Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer may be infected, continous issues and errors installing/runni

Started by data_dumb , Sep 22 2015 04:39 PM
office 2013 error message download error message opening documen

  • This topic is locked This topic is locked

#1
data_dumb
Posted 22 September 2015 - 04:39 PM

data_dumb

    Member

  • Member
  • PipPip
  • 42 posts

I initially could not open any windows office files one day for some reason (work, exel, etc.) I uninstalled the program and attempted to reinstall. The installation would not complete, and kept giving me error messages. I checked the FAQ page and could not find the errors that I was receiving. I've ran the fix it tool, chkdsk, tweakign windows tool, ran a McAfee scan for corrupt files, with nothing significant and still am unable to open any office documents (I finally got it to download fully). I uninstalled office again, only for it not to reinstall fully once more, after the 10th time. I tried to repair the microsoft run file and that didn't work either. I am at a loss as to why this program isn't working. Here are my results from FRST64:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by A-TEAM (administrator) on ATEAM (22-09-2015 17:26:52)
Running from C:\Users\A-TEAM\Desktop
Loaded Profiles: A-TEAM (Available Profiles: A-TEAM)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(DoD PKE Engineering) C:\Program Files\DoD-PKE\InstallRoot\InstallRootService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(Spotify Ltd) C:\Users\A-TEAM\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Spotify Ltd) C:\Users\A-TEAM\AppData\Roaming\Spotify\Spotify.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Spotify Ltd) C:\Users\A-TEAM\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\A-TEAM\AppData\Roaming\Spotify\Spotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\AppVShNotify.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-11] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3249384 2015-05-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\Run: [Spotify Web Helper] => C:\Users\A-TEAM\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2025016 2015-09-15] (Spotify Ltd)
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\Run: [Facebook Update] => C:\Users\A-TEAM\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-03] (Facebook Inc.)
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\Run: [Spotify] => C:\Users\A-TEAM\AppData\Roaming\Spotify\Spotify.exe [7571000 2015-09-15] (Spotify Ltd)
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{027CF7D7-4952-4D79-9497-304660F3B912}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7A38CE4B-9F90-4E52-9B27-8BAF8CE03453}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-952693156-1331711187-3647457651-1001 -> DefaultScope {3DA23C33-6C63-4AD1-9995-65AD8B3D92F9} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US550D20150912&p={searchTerms}
SearchScopes: HKU\S-1-5-21-952693156-1331711187-3647457651-1001 -> {3DA23C33-6C63-4AD1-9995-65AD8B3D92F9} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US550D20150912&p={searchTerms}
SearchScopes: HKU\S-1-5-21-952693156-1331711187-3647457651-1001 -> {95E77644-C85D-4E84-AA35-1EAEAF7E753A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-22] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL [2013-10-20] (Symantec Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-22] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Handler-x32: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll [2013-02-03] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\A-TEAM\AppData\Roaming\Mozilla\Firefox\Profiles\fq7i3ocx.default
FF DefaultSearchEngine.US: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-952693156-1331711187-3647457651-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\A-TEAM\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF user.js: detected! => C:\Users\A-TEAM\AppData\Roaming\Mozilla\Firefox\Profiles\fq7i3ocx.default\user.js [2014-01-11]
FF SearchPlugin: C:\Users\A-TEAM\AppData\Roaming\Mozilla\Firefox\Profiles\fq7i3ocx.default\searchplugins\McSiteAdvisor.xml [2015-09-12]
FF Extension: MediaPlayer - C:\Users\A-TEAM\AppData\Roaming\Mozilla\Firefox\Profiles\fq7i3ocx.default\Extensions\[email protected] [2015-06-27]
FF Extension: Pin It Button - C:\Users\A-TEAM\AppData\Roaming\Mozilla\Firefox\Profiles\fq7i3ocx.default\Extensions\[email protected] [2014-12-28]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-09-20]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-09-12]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-20]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-22] (Windows ® Win 7 DDK provider) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-29] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 InstallRoot; C:\Program Files\DoD-PKE\InstallRoot\InstallRootService.exe [755320 2015-02-13] (DoD PKE Engineering)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-09-15] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-15] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2013-10-20] (Symantec Corporation)
S3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2013-10-20] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2013-10-20] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4226560 2014-10-27] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S1 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [169048 2013-10-20] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-29] (Symantec Corporation)
S3 EMVSCARD; C:\Windows\System32\Drivers\EMVSCARD.sys [28544 2006-12-13] (USB Smart Card Reader)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-29] (Symantec Corporation)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [105704 2013-08-16] (GenesysLogic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
S1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2013-10-20] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2013-10-20] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [34800 2013-10-20] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2013-10-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2013-10-20] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SymELAM.sys [23568 2013-10-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-18] (Symantec Corporation)
S1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2013-10-20] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2013-10-20] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155352 2014-01-18] (Symantec Corporation)
R1 Teefer2; C:\Windows\system32\DRIVERS\Teefer.sys [92456 2013-10-20] (Symantec Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S1 BHDrvx64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20150806.012\BHDrvx64.sys [X]
S1 IDSVia64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20150818.011\IDSvia64.sys [X]
S3 NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20150818.025\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20150818.025\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-22 17:26 - 2015-09-22 17:27 - 00023743 _____ C:\Users\A-TEAM\Desktop\FRST.txt
2015-09-22 17:24 - 2015-09-22 17:27 - 00000000 ____D C:\FRST
2015-09-22 17:23 - 2015-09-22 17:23 - 02191360 _____ (Farbar) C:\Users\A-TEAM\Desktop\FRST64.exe
2015-09-22 17:19 - 2015-09-22 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-22 17:06 - 2015-09-22 17:06 - 00197679 _____ C:\Users\A-TEAM\Downloads\ListChkdskResult(1).exe
2015-09-22 16:58 - 2015-09-22 17:07 - 00088304 _____ C:\Users\A-TEAM\Desktop\ListChkdskResult.txt
2015-09-22 16:58 - 2015-09-22 16:58 - 00197679 _____ C:\Users\A-TEAM\Downloads\ListChkdskResult.exe
2015-09-22 16:51 - 2015-09-22 16:51 - 02023693 _____ C:\Users\A-TEAM\Downloads\tweaking.com_registry_backup_portable(1).zip
2015-09-22 16:50 - 2015-09-22 16:51 - 02023693 _____ C:\Users\A-TEAM\Downloads\tweaking.com_registry_backup_portable.zip
2015-09-22 14:45 - 2015-09-22 14:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-09-22 14:40 - 2015-09-22 16:46 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-22 14:30 - 2015-09-22 14:30 - 00003220 _____ C:\Windows\System32\Tasks\{B407D934-4D63-456D-A5E1-AF92D245D7B9}
2015-09-21 13:56 - 2015-09-21 13:56 - 00000000 ____D C:\Users\A-TEAM\Downloads\GT-RockBackingTracks
2015-09-21 13:53 - 2015-09-21 13:55 - 222396474 _____ C:\Users\A-TEAM\Downloads\GT-RockBackingTracks.zip
2015-09-17 18:17 - 2015-09-17 18:17 - 00000000 ____D C:\Users\A-TEAM\Downloads\unclass-installroot_v3-16a
2015-09-17 18:16 - 2015-09-17 18:16 - 01845266 _____ C:\Users\A-TEAM\Downloads\unclass-installroot_v3-16a.zip
2015-09-17 18:12 - 2015-09-17 18:12 - 00003182 _____ C:\Windows\System32\Tasks\{81E004C5-FDE7-44CE-94D1-44533865B703}
2015-09-17 18:11 - 2015-09-17 18:12 - 00958037 _____ C:\Users\A-TEAM\Downloads\HomeUserCertTool_V03 (1).zip
2015-09-17 18:10 - 2015-09-17 18:10 - 00958037 _____ C:\Users\A-TEAM\Downloads\HomeUserCertTool_V03.zip
2015-09-17 18:08 - 2015-09-17 18:08 - 00003170 _____ C:\Windows\System32\Tasks\{8254F302-F0C1-4A0F-BA80-BBD7E62B70C3}
2015-09-17 18:01 - 2015-09-17 18:01 - 00000000 ____D C:\Users\A-TEAM\AppData\Local\DoD-PKE
2015-09-17 18:00 - 2015-09-17 18:00 - 00001174 _____ C:\Users\Public\Desktop\InstallRoot 4.1.lnk
2015-09-17 18:00 - 2015-09-17 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DoD-PKE
2015-09-17 18:00 - 2015-09-17 18:00 - 00000000 ____D C:\Program Files\DoD-PKE
2015-09-17 17:26 - 2015-09-17 17:28 - 20487592 _____ C:\Users\A-TEAM\Downloads\OMPF documents.zip
2015-09-17 08:46 - 2015-09-17 08:46 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0e3a811a26d39
2015-09-16 09:56 - 2015-09-22 16:59 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-09-16 09:42 - 2015-09-22 12:59 - 00000000 ____D C:\Users\A-TEAM\AppData\Roaming\Skype
2015-09-16 09:42 - 2015-09-16 09:42 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-16 09:42 - 2015-09-16 09:42 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-16 09:42 - 2015-09-16 09:42 - 00000000 ____D C:\Users\A-TEAM\AppData\Local\Skype
2015-09-16 09:42 - 2015-09-16 09:42 - 00000000 ____D C:\ProgramData\Skype
2015-09-16 09:42 - 2015-09-16 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-16 09:40 - 2015-09-16 09:40 - 00000000 ____D C:\Program Files\AMD
