flight Simulator X Files
2015-07-25 18:31 - 2015-07-25 18:31 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2015-07-25 18:31 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-07-25 18:31 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-07-25 18:31 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-07-25 18:31 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-07-25 18:31 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-07-25 18:31 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-07-25 18:31 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-07-25 18:31 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-07-25 18:31 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-07-25 18:31 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-07-25 18:31 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-07-25 18:31 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-07-25 18:31 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-07-25 18:31 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-07-25 18:31 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-07-25 18:31 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-07-25 18:31 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-07-25 18:31 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-07-25 18:31 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-07-25 18:31 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-07-25 18:31 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-07-25 18:31 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-07-25 18:08 - 2015-07-25 18:08 - 00000000 ____D C:\Windows\PCHEALTH
2015-07-25 17:58 - 2015-07-25 17:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2015-07-25 17:53 - 2015-08-06 09:37 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-25 17:53 - 2015-07-25 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-22 15:06 - 2015-07-15 00:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-22 15:06 - 2015-07-15 00:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-22 15:06 - 2015-07-15 00:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-22 15:06 - 2015-07-15 00:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 15:56 - 2015-07-10 05:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 15:56 - 2015-07-10 04:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 15:56 - 2015-07-10 02:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 15:56 - 2015-07-10 01:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 15:56 - 2015-07-10 01:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 15:56 - 2015-07-10 01:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-15 15:56 - 2015-07-10 01:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 15:56 - 2015-07-10 01:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 15:56 - 2015-07-10 01:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 15:56 - 2015-07-10 01:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 15:56 - 2015-07-10 01:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 15:56 - 2015-07-10 01:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 15:56 - 2015-07-10 01:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 15:56 - 2015-06-27 13:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 15:56 - 2015-06-27 13:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 15:56 - 2015-06-27 12:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 15:55 - 2015-07-03 07:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 15:55 - 2015-07-03 06:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 15:55 - 2015-07-03 06:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 15:55 - 2015-07-03 06:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 15:55 - 2015-07-03 06:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 15:55 - 2015-07-03 05:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 15:55 - 2015-07-03 05:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 15:55 - 2015-07-03 04:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 15:55 - 2015-07-02 08:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 15:55 - 2015-07-02 07:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 15:55 - 2015-06-30 08:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 15:55 - 2015-06-30 01:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 15:55 - 2015-06-30 01:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 15:55 - 2015-06-30 01:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 15:55 - 2015-06-30 01:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 15:55 - 2015-06-28 15:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 15:55 - 2015-06-28 15:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 15:55 - 2015-06-28 15:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 15:55 - 2015-06-28 15:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 15:55 - 2015-06-28 02:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 15:55 - 2015-06-27 13:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 15:55 - 2015-06-27 13:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 15:55 - 2015-06-27 13:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 15:55 - 2015-06-27 12:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-15 15:55 - 2015-06-27 12:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 15:55 - 2015-06-27 12:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 15:55 - 2015-06-27 11:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-15 15:55 - 2015-06-27 11:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 15:55 - 2015-06-27 09:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 15:55 - 2015-06-27 09:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 15:55 - 2015-06-25 12:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 15:55 - 2015-06-16 08:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 15:55 - 2015-06-16 08:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 15:55 - 2015-06-16 07:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 15:55 - 2015-06-16 07:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 15:55 - 2015-06-16 06:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 15:55 - 2015-06-16 05:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 15:55 - 2015-05-31 07:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-15 15:55 - 2015-05-31 05:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-15 15:55 - 2015-05-31 05:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-15 15:55 - 2015-05-12 04:17 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-07-15 15:55 - 2015-05-08 03:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-15 15:55 - 2015-05-08 03:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-15 15:55 - 2015-05-08 02:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-15 15:55 - 2015-05-08 02:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-15 15:55 - 2015-05-08 01:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-15 15:55 - 2015-05-08 01:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-15 15:55 - 2015-05-04 01:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 15:55 - 2015-05-04 00:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 15:55 - 2015-05-04 00:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-15 15:55 - 2015-05-04 00:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-15 15:55 - 2015-05-03 10:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-15 15:55 - 2015-04-30 09:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-15 15:55 - 2015-04-25 12:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-15 15:55 - 2014-11-05 05:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-07-15 15:55 - 2014-11-05 05:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-07-15 15:55 - 2014-11-04 16:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-07-15 15:55 - 2014-11-04 16:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-07-15 15:55 - 2014-11-04 16:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-07-15 15:55 - 2014-11-04 16:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-07-15 15:54 - 2015-06-16 08:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 15:54 - 2015-06-16 08:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 15:54 - 2015-06-16 08:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 15:54 - 2015-06-16 08:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 15:54 - 2015-06-16 08:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-15 15:54 - 2015-06-16 07:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 15:54 - 2015-06-16 07:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 15:54 - 2015-06-16 07:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-15 15:54 - 2015-06-16 07:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 15:54 - 2015-06-16 07:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-15 15:54 - 2015-06-16 07:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-15 15:54 - 2015-06-16 07:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 15:54 - 2015-06-16 07:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 15:54 - 2015-06-16 07:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-15 15:54 - 2015-06-16 07:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 15:54 - 2015-06-16 07:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 15:54 - 2015-06-16 07:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 15:54 - 2015-06-16 07:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 15:54 - 2015-06-16 07:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 15:54 - 2015-06-16 06:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 15:54 - 2015-06-16 06:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-15 15:54 - 2015-06-16 06:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 15:54 - 2015-06-16 06:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 15:54 - 2015-06-16 06:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-15 15:54 - 2015-06-16 06:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 15:54 - 2015-06-16 06:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-15 15:54 - 2015-06-16 06:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-15 15:54 - 2015-06-16 06:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 15:54 - 2015-06-16 06:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 15:54 - 2015-06-16 06:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 15:54 - 2015-06-16 06:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-15 15:54 - 2015-06-16 06:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 15:54 - 2015-06-16 06:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 15:54 - 2015-06-11 13:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 15:54 - 2015-06-11 02:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 15:54 - 2015-05-12 23:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-15 15:54 - 2015-04-28 23:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-15 15:54 - 2015-04-28 23:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-15 