2015-09-16 09:38 - 2015-01-05 22:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2015-09-16 09:38 - 2015-01-05 21:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2015-09-16 09:38 - 2015-01-05 20:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2015-09-16 09:38 - 2015-01-05 20:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2015-09-16 09:33 - 2015-08-06 14:15 - 01658544 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-16 09:33 - 2015-08-06 14:15 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-09-16 09:33 - 2015-08-06 14:15 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-16 09:33 - 2015-08-06 14:15 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-09-16 09:33 - 2015-08-06 11:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-09-16 09:33 - 2015-08-06 11:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-09-16 09:33 - 2014-11-15 14:05 - 00801584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-09-16 09:33 - 2014-11-15 01:29 - 00962216 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-09-16 09:33 - 2014-11-14 01:57 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-09-16 09:33 - 2014-11-14 00:03 - 00885760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-09-16 09:33 - 2014-11-10 13:06 - 00473408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-09-16 09:33 - 2014-11-09 20:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2015-09-16 09:33 - 2014-11-07 22:58 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2015-09-16 09:33 - 2014-11-07 21:38 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2015-09-16 09:33 - 2014-11-07 20:58 - 04837376 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2015-09-16 09:33 - 2014-11-07 20:49 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2015-09-16 09:33 - 2014-11-06 22:58 - 00952896 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-09-16 09:33 - 2014-11-06 22:20 - 00786120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-09-16 09:33 - 2014-11-04 21:12 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2015-09-16 09:33 - 2014-11-04 20:43 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-09-16 09:33 - 2014-11-04 20:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-09-16 09:33 - 2014-11-04 20:39 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2015-09-16 09:33 - 2014-11-04 20:21 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2015-09-16 09:33 - 2014-11-04 20:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-09-16 09:33 - 2014-11-04 20:06 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2015-09-16 09:33 - 2014-11-04 14:33 - 00058176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2015-09-16 09:33 - 2014-11-04 00:01 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-09-16 09:33 - 2014-10-28 22:05 - 00551232 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-09-16 09:33 - 2014-10-28 20:55 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2015-09-16 09:32 - 2015-08-10 13:15 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-09-16 09:32 - 2015-08-10 13:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-09-16 09:32 - 2015-08-10 13:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-09-16 09:32 - 2015-08-10 12:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-09-16 09:32 - 2015-08-10 11:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-09-16 09:32 - 2015-08-10 11:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-09-16 09:32 - 2015-08-07 16:41 - 07460168 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-16 09:32 - 2015-08-07 16:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-16 09:32 - 2015-08-07 16:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-16 09:32 - 2015-08-07 16:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-16 09:32 - 2015-08-07 16:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-16 09:32 - 2015-08-07 16:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-16 09:32 - 2015-08-07 09:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-16 09:32 - 2015-08-06 12:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2015-09-16 09:32 - 2015-08-06 11:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2015-09-16 09:32 - 2015-04-30 20:13 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2015-09-16 09:32 - 2015-04-30 20:13 - 01488000 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-09-16 09:32 - 2015-04-30 20:13 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2015-09-16 09:32 - 2014-11-17 15:17 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2015-09-16 09:32 - 2014-11-17 15:17 - 00273240 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2015-09-16 09:32 - 2014-11-14 01:54 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2015-09-16 09:32 - 2014-11-14 01:46 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2015-09-16 09:32 - 2014-11-10 13:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-09-16 09:32 - 2014-11-09 21:57 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2015-09-16 09:32 - 2014-11-09 20:08 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2015-09-16 09:32 - 2014-11-09 19:57 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2015-09-16 09:32 - 2014-11-07 23:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2015-09-16 09:32 - 2014-11-07 22:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2015-09-16 09:32 - 2014-11-07 22:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2015-09-16 09:32 - 2014-11-07 22:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2015-09-16 09:32 - 2014-11-07 22:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2015-09-16 09:32 - 2014-11-07 22:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2015-09-16 09:32 - 2014-11-07 22:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2015-09-16 09:32 - 2014-11-07 22:13 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2015-09-16 09:32 - 2014-11-07 21:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2015-09-16 09:32 - 2014-11-07 21:17 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2015-09-16 09:32 - 2014-11-07 21:03 - 00733696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2015-09-16 09:32 - 2014-11-04 21:12 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2015-09-16 09:32 - 2014-11-04 21:06 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2015-09-16 09:32 - 2014-11-04 20:44 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-09-16 09:32 - 2014-11-04 20:39 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2015-09-16 09:32 - 2014-11-04 20:33 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2015-09-16 09:32 - 2014-11-04 20:20 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-09-16 09:32 - 2014-11-04 20:14 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2015-09-16 09:32 - 2014-11-04 01:27 - 00128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2015-09-16 09:32 - 2014-10-28 20:13 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2015-09-16 09:32 - 2014-10-20 20:59 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
2015-09-16 09:32 - 2014-10-20 20:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2015-09-16 09:32 - 2014-10-20 19:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2015-09-16 09:32 - 2014-10-20 19:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2015-09-16 09:32 - 2014-10-20 19:31 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2015-09-16 09:32 - 2014-10-20 19:30 - 01454080 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2015-09-16 09:32 - 2014-10-20 19:20 - 01142272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2015-09-16 09:32 - 2014-10-16 23:56 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2015-09-16 09:32 - 2014-10-16 22:35 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-09-16 09:29 - 2015-08-22 08:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-16 09:29 - 2015-07-16 13:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll
2015-09-16 09:29 - 2015-06-09 17:39 - 00081920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2015-09-16 09:29 - 2015-06-09 17:39 - 00053248 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2015-09-16 09:29 - 2015-06-09 17:38 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-09-15 16:40 - 2015-09-15 16:40 - 00891392 _____ (Farbar) C:\Users\A-TEAM\Downloads\MiniToolBox.exe
2015-09-15 14:50 - 2015-09-15 14:50 - 00000000 ____D C:\Users\A-TEAM\Downloads\tweaking.com_windows_repair_aio(2)
2015-09-15 14:48 - 2015-09-15 14:49 - 18071383 _____ C:\Users\A-TEAM\Downloads\tweaking.com_windows_repair_aio(2).zip
2015-09-12 08:33 - 2015-09-12 08:33 - 00003220 _____ C:\Windows\System32\Tasks\{3CBB94DB-A898-4F7E-A223-A73C7B84A1AD}
2015-09-12 06:48 - 2015-09-12 06:48 - 00001943 _____ C:\Users\Public\Desktop\McAfee Internet Security.lnk
2015-09-12 06:48 - 2015-09-12 06:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-09-12 06:47 - 2015-05-19 13:59 - 00207208 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-09-12 06:46 - 2015-09-12 06:47 - 00003080 _____ C:\Windows\System32\Tasks\McAfeeLogon
2015-09-12 06:46 - 2015-09-12 06:46 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2015-09-12 06:46 - 2015-09-12 06:46 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2015-09-12 06:43 - 2015-09-22 11:37 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-09-12 06:37 - 2015-06-29 10:03 - 00254792 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-09-11 09:53 - 2015-09-11 09:53 - 00000000 ____D C:\Users\A-TEAM\Downloads\tweaking.com_windows_repair_aio(1)
2015-09-11 09:52 - 2015-09-11 09:53 - 18073209 _____ C:\Users\A-TEAM\Downloads\tweaking.com_windows_repair_aio(1).zip
2015-09-10 13:39 - 2015-09-02 21:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-10 13:39 - 2015-09-02 21:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-10 13:39 - 2015-09-02 13:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-10 13:39 - 2015-09-02 12:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-10 13:39 - 2015-07-22 09:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-10 13:39 - 2015-07-22 08:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-10 13:39 - 2015-07-17 09:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-10 13:39 - 2015-07-17 09:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-10 13:39 - 2015-07-13 14:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml
2015-09-10 13:39 - 2015-07-10 14:06 - 00118272 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2015-09-10 13:39 - 2015-07-09 11:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-09-10 13:39 - 2015-07-03 16:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-10 13:39 - 2015-07-03 09:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-09-10 13:39 - 2015-06-27 06:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-10 13:39 - 2015-06-19 12:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-09-10 13:21 - 2015-08-26 21:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-10 13:21 - 2015-08-26 13:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-10 13:21 - 2015-08-26 13:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-10 13:21 - 2015-08-26 13:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-10 13:21 - 2015-08-26 13:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-10 13:21 - 2015-08-26 09:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-10 13:21 - 2015-08-26 09:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-10 13:21 - 2015-08-26 09:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-10 13:21 - 2015-08-26 09:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-10 13:21 - 2015-08-26 09:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-10 13:21 - 2015-08-26 09:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-10 13:21 - 2015-08-26 09:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-10 13:21 - 2015-08-22 13:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-10 13:21 - 2015-08-22 12:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-10 13:21 - 2015-08-22 12:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-10 13:21 - 2015-08-22 12:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-10 13:21 - 2015-08-22 12:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-10 13:21 - 2015-08-22 12:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-10 13:21 - 2015-08-22 11:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-10 13:21 - 2015-08-22 11:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-10 13:21 - 2015-08-22 11:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-10 13:21 - 2015-08-22 11:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-10 13:21 - 2015-08-22 11:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-10 13:21 - 2015-08-22 11:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-10 13:21 - 2015-08-22 11:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-10 13:21 - 2015-08-22 11:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-10 13:21 - 2015-08-22 11:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-10 13:21 - 2015-08-22 11:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-10 13:21 - 2015-08-22 11:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-10 13:21 - 2015-08-22 11:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-10 13:21 - 2015-08-22 11:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-10 13:21 - 2015-08-22 11:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-10 13:21 - 2015-08-22 11:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-10 13:21 - 2015-08-22 11:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-10 13:21 - 2015-08-22 11:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-10 13:21 - 2015-08-22 11:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-10 13:21 - 2015-08-22 11:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-10 13:21 - 2015-08-22 11:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-10 13:21 - 2015-08-22 11:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-10 13:21 - 2015-08-22 10:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-10 13:21 - 2015-08-22 10:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-10 13:21 - 2015-07-30 12:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-10 13:21 - 2015-07-30 11:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-10 13:20 - 2015-09-01 21:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-10 13:20 - 2015-09-01 21:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-10 13:20 - 2015-09-01 21:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-10 13:20 - 2015-09-01 21:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-10 13:20 - 2015-09-01 21:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-10 13:20 - 2015-08-03 16:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-10 13:20 - 2015-08-03 16:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-10 13:20 - 2015-08-01 09:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-10 13:20 - 2015-07-31 22:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-10 13:20 - 2015-07-31 22:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-10 13:20 - 2015-07-31 22:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-10 13:20 - 2015-07-31 22:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-10 13:20 - 2015-07-31 22:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-10 13:20 - 2015-07-22 09:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-10 13:20 - 2015-07-22 09:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-10 13:20 - 2015-07-22 09:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-10 13:20 - 2015-07-22 09:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-10 13:20 - 2015-07-18 13:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-10 13:20 - 2015-07-18 13:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-10 13:20 - 2015-07-18 13:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-10 13:20 - 2015-07-18 13:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-10 13:20 - 2015-07-13 22:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
2015-09-07 14:42 - 2015-09-14 11:27 - 00000000 ____D C:\ProgramData\McAfee
2015-09-06 01:16 - 2015-09-15 13:29 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-952693156-1331711187-3647457651-1001
2015-09-06 01:16 - 2015-09-06 01:16 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-09-05 23:21 - 2015-09-05 23:21 - 00000000 ____D C:\ProgramData\Adobe
2015-09-05 23:16 - 2015-09-05 23:16 - 00000000 ____D C:\ProgramData\ATI
2015-09-05 23:13 - 2015-09-05 23:13 - 00000000 ____D C:\ProgramData\Toshiba
2015-09-05 23:12 - 2015-09-05 23:12 - 00000000 ____D C:\ProgramData\WildTangent
2015-09-05 23:09 - 2015-09-05 23:09 - 00000000 ____D C:\ProgramData\Apple
2015-09-05 23:06 - 2015-09-22 17:00 - 00016514 _____ C:\Windows\PFRO.log
2015-09-05 21:56 - 2015-09-05 21:56 - 00863592 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-09-05 21:22 - 2015-09-05 21:22 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
2015-09-05 21:22 - 2015-09-05 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-05 21:22 - 2015-09-05 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-05 21:22 - 2015-09-05 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-09-05 21:02 - 2015-09-05 21:02 - 00000000 ____D C:\ProgramData\Symantec
2015-09-05 20:49 - 2015-09-16 16:30 - 00000000 __SHD C:\found.000
2015-09-05 20:36 - 2015-09-05 20:36 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ATEAM-Windows-8.1-(64-bit).dat
2015-09-05 20:36 - 2015-09-05 20:36 - 00000000 ____D C:\RegBackup
2015-09-05 20:06 - 2015-09-05 20:06 - 00000000 ____D C:\Users\A-TEAM\Downloads\tweaking.com_windows_repair_aio
2015-09-05 20:04 - 2015-09-05 20:04 - 18024840 _____ C:\Users\A-TEAM\Downloads\tweaking.com_windows_repair_aio.zip
2015-09-05 17:34 - 2015-09-05 17:34 - 00586096 _____ (McAfee, Inc.) C:\Users\A-TEAM\Downloads\MVTInstaller(1).exe
2015-09-05 17:33 - 2015-09-05 17:33 - 00586096 _____ (McAfee, Inc.) C:\Users\A-TEAM\Downloads\MVTInstaller.exe
2015-09-05 17:31 - 2015-09-12 06:47 - 00000000 ____D C:\Program Files\McAfee
2015-09-05 17:31 - 2015-09-12 06:47 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-09-05 17:31 - 2015-09-05 17:31 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-09-05 17:31 - 2015-09-05 17:31 - 00000000 ____D C:\Program Files\McAfee.com
2015-09-05 17:31 - 2015-09-05 17:31 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-05 17:31 - 2015-09-05 17:31 - 00000000 ____D C:\McAfee
2015-09-05 16:11 - 2015-09-05 16:11 - 00000000 ____D C:\McAfee Security Scan
2015-09-05 14:39 - 2015-09-22 17:00 - 00003364 _____ C:\Windows\setupact.log
2015-09-05 14:39 - 2015-09-05 14:39 - 00000000 _____ C:\Windows\setuperr.log
2015-09-04 14:31 - 2015-09-22 13:26 - 01954221 _____ C:\Windows\WindowsUpdate.log
2015-08-30 23:46 - 2015-09-22 17:01 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e3a811a26d39.job
2015-08-28 21:26 - 2015-09-01 12:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-22 17:24 - 2013-12-15 11:35 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-952693156-1331711187-3647457651-1001
2015-09-22 17:23 - 2013-12-19 20:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-22 17:22 - 2014-04-03 20:17 - 00000944 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952693156-1331711187-3647457651-1001UA.job
2015-09-22 17:09 - 2013-12-27 00:47 - 00000000 ____D C:\Users\A-TEAM\AppData\Roaming\Spotify
2015-09-22 17:05 - 2015-01-01 13:09 - 00000000 ____D C:\Users\A-TEAM\OneDrive
2015-09-22 17:04 - 2013-12-27 00:48 - 00000000 ____D C:\Users\A-TEAM\AppData\Local\Spotify
2015-09-22 17:02 - 2013-10-09 02:20 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-22 17:00 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-22 16:59 - 2013-10-09 02:17 - 31356696 _____ C:\Users\Public\CAFADEBUG.log
2015-09-22 16:51 - 2013-10-09 02:20 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-22 16:46 - 2013-12-23 11:59 - 00000000 ____D C:\Users\A-TEAM\AppData\Local\CrashDumps
2015-09-22 16:45 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-22 12:11 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-22 11:44 - 2013-09-12 00:37 - 00765714 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-22 11:36 - 2013-08-22 08:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-09-22 10:35 - 2013-12-26 23:27 - 00000000 ____D C:\Users\A-TEAM\Documents\Anthony
2015-09-22 10:23 - 2013-12-19 20:45 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-20 05:59 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-09-18 16:58 - 2013-12-16 12:42 - 03585024 ___SH C:\Users\A-TEAM\Desktop\Thumbs.db
2015-09-17 20:22 - 2014-04-03 20:17 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952693156-1331711187-3647457651-1001Core.job
2015-09-17 17:11 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2015-09-17 16:10 - 2013-12-19 20:43 - 01620992 ___SH C:\Users\A-TEAM\Downloads\Thumbs.db
2015-09-17 12:34 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2015-09-17 08:46 - 2013-10-09 02:20 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 12:28 - 2015-04-02 22:13 - 00013831 _____ C:\Users\A-TEAM\Desktop\INFO v2.xlsx
2015-09-16 09:55 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2015-09-16 09:55 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\setup
2015-09-14 20:18 - 2015-04-17 19:06 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-14 20:18 - 2015-04-17 19:06 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-12 08:48 - 2013-08-22 09:44 - 00391352 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-12 08:42 - 2013-08-22 14:12 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-12 08:42 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-12 08:31 - 2013-12-23 10:57 - 00000000 ____D C:\Windows\system32\MRT
2015-09-12 06:46 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-09-10 23:15 - 2013-12-15 11:29 - 00000000 ____D C:\Users\A-TEAM
2015-09-10 13:21 - 2015-07-10 08:39 - 00000000 ___HD C:\$Windows.~BT
2015-09-10 13:02 - 2013-09-12 16:58 - 00000000 ____D C:\Windows\Panther
2015-09-05 22:03 - 2013-08-22 08:25 - 00000128 _____ C:\Windows\win.ini
2015-09-05 17:23 - 2013-08-22 08:25 - 00000851 _____ C:\Windows\system32\Drivers\etc\hosts_bak_214
2015-09-05 16:05 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\Recovery
2015-09-01 12:06 - 2013-12-15 18:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-26 18:37 - 2013-12-23 10:56 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some files in TEMP:
====================
C:\Users\A-TEAM\AppData\Local\Temp\McCSPInstall.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-17 11:59