15:53 - 2015-06-16 15:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 15:53 - 2015-06-16 15:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 15:53 - 2015-05-02 09:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-15 15:52 - 2015-05-12 02:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-15 15:52 - 2015-05-08 02:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-15 15:52 - 2015-05-04 01:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-15 15:52 - 2015-05-04 00:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-15 15:52 - 2015-04-24 01:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-15 15:52 - 2015-04-24 01:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-13 14:06 - 2015-07-13 14:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-07-11 12:24 - 2015-07-26 10:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-07-10 23:39 - 2015-08-02 04:39 - 00000000 ___HD C:\$Windows.~BT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-06 13:12 - 2015-01-31 12:59 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2629672351-3235976141-394711740-1001
2015-08-06 13:11 - 2015-01-31 13:29 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5A7B1E5E-C99B-4552-A99D-6E23B999896F}
2015-08-06 13:00 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-06 12:47 - 2014-07-03 11:20 - 01300610 _____ C:\Windows\WindowsUpdate.log
2015-08-06 12:40 - 2015-05-13 19:10 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2015-08-06 12:40 - 2015-05-13 19:10 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2015-08-06 09:45 - 2015-06-16 19:35 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-08-06 09:45 - 2015-06-16 19:28 - 00000000 ____D C:\Users\tyson\AppData\Roaming\Lavasoft
2015-08-06 09:45 - 2015-06-16 19:28 - 00000000 ____D C:\ProgramData\Lavasoft
2015-08-06 09:40 - 2014-03-18 20:03 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-06 09:37 - 2015-01-31 12:59 - 00000000 ___DO C:\Users\tyson\OneDrive
2015-08-06 09:36 - 2013-08-23 00:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-06 09:35 - 2014-03-18 19:54 - 00092494 _____ C:\Windows\PFRO.log
2015-08-06 09:35 - 2013-08-23 00:46 - 00027862 _____ C:\Windows\setupact.log
2015-08-06 09:22 - 2013-08-22 23:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-06 08:58 - 2015-07-01 20:11 - 00000000 ____D C:\Users\tyson\AppData\Local\CrashDumps
2015-08-06 08:54 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\AppReadiness
2015-08-06 08:49 - 2015-01-31 12:53 - 00000000 ____D C:\Users\tyson\AppData\Local\Packages
2015-08-06 08:48 - 2015-01-31 14:06 - 00000000 ____D C:\Users\tyson\AppData\Local\Google
2015-08-06 08:48 - 2015-01-31 14:06 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-06 08:38 - 2013-08-22 23:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-08-06 08:37 - 2015-01-31 14:06 - 00000000 ____D C:\Program Files\Google
2015-08-05 10:28 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\system32\NDF
2015-08-02 08:54 - 2015-03-05 07:23 - 00000000 ____D C:\Games
2015-08-02 04:46 - 2014-05-17 06:47 - 00000000 ____D C:\Windows\Panther
2015-08-01 21:23 - 2015-02-01 11:59 - 00000000 ____D C:\Users\tyson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-08-01 21:23 - 2015-02-01 11:53 - 00001378 _____ C:\Users\tyson\Desktop\ROBLOX Studio.lnk
2015-08-01 19:25 - 2015-02-01 11:57 - 00001366 _____ C:\Users\tyson\Desktop\ROBLOX Player.lnk
2015-07-31 17:00 - 2015-06-20 05:39 - 00000000 ____D C:\Users\tyson\AppData\Roaming\Auto Mouse Click by MurGee.com
2015-07-29 18:57 - 2013-08-23 01:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-07-29 18:10 - 2015-02-02 03:39 - 00000000 ____D C:\ProgramData\Norton
2015-07-29 15:37 - 2013-08-23 01:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-28 18:30 - 2015-04-14 11:40 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-26 10:50 - 2015-02-02 03:59 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-07-26 10:50 - 2015-02-02 03:58 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2015-07-26 10:49 - 2015-07-05 11:07 - 00002275 _____ C:\Users\Public\Desktop\Norton 360 Premier.LNK
2015-07-26 10:48 - 2013-08-23 00:44 - 00346384 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-26 10:45 - 2015-01-31 12:50 - 00000000 ____D C:\Users\tyson
2015-07-25 20:44 - 2014-07-03 11:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-25 18:31 - 2015-03-05 07:28 - 00104553 _____ C:\Windows\DirectX.log
2015-07-22 15:17 - 2015-02-02 03:59 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-07-22 15:17 - 2015-02-02 03:59 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-07-21 20:20 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\rescache
2015-07-19 18:29 - 2015-01-31 12:53 - 00000363 _____ C:\Users\tyson\Downloads\RecentPlaces.lnk
2015-07-19 18:23 - 2015-04-14 11:40 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-19 18:23 - 2013-08-23 01:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-19 18:23 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\WinStore
2015-07-19 18:20 - 2015-01-31 12:53 - 00000000 ____D C:\Users\tyson\AppData\Local\VirtualStore
2015-07-15 17:59 - 2015-02-07 06:24 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 17:59 - 2015-02-07 06:24 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 17:58 - 2015-01-31 15:03 - 00000000 ____D C:\Windows\system32\MRT
2015-07-14 07:10 - 2015-05-16 19:46 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 07:10 - 2015-04-18 19:04 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