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by A-TEAM (2015-09-22 17:28:58)
Running from C:\Users\A-TEAM\Desktop
Windows 8.1 (X64) (2013-12-15 16:29:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

A-TEAM (S-1-5-21-952693156-1331711187-3647457651-1001 - Administrator - Enabled) => C:\Users\A-TEAM
Administrator (S-1-5-21-952693156-1331711187-3647457651-500 - Administrator - Disabled)
Guest (S-1-5-21-952693156-1331711187-3647457651-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-952693156-1331711187-3647457651-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
FW: Symantec Endpoint Protection (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActivClient CAC x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.0.12510 - Adobe Systems Inc.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{D71FAC89-D061-7BDB-C3C2-A5BAAEA26CBC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.2.0 - Conexant)
DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
ELAN Touchpad 11.8.43.1_X64_WHQL (HKLM\...\Elantech) (Version: 11.8.43.1 - ELAN Microelectronic Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.8 - Genesys Logic)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
InstallRoot (HKLM\...\{A765EB7C-8360-49B8-804D-E2FB6D613C1D}) (Version: 4.1 - DoD PKE)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.161 - McAfee, Inc.)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft S/MIME (HKLM-x32\...\{D932D6AE-786B-4ECD-B6FE-B9C0EB059B3C}) (Version: 14.3.123.2 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MULTIFIT visualization tool (HKLM-x32\...\14AF7854-4BCC-4E9C-927A-849E36B82DDF) (Version: 1.7 - Multi Fit)
Multifit_Elearning (HKLM-x32\...\com.MultifitElearning) (Version: 1.9 - UNKNOWN)
Multifit_Elearning (x32 Version: 1.9 - UNKNOWN) Hidden
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.300 - Qualcomm Atheros)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\Spotify) (Version: 1.0.14.124.g4dfabc51 - Spotify AB)
Symantec Endpoint Protection (HKLM\...\{B53661DC-CD94-4B14-B15F-D9DDCFF72558}) (Version: 12.1.4013.4013 - Symantec Corporation)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 5.0.1.0 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

16-09-2015 09:35:09 Windows Update
17-09-2015 17:59:55 Installed InstallRoot
22-09-2015 10:54:51 Tweaking.com - Windows Repair

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2015-09-07 14:46 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05531ED2-A647-476A-B8FC-87F15216EE28} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
Task: {0C4A0EE1-B66D-47D2-9612-AB0054F74DC6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {1667B438-F0FC-4036-B2C9-F983DDA4CF7A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {1A910B0A-A630-4172-92A2-1159F7494578} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-952693156-1331711187-3647457651-1001
Task: {24873477-0089-43BF-BFD7-16BFD797228B} - System32\Tasks\{3CBB94DB-A898-4F7E-A223-A73C7B84A1AD} => pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -c scenario=Repair platform=x86 culture=en-us
Task: {2E320278-B359-45D6-9FEA-277638C4A6A1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {388703F3-FEB1-400C-875E-27E509E9D385} - System32\Tasks\{81E004C5-FDE7-44CE-94D1-44533865B703} => pcalua.exe -a "C:\Users\A-TEAM\AppData\Local\Temp\Temp1_HomeUserCertTool_V03 (1).zip\HomeUserCertTool_V03.exe"
Task: {49BE9D04-9C1D-40B5-98C6-6A038B81876C} - System32\Tasks\{B407D934-4D63-456D-A5E1-AF92D245D7B9} => pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -c scenario=Repair platform=x86 culture=en-us
Task: {57BD9BB6-9CE8-41A1-ABF3-D7FE7FDA8850} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2013-08-28] ()
Task: {59B7B84D-4002-467C-8383-255BE9DEF924} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {61A02317-A4A3-46E9-B831-0C5C68CDAE3A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {65BDF8DD-A245-4243-91D6-EB685ADA5850} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-952693156-1331711187-3647457651-1001UA => C:\Users\A-TEAM\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-03] (Facebook Inc.)
Task: {74DCC224-7062-45E6-AE8C-572E92D41E3A} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {7EF8CA0C-7F3E-4BDE-8626-14B326399866} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {871A3DF0-BB59-4996-A043-4B7AEDE3FB39} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-952693156-1331711187-3647457651-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {8809BDAB-4180-4D22-96D6-C429E13A7357} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e3a811a26d39 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {8A14202A-1702-4EC7-BB1E-685560681A6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {8A920365-EA94-47E6-957A-8952E6D6084A} - System32\Tasks\{8254F302-F0C1-4A0F-BA80-BBD7E62B70C3} => pcalua.exe -a C:\Users\A-TEAM\AppData\Local\Temp\Temp1_HomeUserCertTool_V03.zip\HomeUserCertTool_V03.exe
Task: {93613264-BCE1-4BC5-8B7B-7BCF3C3052E4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {9F7B112B-4D8E-4DA3-97DF-30469224A55C} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {9FF1C2D1-BE4A-4619-89F3-1FE047FC01DD} - System32\Tasks\{D12B76AB-E78A-49B4-9B4A-D46588A6DF13} => pcalua.exe -a "C:\Users\A-TEAM\Downloads\MULTIFIT visualization tool-1.7-Setup.exe" -d C:\Users\A-TEAM\Downloads
Task: {A0173AEC-CBCE-4813-BA42-65D2ECFA2E4B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {A16B98DC-70DB-4165-8B9F-8BDD67AFBCC7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-952693156-1331711187-3647457651-1001Core => C:\Users\A-TEAM\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-03] (Facebook Inc.)
Task: {A7D13113-9E1C-476F-BFB1-907E8691940D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B34C7142-BAE7-4ED1-9DB0-9FB6095BE2A9} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {B8283746-7A6D-4A3F-8CC4-331B16DF1F29} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952693156-1331711187-3647457651-1001Core.job => C:\Users\A-TEAM\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952693156-1331711187-3647457651-1001UA.job => C:\Users\A-TEAM\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e3a811a26d39.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-22 14:40 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-10 14:54 - 2013-09-10 14:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2015-09-22 14:47 - 2015-09-22 14:47 - 08900672 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-02-13 13:53 - 2015-02-13 13:53 - 00077432 _____ () C:\Program Files\DoD-PKE\InstallRoot\IrTampLib_SWIG_sc.dll
2015-02-13 13:45 - 2015-02-13 13:45 - 03716728 _____ () C:\Program Files\DoD-PKE\InstallRoot\IrTampLib_SWIG_vc.DLL
2013-10-09 02:09 - 2013-08-28 19:08 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-08-01 15:24 - 2013-08-01 15:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2013-08-22 02:19 - 2013-08-22 01:54 - 00174592 _____ () C:\Windows\system32\WinMetadata\Windows.UI.winmd
2013-08-22 02:19 - 2013-08-22 01:54 - 00050176 _____ () C:\Windows\system32\WinMetadata\Windows.Data.winmd
2015-08-02 19:30 - 2015-08-02 19:30 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\b3972424579e18e6699549ecb948c4ef\Windows.Foundation.ni.dll
2015-03-11 20:12 - 2015-09-15 17:12 - 45067320 _____ () C:\Users\A-TEAM\AppData\Roaming\Spotify\libcef.dll
2015-03-11 20:12 - 2015-09-15 17:12 - 01649208 _____ () C:\Users\A-TEAM\AppData\Roaming\Spotify\libglesv2.dll
2015-03-11 20:12 - 2015-09-15 17:11 - 00080952 _____ () C:\Users\A-TEAM\AppData\Roaming\Spotify\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\A-TEAM\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-952693156-1331711187-3647457651-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\A-TEAM\Desktop\10494674_10152290541721523_808374366938200630_n.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "FastMediaConverter.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{F84C435C-C90F-4760-A596-176E8827D5B2}C:\users\a-team\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\a-team\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7C9E5FAC-B5F7-4D51-983D-FB7CE8283036}C:\users\a-team\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\a-team\appdata\roaming\spotify\spotify.exe
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3D9BCA5A-702D-4688-8A5F-603450D65043}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/22/2015 05:21:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 15.0.4753.1003, time stamp: 0x55f34d8b
Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x54504b2e
Exception code: 0xc0000005
Fault offset: 0x0000b46c
Faulting process id: 0x1008
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3
Faulting package full name: WINWORD.EXE4
Faulting package-relative application ID: WINWORD.EXE5

Error: (09/22/2015 05:21:22 PM) (Source: Microsoft Office 15) (EventID: 2000) (User: )
Description: Microsoft Word: Accepted Safe Mode action : Word couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.

Do you want to start in safe mode?.
Accepted Safe Mode action : Microsoft Word.

Error: (09/22/2015 05:20:03 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.

Error: (09/22/2015 05:20:03 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (09/22/2015 05:20:03 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Error: (09/22/2015 05:19:06 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: ATEAM)
Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down.

Error: (09/22/2015 05:06:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McUpdate.exe, version: 14.0.4121.0, time stamp: 0x55d7828e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x68c
Faulting application start time: 0xMcUpdate.exe0
Faulting application path: McUpdate.exe1
Faulting module path: McUpdate.exe2
Report Id: McUpdate.exe3
Faulting package full name: McUpdate.exe4
Faulting package-relative application ID: McUpdate.exe5

Error: (09/22/2015 05:05:16 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (09/22/2015 05:02:54 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.

Error: (09/22/2015 05:02:53 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog


System errors:
=============
Error: (09/22/2015 05:03:03 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (09/22/2015 05:02:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
%%577

Error: (09/22/2015 05:00:58 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (09/22/2015 05:00:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WWAN AutoConfig service terminated with the following error:
%%5

Error: (09/22/2015 05:00:15 PM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.

Error: (09/22/2015 11:39:59 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (09/22/2015 11:39:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
%%577

Error: (09/22/2015 11:37:50 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (09/22/2015 11:37:41 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WWAN AutoConfig service terminated with the following error:
%%5

Error: (09/22/2015 11:37:03 AM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.


CodeIntegrity:
===================================
  Date: 2015-09-22 17:02:50.556
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-22 11:39:58.129
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-16 09:57:59.653
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-15 17:10:34.513
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-15 14:33:18.043
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-12 08:48:29.814
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-10 23:17:16.676
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-07 15:34:13.537
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-07 14:52:22.299
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-05 23:24:40.248
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A10-5750M APU with Radeon™ HD Graphics
Percentage of memory in use: 31%
Total physical RAM: 7374.26 MB
Available physical RAM: 5068.97 MB
Total Virtual: 8526.26 MB
Available Virtual: 5909.04 MB

==================== Drives ================================

Drive c: (TI10675800F) (Fixed) (Total:922.19 GB) (Free:854.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

Advertisements

#2
dbreeze
Posted 22 September 2015 - 07:54 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

:welcome:

Hi data_dumb,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


- Save ALL Tools to your Desktop-

 

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab.  Thank you.

Let's get started....
 

 

 

Just a quick note right now (I will return with more when I finish reviewing your log) but you have two full featured AV Suites installed.

You should uninstall both suites and then reinstall the current active one; from the logs it looks as though Symantec is expired and McAfee is the current active product.

 

McAfee Uninstall information

Symantec Uninstall information

 

Both locations have information about how to properly re-install their product.

 

Let me know when you have finished these steps and what product you decided to use.  I will continue from there.  Thanks.


  • 0

#3
data_dumb
Posted 23 September 2015 - 10:02 AM

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

I have uninstalled both, and reinstalled McAfee. Standing by for further instructions.


  • 0

#4
dbreeze
Posted 23 September 2015 - 08:32 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

That should help the system a lot. Moving on ....


Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-952693156-1331711187-3647457651-1001 -> DefaultScope {3DA23C33-6C63-4AD1-9995-65AD8B3D92F9} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US550D20150912&p={searchTerms}
SearchScopes: HKU\S-1-5-21-952693156-1331711187-3647457651-1001 -> {3DA23C33-6C63-4AD1-9995-65AD8B3D92F9} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US550D20150912&p={searchTerms}
SearchScopes: HKU\S-1-5-21-952693156-1331711187-3647457651-1001 -> {95E77644-C85D-4E84-AA35-1EAEAF7E753A} URL =
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL [2013-10-20] (Symantec Corporation)
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF user.js: detected! => C:\Users\A-TEAM\AppData\Roaming\Mozilla\Firefox\Profiles\fq7i3ocx.default\user.js [2014-01-11]
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2013-10-20] (Symantec Corporation)
S3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2013-10-20] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2013-10-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-29] (Symantec Corporation)
C:\Program Files (x86)\Common Files\Symantec Shared
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-29] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2013-10-20] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2013-10-20] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [34800 2013-10-20] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2013-10-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2013-10-20] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SymELAM.sys [23568 2013-10-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-18] (Symantec Corporation)
S1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2013-10-20] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2013-10-20] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155352 2014-01-18] (Symantec Corporation)
R1 Teefer2; C:\Windows\system32\DRIVERS\Teefer.sys [92456 2013-10-20] (Symantec Corporation)
S1 BHDrvx64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20150806.012\BHDrvx64.sys [X]
S1 IDSVia64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20150818.011\IDSvia64.sys [X]
S3 NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20150818.025\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20150818.025\EX64.SYS [X]
C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS
C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS
C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS
C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS
C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SymELAM.sys
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS
C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS
C:\Windows\System32\Drivers\SysPlant.sys
C:\Windows\system32\DRIVERS\Teefer.sys
2015-09-10 13:39 - 2015-07-13 14:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml
2015-09-05 21:02 - 2015-09-05 21:02 - 00000000 ____D C:\ProgramData\Symantec
C:\Users\A-TEAM\AppData\Local\Temp\McCSPInstall.dll
Task: {24873477-0089-43BF-BFD7-16BFD797228B} - System32\Tasks\{3CBB94DB-A898-4F7E-A223-A73C7B84A1AD} => pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -c scenario=Repair platform=x86 culture=en-us
Task: {388703F3-FEB1-400C-875E-27E509E9D385} - System32\Tasks\{81E004C5-FDE7-44CE-94D1-44533865B703} => pcalua.exe -a "C:\Users\A-TEAM\AppData\Local\Temp\Temp1_HomeUserCertTool_V03 (1).zip\HomeUserCertTool_V03.exe"
Task: {49BE9D04-9C1D-40B5-98C6-6A038B81876C} - System32\Tasks\{B407D934-4D63-456D-A5E1-AF92D245D7B9} => pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -c scenario=Repair platform=x86 culture=en-us
Task: {8A920365-EA94-47E6-957A-8952E6D6084A} - System32\Tasks\{8254F302-F0C1-4A0F-BA80-BBD7E62B70C3} => pcalua.exe -a C:\Users\A-TEAM\AppData\Local\Temp\Temp1_HomeUserCertTool_V03.zip\HomeUserCertTool_V03.exe
Task: {9FF1C2D1-BE4A-4619-89F3-1FE047FC01DD} - System32\Tasks\{D12B76AB-E78A-49B4-9B4A-D46588A6DF13} => pcalua.exe -a "C:\Users\A-TEAM\Downloads\MULTIFIT visualization tool-1.7-Setup.exe" -d C:\Users\A-TEAM\Downloads
Task: {B8283746-7A6D-4A3F-8CC4-331B16DF1F29} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
C:\Program Files (x86)\Norton Anti-Theft
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