==================== Files in the root of some directories =======

2014-07-03 11:25 - 2014-07-03 11:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-17 06:02 - 2012-09-07 21:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-05-17 06:02 - 2009-07-22 20:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Some files in TEMP:
====================
C:\Users\tyson\AppData\Local\Temp\Quarantine.exe
C:\Users\tyson\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-06 09:02

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by tyson (2015-08-06 13:17:29)
Running from C:\Users\tyson\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2629672351-3235976141-394711740-500 - Administrator - Disabled)
Guest (S-1-5-21-2629672351-3235976141-394711740-501 - Limited - Disabled)
tyson (S-1-5-21-2629672351-3235976141-394711740-1001 - Administrator - Enabled) => C:\Users\tyson

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{04883BF4-5CC9-AC05-057E-5D77EE738513}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.8 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)
Auto Mouse Click v6.0 (HKLM-x32\...\{F5E3859D-0720-41F0-BAF5-4CBCDFD8F406}_is1) (Version: 6.0 - MurGee.com)
Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - kids (HKLM-x32\...\WildTangentGameProvider-asus-kids) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for tyson (HKU\S-1-5-21-2629672351-3235976141-394711740-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for tyson (HKU\S-1-5-21-2629672351-3235976141-394711740-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Spyware Process Detector v3.23.2 (HKLM-x32\...\Spyware Process Detector_is1) (Version: 3.23.2 - System SoftLab)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse  (03/18/2014 6.0.0.35) (HKLM\...\DAA6E0EEB715139C1CEA332C78AB4609FB3C211B) (Version: 03/18/2014 6.0.0.35 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
World of Tanks (HKU\S-1-5-21-2629672351-3235976141-394711740-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2629672351-3235976141-394711740-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\tyson\AppData\Local\Roblox\Versions\version-f14afd2ae3d44173\RobloxProxy64.dll (ROBLOX Corporation)

==================== Restore Points =========================

19-07-2015 18:20:27 Windows Update
22-07-2015 22:17:06 Windows Update
25-07-2015 17:51:22 Installed Steam
29-07-2015 15:35:52 Windows Update
01-08-2015 05:22:37 Norton_Power_Eraser_20150801052235059
06-08-2015 09:20:23 Restore Point Created by FRST

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 23:25 - 2015-08-06 09:20 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D2C7007-2BB4-4CF2-AF01-D34A1D81916A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-06] (Google Inc.)
Task: {38974D42-AECC-4403-8506-7A0C5293AAF7} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {3CE71C20-A6E8-4A8B-AEFD-692FA4BB41EB} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-20] (Symantec Corporation)
Task: {46673790-328E-4A10-B706-95C246E5F0B4} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2014-02-12] (ASUS)
Task: {5568B230-B24C-4E52-8B8A-1E4C598E88CB} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-15] (ASUSTek Computer Inc.)
Task: {64037C97-642E-44D8-89EB-82DF8AB62B98} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {6E3D3BE7-3EA0-492D-B92C-E5FC69FAEDB3} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-03] (ASUS)
Task: {6FBC2244-6DBF-44D9-83EC-B0B09EBFDCF7} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-20] (Symantec Corporation)
Task: {B90751CA-0ACF-465F-8FD6-4548F354A479} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-06] (Google Inc.)
Task: {BD44C765-CD13-4FA5-B102-E5B40C239927} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-04-01] (AsusTek)
Task: {C2ED9A0B-78E8-4277-8A4A-2CF439C76220} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {D26E5868-9919-41FE-94E0-3E63FB85AC72} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {F021648C-B76A-485C-8690-A434AE109381} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2014-02-12] ()
Task: {F0C4D9FA-E463-4B96-A74C-D21492E76199} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe [2015-07-17] (Symantec Corporation)
Task: {FD369C32-90E7-485E-BA6E-338A21CB2959} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-28] (ASUSTek Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\tyson\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2629672351-3235976141-394711740-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tyson\AppData\Local\Microsoft\Windows\INetCache\IE\V65DE3IL\IMG_0042[1].JPG
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{51D12F63-EB9D-465D-8D70-EF1DE5F3A30A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B7385461-FAE8-4ED3-B46E-97B2398AFFB5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6AFB8AF8-ADCD-43D1-9F7B-8D415F96F79A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{673B9328-1A5A-411A-B99F-9BFD8A6AD859}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D0EC7DC9-DD8D-49AD-BB01-777224E92BBD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/06/2015 09:20:23 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {1f733db5-c3c3-4779-8034-e579dcd9820c}