  • 0

#5
data_dumb
Posted 24 September 2015 - 08:54 AM

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by A-TEAM (2015-09-24 09:40:37) Run:1
Running from C:\Users\A-TEAM\Desktop
Loaded Profiles: A-TEAM (Available Profiles: A-TEAM)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-952693156-1331711187-3647457651-1001 -> DefaultScope {3DA23C33-6C63-4AD1-9995-65AD8B3D92F9} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US550D20150912&p={searchTerms}
SearchScopes: HKU\S-1-5-21-952693156-1331711187-3647457651-1001 -> {3DA23C33-6C63-4AD1-9995-65AD8B3D92F9} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US550D20150912&p={searchTerms}
SearchScopes: HKU\S-1-5-21-952693156-1331711187-3647457651-1001 -> {95E77644-C85D-4E84-AA35-1EAEAF7E753A} URL =
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL [2013-10-20] (Symantec Corporation)
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF user.js: detected! => C:\Users\A-TEAM\AppData\Roaming\Mozilla\Firefox\Profiles\fq7i3ocx.default\user.js [2014-01-11]
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2013-10-20] (Symantec Corporation)
S3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2013-10-20] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2013-10-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-29] (Symantec Corporation)
C:\Program Files (x86)\Common Files\Symantec Shared
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-29] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2013-10-20] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2013-10-20] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [34800 2013-10-20] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2013-10-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2013-10-20] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SymELAM.sys [23568 2013-10-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-18] (Symantec Corporation)
S1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2013-10-20] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2013-10-20] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155352 2014-01-18] (Symantec Corporation)
R1 Teefer2; C:\Windows\system32\DRIVERS\Teefer.sys [92456 2013-10-20] (Symantec Corporation)
S1 BHDrvx64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20150806.012\BHDrvx64.sys [X]
S1 IDSVia64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20150818.011\IDSvia64.sys [X]
S3 NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20150818.025\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20150818.025\EX64.SYS [X]
C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS
C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS
C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS
C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS
C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SymELAM.sys
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS
C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS
C:\Windows\System32\Drivers\SysPlant.sys
C:\Windows\system32\DRIVERS\Teefer.sys
2015-09-10 13:39 - 2015-07-13 14:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml
2015-09-05 21:02 - 2015-09-05 21:02 - 00000000 ____D C:\ProgramData\Symantec
C:\Users\A-TEAM\AppData\Local\Temp\McCSPInstall.dll
Task: {24873477-0089-43BF-BFD7-16BFD797228B} - System32\Tasks\{3CBB94DB-A898-4F7E-A223-A73C7B84A1AD} => pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -c scenario=Repair platform=x86 culture=en-us
Task: {388703F3-FEB1-400C-875E-27E509E9D385} - System32\Tasks\{81E004C5-FDE7-44CE-94D1-44533865B703} => pcalua.exe -a "C:\Users\A-TEAM\AppData\Local\Temp\Temp1_HomeUserCertTool_V03 (1).zip\HomeUserCertTool_V03.exe"
Task: {49BE9D04-9C1D-40B5-98C6-6A038B81876C} - System32\Tasks\{B407D934-4D63-456D-A5E1-AF92D245D7B9} => pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -c scenario=Repair platform=x86 culture=en-us
Task: {8A920365-EA94-47E6-957A-8952E6D6084A} - System32\Tasks\{8254F302-F0C1-4A0F-BA80-BBD7E62B70C3} => pcalua.exe -a C:\Users\A-TEAM\AppData\Local\Temp\Temp1_HomeUserCertTool_V03.zip\HomeUserCertTool_V03.exe
Task: {9FF1C2D1-BE4A-4619-89F3-1FE047FC01DD} - System32\Tasks\{D12B76AB-E78A-49B4-9B4A-D46588A6DF13} => pcalua.exe -a "C:\Users\A-TEAM\Downloads\MULTIFIT visualization tool-1.7-Setup.exe" -d C:\Users\A-TEAM\Downloads
Task: {B8283746-7A6D-4A3F-8CC4-331B16DF1F29} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
C:\Program Files (x86)\Norton Anti-Theft
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3DA23C33-6C63-4AD1-9995-65AD8B3D92F9}" => key removed successfully
HKCR\CLSID\{3DA23C33-6C63-4AD1-9995-65AD8B3D92F9} => key not found.
"HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95E77644-C85D-4E84-AA35-1EAEAF7E753A}" => key removed successfully
HKCR\CLSID\{95E77644-C85D-4E84-AA35-1EAEAF7E753A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found.
HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found.
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection" => File/Folder not found.
Firefox SearchEngineOrder.1 removed successfully
Firefox SelectedSearchEngine removed successfully
C:\Users\A-TEAM\AppData\Roaming\Mozilla\Firefox\Profiles\fq7i3ocx.default\user.js => moved successfully
SepMasterService => service not found.
SmcService => service not found.
SNAC => service not found.
eeCtrl => service not found.
"C:\Program Files (x86)\Common Files\Symantec Shared" => File/Folder not found.
EraserUtilRebootDrv => service not found.
SRTSP => service not found.
SRTSPX => service not found.
SyDvCtrl => service not found.
SymDS => service not found.
SymEFA => service not found.
SymELAM => service not found.
SymEvent => service not found.
SymIRON => service not found.
SYMNETS => service not found.
SysPlant => service not found.
Teefer2 => service not found.
BHDrvx64 => service not found.
IDSVia64 => service not found.
NAVENG => service not found.
NAVEX15 => service not found.
"C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS" => File/Folder not found.
"C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS" => File/Folder not found.
"C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS" => File/Folder not found.
"C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS" => File/Folder not found.
"C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SymELAM.sys" => File/Folder not found.
"C:\Windows\system32\Drivers\SYMEVENT64x86.SYS" => File/Folder not found.
"C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS" => File/Folder not found.
"C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS" => File/Folder not found.
"C:\Windows\System32\Drivers\SysPlant.sys" => File/Folder not found.
"C:\Windows\system32\DRIVERS\Teefer.sys" => File/Folder not found.
C:\Windows\system32\ApnDatabase.xml => moved successfully
"C:\ProgramData\Symantec" => File/Folder not found.
C:\Users\A-TEAM\AppData\Local\Temp\McCSPInstall.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24873477-0089-43BF-BFD7-16BFD797228B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24873477-0089-43BF-BFD7-16BFD797228B}" => key removed successfully
C:\Windows\System32\Tasks\{3CBB94DB-A898-4F7E-A223-A73C7B84A1AD} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3CBB94DB-A898-4F7E-A223-A73C7B84A1AD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{388703F3-FEB1-400C-875E-27E509E9D385}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{388703F3-FEB1-400C-875E-27E509E9D385}" => key removed successfully
C:\Windows\System32\Tasks\{81E004C5-FDE7-44CE-94D1-44533865B703} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{81E004C5-FDE7-44CE-94D1-44533865B703}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49BE9D04-9C1D-40B5-98C6-6A038B81876C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49BE9D04-9C1D-40B5-98C6-6A038B81876C}" => key removed successfully
C:\Windows\System32\Tasks\{B407D934-4D63-456D-A5E1-AF92D245D7B9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B407D934-4D63-456D-A5E1-AF92D245D7B9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A920365-EA94-47E6-957A-8952E6D6084A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A920365-EA94-47E6-957A-8952E6D6084A}" => key removed successfully
C:\Windows\System32\Tasks\{8254F302-F0C1-4A0F-BA80-BBD7E62B70C3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8254F302-F0C1-4A0F-BA80-BBD7E62B70C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FF1C2D1-BE4A-4619-89F3-1FE047FC01DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FF1C2D1-BE4A-4619-89F3-1FE047FC01DD}" => key removed successfully
C:\Windows\System32\Tasks\{D12B76AB-E78A-49B4-9B4A-D46588A6DF13} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D12B76AB-E78A-49B4-9B4A-D46588A6DF13}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8283746-7A6D-4A3F-8CC4-331B16DF1F29}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8283746-7A6D-4A3F-8CC4-331B16DF1F29}" => key removed successfully
C:\Windows\System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Anti-Theft\Norton Error Analyzer" => key removed successfully
"C:\Program Files (x86)\Norton Anti-Theft" => File/Folder not found.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 843.6 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 09:43:55 ====


  • 0

#6
data_dumb
Posted 24 September 2015 - 08:57 AM

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

I'm not sure why it's still showing symantec. I uninstalled that program last night. There were still folders in my C: drive that were labeled symantec. I followed all instructions for uninstallation. I know that may be a separate issue, but wanted you to know that the attempt was made, of which I thought was successful.

 

EDIT:

 

I just looked through my C: drive and found a folder called  'Symsilent' with an application in it of the same name. I deleted the folder, with non issues, as far as I can tell.


Edited by data_dumb, 24 September 2015 - 09:02 AM.

  • 0

#7
dbreeze
Posted 24 September 2015 - 11:08 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

That looks good so far; seems that Symantec / Norton processes are no longer on the system.  Let's check for some system errors now and then see about MS Office.

 

 

Please run a CHKDSK scan on this system and report the findings.  To do this ....
 
Click Start > type cmd in the Search programs and files box.  Right click on the cmd.exe and select Run as Administrator.
Start%20cmd%20steps%20numbered_zpsreuu9r
 
 
In the Windows Command Processor window, type the following and press Enter.
 
chkdsk C: /f
 
(Notice the spacing in the command string).

Please answer Y or y to the question about scheduling the scan for the next system restart.  Then close the cmd window (you can type Exit and press enter to do so) and reboot the system.
 
The chkdsk routine should pause the restart of the system to run its routine (chkdsk does this because it needs complete access to the hard drive) and then allows the system to finish the start up processing.
 
Once the system is started, collect the log file by using the steps below ...
 
ListChkdskResult.png Scan with ListChkDskResult

Please download ListChkDskResult by SleepyDude and save it to your desktop.

  • Right-click on ListChkdskResult.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • A message about checking Windows Event Log will pop-up. Click OK.
  • Wait patiently until a notepad window will open. This won't take long.
  • The displayed logfile will be also saved to your desktop as ListChkDskResult.txt.

Please include the content of this file in your next reply.


 

 


  • 0

#8
data_dumb
Posted 25 September 2015 - 07:47 AM

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 9/25/2015 8:41:17 AM >------
Category: 0
Computer Name: ATeam
Event Code: 1001
Record Number: 110446
Source Name: Microsoft-Windows-Wininit
Time Written: 09-25-2015 @ 13:38:38
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is TI10675800F.


A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  299520 file records processed.                                                        

File verification completed.
  8375 large file records processed.                                   

  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
  389784 index entries processed.                                                       

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      


Stage 3: Examining security descriptors ...
Cleaning up 2534 unused index entries from index $SII of file 0x9.
Cleaning up 2534 unused index entries from index $SDH of file 0x9.
Cleaning up 2534 unused security descriptors.
Security descriptor verification completed.
  45133 data files processed.                                           

CHKDSK is verifying Usn Journal...
  36077672 USN bytes processed.                                                           

Usn Journal verification completed.

Windows has scanned the file system and found no problems.
No further action is required.

 966981631 KB total disk space.
  70902704 KB in 192118 files.
    139588 KB in 45134 indexes.
         0 KB in bad sectors.
    436655 KB in use by the system.
     65536 KB occupied by the log file.
 895502684 KB available on disk.

      4096 bytes in each allocation unit.
 241745407 total allocation units on disk.
 223875671 allocation units available on disk.

Internal Info:
00 92 04 00 cc 9e 03 00 e5 f6 06 00 00 00 00 00  ................
16 05 00 00 57 00 00 00 00 00 00 00 00 00 00 00  ....W...........

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26212
Record Number: 109706
Source Name: Chkdsk
Time Written: 09-22-2015 @ 21:54:59
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode on a volume snapshot.  

Checking file system on C:
The type of the file system is NTFS.
Volume label is TI10675800F.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...
                                                                                       
                                                                                       
  299520 file records processed.                                                        

File verification completed.
                                                                                       
                                                                                       
  8378 large file records processed.                                   

                                                                                       
                                                                                       
  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
                                                                                       
                                                                                       
  390678 index entries processed.                                                       

Index verification completed.
                                                                                       
                                                                                       
  0 unindexed files scanned.                                        

                                                                                       
                                                                                       
  0 unindexed files recovered.                                      


Stage 3: Examining security descriptors ...
Security descriptor verification completed.
                                                                                       
                                                                                       
  45580 data files processed.                                           

CHKDSK is verifying Usn Journal...
                                                                                       
                                                                                       
  39333872 USN bytes processed.                                                           

Usn Journal verification completed.

Windows has scanned the file system and found no problems.
No further action is required.

 966981631 KB total disk space.
  70302408 KB in 200822 files.
    152056 KB in 45581 indexes.
         0 KB in bad sectors.
    439971 KB in use by the system.
     65536 KB occupied by the log file.
 896087196 KB available on disk.

      4096 bytes in each allocation unit.
 241745407 total allocation units on disk.
 224021799 allocation units available on disk.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26212
Record Number: 105574
Source Name: Chkdsk
Time Written: 09-15-2015 @ 20:04:03
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode on a volume snapshot.  

Checking file system on C:
The type of the file system is NTFS.
Volume label is TI10675800F.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...
                                                                                       
                                                                                       
  299520 file records processed.                                                        

File verification completed.
                                                                                       
                                                                                       
  8269 large file records processed.                                   

                                                                                       
                                                                                       
  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
                                                                                       
                                                                                       
  390188 index entries processed.                                                       

Index verification completed.
                                                                                       
                                                                                       
  0 unindexed files scanned.                                        

                                                                                       
                                                                                       
  0 unindexed files recovered.                                      


Stage 3: Examining security descriptors ...
Security descriptor verification completed.
                                                                                       
                                                                                       
  45335 data files processed.                                           

CHKDSK is verifying Usn Journal...
                                                                                       
                                                                                       
  34517952 USN bytes processed.                                                           

Usn Journal verification completed.

Windows has scanned the file system and found no problems.
No further action is required.

 966981631 KB total disk space.
  66116684 KB in 203931 files.
    151124 KB in 45336 indexes.
         0 KB in bad sectors.
    434487 KB in use by the system.
     65536 KB occupied by the log file.
 900279336 KB available on disk.

      4096 bytes in each allocation unit.
 241745407 total allocation units on disk.
 225069834 allocation units available on disk.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26212
Record Number: 96118
Source Name: Chkdsk
Time Written: 09-11-2015 @ 15:07:53
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode on a volume snapshot.  

Checking file system on C:
The type of the file system is NTFS.
Volume label is TI10675800F.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...
                                                                                       
                                                                                       
  299520 file records processed.                                                        

File verification completed.
                                                                                       
                                                                                       
  8137 large file records processed.                                   

                                                                                       
                                                                                       
  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
                                                                                       
                                                                                       
  390262 index entries processed.                                                       

Index verification completed.
                                                                                       
                                                                                       
  0 unindexed files scanned.                                        

                                                                                       
                                                                                       
  0 unindexed files recovered.                                      


Stage 3: Examining security descriptors ...
Security descriptor verification completed.
                                                                                       
                                                                                       
  45372 data files processed.                                           

CHKDSK is verifying Usn Journal...
                                                                                       
                                                                                       
  33672896 USN bytes processed.                                                           

Usn Journal verification completed.

Windows has scanned the file system and found no problems.
No further action is required.

 966981631 KB total disk space.
  70720432 KB in 204004 files.
    151540 KB in 45373 indexes.
         0 KB in bad sectors.
    433691 KB in use by the system.
     65536 KB occupied by the log file.
 895675968 KB available on disk.

      4096 bytes in each allocation unit.
 241745407 total allocation units on disk.
 223918992 allocation units available on disk.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26213
Record Number: 95036
Source Name: Chkdsk
Time Written: 09-07-2015 @ 20:07:51
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode.  A volume snapshot was not used. Extra errors and warnings may be reported as the volume may have changed during the chkdsk run.  

Checking file system on C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is TI10675800F.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...
                                                                                       
                                                                                       
  299520 file records processed.                                                        

File verification completed.
                                                                                       
                                                                                       
  8040 large file records processed.                                   

                                                                                       
                                                                                       
  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
                                                                                       
                                                                                       
  388812 index entries processed.                                                       

Index verification completed.
                                                                                       
                                                                                       
  0 unindexed files scanned.                                        

                                                                                       
                                                                                       
  0 unindexed files recovered.                                      


Stage 3: Examining security descriptors ...
Security descriptor verification completed.
                                                                                       
                                                                                       
  44647 data files processed.                                           

CHKDSK is verifying Usn Journal...
                                                                                       
                                                                                       
  40718512 USN bytes processed.                                                           

Usn Journal verification completed.
The master file table's (MFT) BITMAP attribute is incorrect.
The Volume Bitmap is incorrect.
Windows has checked the file system and found problems.
Please run chkdsk /scan to find the problems and queue them for repair.

 966981631 KB total disk space.
  63167736 KB in 192377 files.
    144572 KB in 44648 indexes.
         0 KB in bad sectors.
    440847 KB in use by the system.
     65536 KB occupied by the log file.
 903228476 KB available on disk.

      4096 bytes in each allocation unit.
 241745407 total allocation units on disk.
 225807119 allocation units available on disk.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 1001
Record Number: 93488
Source Name: Microsoft-Windows-Wininit
Time Written: 09-06-2015 @ 01:52:04
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is TI10675800F.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  299520 file records processed.                                                        

File verification completed.
Deleting orphan file record segment 1336.
Deleting orphan file record segment 1337.
Deleting orphan file record segment 1339.
Deleting orphan file record segment 3272.
Deleting orphan file record segment 3273.
Deleting orphan file record segment 3274.
Deleting orphan file record segment 3275.
Deleting orphan file record segment 100748.
Deleting orphan file record segment 100749.
Deleting orphan file record segment 100750.
Deleting orphan file record segment 100751.
  8055 large file records processed.                                   

  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
Index entry ProgramData of index $I30 in file 0x5 points to unused file 0xcca.
Deleting index entry ProgramData in index $I30 of file 5.
Index entry PROGRA~3 of index $I30 in file 0x5 points to unused file 0xcca.
Deleting index entry PROGRA~3 in index $I30 of file 5.
Index entry en_US of index $I30 in file 0x537 points to unused file 0x538.
Deleting index entry en_US in index $I30 of file 1335.
Index entry WindowsPowerShell of index $I30 in file 0x9c0 points to unused file 0xcc8.
Deleting index entry WindowsPowerShell in index $I30 of file 2496.
Index entry WINDOW~1 of index $I30 in file 0x9c0 points to unused file 0xcc8.
Deleting index entry WINDOW~1 in index $I30 of file 2496.
Index entry f_0009c0 of index $I30 in file 0x2709 points to unused file 0x53b.
Deleting index entry f_0009c0 in index $I30 of file 9993.
Index entry {3276EE86-F5C6-42C2-AF04-107E8E87BA87}.bin of index $I30 in file 0x295b points to unused file 0x1898e.
Deleting index entry {3276EE86-F5C6-42C2-AF04-107E8E87BA87}.bin in index $I30 of file 10587.
Index entry {3276E~1.BIN of index $I30 in file 0x295b points to unused file 0x1898e.
Deleting index entry {3276E~1.BIN in index $I30 of file 10587.
Index entry SM178E~1.P7S of index $I30 in file 0x15438 points to unused file 0x539.
Deleting index entry SM178E~1.P7S in index $I30 of file 87096.
Index entry smime (8).p7s of index $I30 in file 0x15438 points to unused file 0x539.
Deleting index entry smime (8).p7s in index $I30 of file 87096.
Index entry Shared.AppButton_8_1_RP-591615d7.xaml of index $I30 in file 0x1cd44 points to unused file 0x1898c.
Deleting index entry Shared.AppButton_8_1_RP-591615d7.xaml in index $I30 of file 118084.
Index entry SHARED~1.XAM of index $I30 in file 0x1cd44 points to unused file 0x1898c.
Deleting index entry SHARED~1.XAM in index $I30 of file 118084.
Index entry NutritionAtoZ.js of index $I30 in file 0x3b509 points to unused file 0x1898d.
Deleting index entry NutritionAtoZ.js in index $I30 of file 242953.
Index entry ExerciseDetailsDataProvider.js of index $I30 in file 0x3b51f points to unused file 0x1898f.
Deleting index entry ExerciseDetailsDataProvider.js in index $I30 of file 242975.
  385818 index entries processed.                                                       

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
  34 unindexed files scanned.                                        

CHKDSK is recovering remaining unindexed files.
  34 unindexed files recovered.                                      


Stage 3: Examining security descriptors ...
Cleaning up 2305 unused index entries from index $SII of file 0x9.
Cleaning up 2305 unused index entries from index $SDH of file 0x9.
Cleaning up 2305 unused security descriptors.
Security descriptor verification completed.
  43150 data files processed.                                           

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.
No further action is required.

 966981631 KB total disk space.
  61314832 KB in 190905 files.
    143508 KB in 43154 indexes.
         0 KB in bad sectors.
    399619 KB in use by the system.
     65536 KB occupied by the log file.
 905123672 KB available on disk.