Error: (08/06/2015 08:58:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: _iu14D2N.tmp, version: 51.52.0.0, time stamp: 0x2a425e19
Faulting module name: IssSurvey.dll, version: 1.0.0.90, time stamp: 0x465a0000
Exception code: 0xc0000005
Fault offset: 0x00019210
Faulting process id: 0x1a14
Faulting application start time: 0x_iu14D2N.tmp0
Faulting application path: _iu14D2N.tmp1
Faulting module path: _iu14D2N.tmp2
Report Id: _iu14D2N.tmp3
Faulting package full name: _iu14D2N.tmp4
Faulting package-relative application ID: _iu14D2N.tmp5

Error: (08/06/2015 08:57:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: _iu14D2N.tmp, version: 51.52.0.0, time stamp: 0x2a425e19
Faulting module name: IssSurvey.dll, version: 1.0.0.90, time stamp: 0x465a0000
Exception code: 0xc0000005
Fault offset: 0x00019210
Faulting process id: 0xc14
Faulting application start time: 0x_iu14D2N.tmp0
Faulting application path: _iu14D2N.tmp1
Faulting module path: _iu14D2N.tmp2
Report Id: _iu14D2N.tmp3
Faulting package full name: _iu14D2N.tmp4
Faulting package-relative application ID: _iu14D2N.tmp5

Error: (08/04/2015 05:59:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17924, time stamp: 0x55959290
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000005
Fault offset: 0x000000000003d85e
Faulting process id: 0x858
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5

Error: (07/31/2015 04:44:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RobloxPlayerBeta.exe version 0.206.0.62132 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2664

Start Time: 01d0cb5563cfe537

Termination Time: 513

Application Path: C:\Users\tyson\AppData\Local\Roblox\Versions\version-f14afd2ae3d44173\RobloxPlayerBeta.exe

Report Id: 921fc051-374f-11e5-826f-7824af23aa57

Faulting package full name:

Faulting package-relative application ID:

Error: (07/31/2015 04:09:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: jscript9.dll, version: 11.0.9600.17923, time stamp: 0x559457fb
Exception code: 0xc0000005
Fault offset: 0x00013c31
Faulting process id: 0x29d8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/30/2015 05:48:19 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/27/2015 08:42:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fsx.exe, version: 10.0.60905.0, time stamp: 0x44fd0a92
Faulting module name: KERNEL32.DLL, version: 6.3.9600.17415, time stamp: 0x545049be
Exception code: 0xc0000005
Fault offset: 0x00016fbb
Faulting process id: 0xa54
Faulting application start time: 0xfsx.exe0
Faulting application path: fsx.exe1
Faulting module path: fsx.exe2
Report Id: fsx.exe3
Faulting package full name: fsx.exe4
Faulting package-relative application ID: fsx.exe5

Error: (07/27/2015 08:35:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fsx.exe, version: 10.0.60905.0, time stamp: 0x44fd0a92
Faulting module name: atiumdag.dll, version: 9.14.10.984, time stamp: 0x52124dd6
Exception code: 0xc0000005
Fault offset: 0x00037ece
Faulting process id: 0x1bd4
Faulting application start time: 0xfsx.exe0
Faulting application path: fsx.exe1
Faulting module path: fsx.exe2
Report Id: fsx.exe3
Faulting package full name: fsx.exe4
Faulting package-relative application ID: fsx.exe5

Error: (07/27/2015 04:52:19 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

System errors:
=============
Error: (08/06/2015 09:47:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (08/06/2015 09:45:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GamesAppIntegrationService service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/06/2015 09:44:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Asus WebStorage Windows Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/06/2015 09:44:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ATKGFNEX Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/06/2015 09:44:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASLDR Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/06/2015 09:44:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/06/2015 09:34:50 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (08/06/2015 09:34:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/06/2015 09:34:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GamesAppIntegrationService service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/06/2015 09:34:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Microsoft Office:
=========================
Error: (08/06/2015 09:20:23 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {1f733db5-c3c3-4779-8034-e579dcd9820c}