      4096 bytes in each allocation unit.
 241745407 total allocation units on disk.
 226280918 allocation units available on disk.

Internal Info:
00 92 04 00 50 92 03 00 96 ed 06 00 00 00 00 00  ....P...........
dd 02 00 00 56 00 00 00 00 00 00 00 00 00 00 00  ....V...........

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26213
Record Number: 93409
Source Name: Chkdsk
Time Written: 09-06-2015 @ 01:27:11
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode.  A volume snapshot was not used. Extra errors and warnings may be reported as the volume may have changed during the chkdsk run.  

Checking file system on C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is TI10675800F.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...
                                                                                       
                                                                                       
  299520 file records processed.                                                        

File verification completed.
File record segment 1336 is an orphan.
File record segment 1337 is an orphan.
File record segment 1339 is an orphan.
File record segment 3272 is an orphan.
File record segment 3273 is an orphan.
File record segment 3274 is an orphan.
File record segment 3275 is an orphan.
File record segment 100748 is an orphan.
File record segment 100749 is an orphan.
File record segment 100750 is an orphan.
File record segment 100751 is an orphan.
                                                                                       
                                                                                       
  8055 large file records processed.                                   


Errors found.  CHKDSK cannot continue in read-only mode.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 93375
Source Name: Chkdsk
Time Written: 09-06-2015 @ 01:12:54
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x1,0xcc8>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 93372
Source Name: Chkdsk
Time Written: 09-06-2015 @ 01:12:39
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x6,0x538>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 93365
Source Name: Chkdsk
Time Written: 09-06-2015 @ 01:10:37
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x3e,0x1898e>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 93364
Source Name: Chkdsk
Time Written: 09-06-2015 @ 01:10:21
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 3 corruption records ...

Record 1 of 3: Corrupt File "<0x1,0xcca>" ... no corruption found.

Record 2 of 3: Corrupt File "<0x1,0xcca>" ... no corruption found.

Record 3 of 3: Corrupt File "<0xe6,0x53b>" ... no corruption found.

3 corruption records processed in 0.2 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 93056
Source Name: Chkdsk
Time Written: 09-05-2015 @ 23:50:12
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0xe6,0x53b>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 93002
Source Name: Chkdsk
Time Written: 09-05-2015 @ 23:29:05
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 2 corruption records ...

Record 1 of 2: Corrupt File "<0x1,0xcca>" ... no corruption found.

Record 2 of 2: Corrupt File "<0x3e,0x1898e>" ... no corruption found.

2 corruption records processed in 0.2 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 92931
Source Name: Chkdsk
Time Written: 09-05-2015 @ 23:17:13
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0xe6,0x53b>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 92868
Source Name: Chkdsk
Time Written: 09-05-2015 @ 22:59:49
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 2 corruption records ...

Record 1 of 2: Corrupt File "<0x1,0xcca>" ... no corruption found.

Record 2 of 2: Corrupt File "<0x3e,0x1898e>" ... no corruption found.

2 corruption records processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 92666
Source Name: Chkdsk
Time Written: 09-05-2015 @ 22:07:47
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolumeShadowCopy21
The specified object was not found.

A snapshot error occured while scanning this drive. Run an offline scan and fix.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 92616
Source Name: Chkdsk
Time Written: 09-05-2015 @ 21:47:31
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x6,0x538>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 92567
Source Name: Chkdsk
Time Written: 09-05-2015 @ 21:28:32
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0xe6,0x53b>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 92497
Source Name: Chkdsk
Time Written: 09-05-2015 @ 21:05:34
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 2 corruption records ...

Record 1 of 2: Corrupt File "<0x1,0xcca>" ... no corruption found.

Record 2 of 2: Corrupt File "<0x3e,0x1898e>" ... no corruption found.

2 corruption records processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 92423
Source Name: Chkdsk
Time Written: 09-05-2015 @ 20:57:06
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 2 corruption records ...

Record 1 of 2: Corrupt File "<0x1,0xcca>" ... no corruption found.

Record 2 of 2: Corrupt File "<0x3e,0x1898e>" ... no corruption found.

2 corruption records processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 92356
Source Name: Chkdsk
Time Written: 09-05-2015 @ 20:52:29
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 2 corruption records ...

Record 1 of 2: Corrupt File "<0x1,0xcca>" ... no corruption found.

Record 2 of 2: Corrupt File "<0x3e,0x1898e>" ... no corruption found.

2 corruption records processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 92242
Source Name: Chkdsk
Time Written: 09-05-2015 @ 20:27:40
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0xe6,0x53b>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 92203
Source Name: Chkdsk
Time Written: 09-05-2015 @ 20:07:36
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 2 corruption records ...

Record 1 of 2: Corrupt File "<0x1,0xcca>" ... no corruption found.

Record 2 of 2: Corrupt File "<0x3e,0x1898e>" ... no corruption found.

2 corruption records processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 92123
Source Name: Chkdsk
Time Written: 09-05-2015 @ 19:48:02
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 2 corruption records ...

Record 1 of 2: Corrupt File "<0x1,0xcca>" ... no corruption found.

Record 2 of 2: Corrupt File "<0x3e,0x1898e>" ... no corruption found.

2 corruption records processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 91209
Source Name: Chkdsk
Time Written: 09-03-2015 @ 22:11:51
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0xe6,0x53b>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 91106
Source Name: Chkdsk
Time Written: 09-03-2015 @ 21:47:31
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 3 corruption records ...

Record 1 of 3: Corrupt File "<0x1,0xcca>" ... no corruption found.

Record 2 of 3: Corrupt File "<0x1,0xcca>" ... no corruption found.

Record 3 of 3: Corrupt File "<0x3e,0x1898e>" ... no corruption found.

3 corruption records processed in 1.6 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26226
Record Number: 90700
Source Name: Chkdsk
Time Written: 09-03-2015 @ 12:18:42
Event Type: Information
User:
Message: Chkdsk was executed in scan mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Windows cannot perform an online scan on the volume because it is in the "Full Chkdsk Needed" state.
Please run "chkdsk /f" to repair the volume.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26226
Record Number: 90647
Source Name: Chkdsk
Time Written: 09-03-2015 @ 12:06:05
Event Type: Information
User:
Message: Chkdsk was executed in scan mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Windows cannot perform an online scan on the volume because it is in the "Full Chkdsk Needed" state.
Please run "chkdsk /f" to repair the volume.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 90596
Source Name: Chkdsk
Time Written: 09-01-2015 @ 21:47:08
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x3e,0x1898e>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26226
Record Number: 90595
Source Name: Chkdsk
Time Written: 09-01-2015 @ 21:46:54
Event Type: Information
User:
Message: Chkdsk was executed in scan mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Windows cannot perform an online scan on the volume because it is in the "Full Chkdsk Needed" state.
Please run "chkdsk /f" to repair the volume.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 90585
Source Name: Chkdsk
Time Written: 09-01-2015 @ 21:41:58
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 2 corruption records ...

Record 1 of 2: Corrupt File "<0x1,0xcca>" ... no corruption found.

Record 2 of 2: Corrupt File "<0xe6,0x53b>" ... no corruption found.

2 corruption records processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 90461
Source Name: Chkdsk
Time Written: 09-01-2015 @ 21:11:20
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0xe6,0x53b>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 90381
Source Name: Chkdsk
Time Written: 09-01-2015 @ 20:52:40
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 3 corruption records ...

Record 1 of 3: Corrupt File "<0x1,0xcca>" ... no corruption found.

Record 2 of 3: Corrupt File "<0x1,0xcca>" ... no corruption found.

Record 3 of 3: Corrupt File "<0x3e,0x1898e>" ... no corruption found.

3 corruption records processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 88050
Source Name: Chkdsk
Time Written: 08-29-2015 @ 02:21:24
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0xe6,0x53b>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 87979
Source Name: Chkdsk
Time Written: 08-29-2015 @ 02:05:11
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 2 corruption records ...

Record 1 of 2: Corrupt File "<0x1,0xcca>" ... no corruption found.

Record 2 of 2: Corrupt File "<0x3e,0x1898e>" ... no corruption found.

2 corruption records processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 87817
Source Name: Chkdsk
Time Written: 08-28-2015 @ 22:26:51
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolumeShadowCopy4
The specified object was not found.

A snapshot error occured while scanning this drive. Run an offline scan and fix.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 87492
Source Name: Chkdsk
Time Written: 08-28-2015 @ 20:32:18
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x3e,0x1898e>" ... no corruption found.

1 corruption record processed in 0.2 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26226
Record Number: 87448
Source Name: Chkdsk
Time Written: 08-28-2015 @ 01:35:44
Event Type: Information
User:
Message: Chkdsk was executed in scan mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Windows cannot perform an online scan on the volume because it is in the "Full Chkdsk Needed" state.
Please run "chkdsk /f" to repair the volume.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 87241
Source Name: Chkdsk
Time Written: 08-28-2015 @ 00:02:06
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 2 corruption records ...

Record 1 of 2: Corrupt File "<0x1,0xcca>" ... no corruption found.

Record 2 of 2: Corrupt File "<0xe6,0x53b>" ... no corruption found.

2 corruption records processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 86378
Source Name: Chkdsk
Time Written: 08-