Error: (08/06/2015 08:58:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: _iu14D2N.tmp51.52.0.02a425e19IssSurvey.dll1.0.0.90465a0000c0000005000192101a1401d0cfd2446aaa1cC:\Users\tyson\AppData\Local\Temp\_iu14D2N.tmpC:\Program Files (x86)\Spyware Process Detector\Uninstall\IssSurvey.dll8227e68b-3bc5-11e5-8273-7824af23aa57

Error: (08/06/2015 08:57:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: _iu14D2N.tmp51.52.0.02a425e19IssSurvey.dll1.0.0.90465a0000c000000500019210c1401d0cfd225b85e24C:\Users\tyson\AppData\Local\Temp\_iu14D2N.tmpC:\Program Files (x86)\Spyware Process Detector\Uninstall\IssSurvey.dll63923944-3bc5-11e5-8273-7824af23aa57

Error: (08/04/2015 05:59:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792455959290ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85e85801d0ce8b8419751cC:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dllc2860266-3a7e-11e5-8272-7824af23aa57

Error: (07/31/2015 04:44:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RobloxPlayerBeta.exe0.206.0.62132266401d0cb5563cfe537513C:\Users\tyson\AppData\Local\Roblox\Versions\version-f14afd2ae3d44173\RobloxPlayerBeta.exe921fc051-374f-11e5-826f-7824af23aa57

Error: (07/31/2015 04:09:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17840555fe1bbjscript9.dll11.0.9600.17923559457fbc000000500013c3129d801d0cb576388f464C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\jscript9.dllbc9f83c0-374a-11e5-826f-7824af23aa57

Error: (07/30/2015 05:48:19 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/27/2015 08:42:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fsx.exe10.0.60905.044fd0a92KERNEL32.DLL6.3.9600.17415545049bec000000500016fbba5401d0c8581c2b041fC:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exeC:\Windows\SYSTEM32\KERNEL32.DLL21c4fa4d-344c-11e5-826e-7824af23aa57

Error: (07/27/2015 08:35:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fsx.exe10.0.60905.044fd0a92atiumdag.dll9.14.10.98452124dd6c000000500037ece1bd401d0c857b09e8152C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exeC:\Windows\SYSTEM32\atiumdag.dll3c27f56a-344b-11e5-826e-7824af23aa57

Error: (07/27/2015 04:52:19 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

==================== Memory info ===========================

Processor: AMD A8-5550M APU with Radeon™ HD Graphics
Percentage of memory in use: 26%
Total physical RAM: 7378.4 MB
Available physical RAM: 5418.57 MB
Total Virtual: 16594.4 MB
Available Virtual: 14371.67 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:200.35 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:398.07 GB) (Free:397.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: FA5FB210)

Partition: GPT Partition Type.

==================== End of log ============================


  • 0

#13
wiggy01

wiggy01

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi Joe was there anything that I needed to do now? Thanks


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-08-06 09:45 - 2015-06-16 19:35 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-08-06 09:45 - 2015-06-16 19:28 - 00000000 ____D C:\Users\tyson\AppData\Roaming\Lavasoft
2015-08-06 09:45 - 2015-06-16 19:28 - 00000000 ____D C:\ProgramData\Lavasoft
C:\Users\tyson\AppData\Local\Temp\Quarantine.exe
C:\Users\tyson\AppData\Local\Temp\sqlite3.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKU\S-1-5-21-2629672351-3235976141-394711740-1001\...\Run: [spdetector3] => C:\Program Files (x86)\Spyware Process Detector\spd323.exe [435200 2013-03-08] (System  SoftLab)
C:\Program Files (x86)\Spyware Process Detector
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Are you still with me ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP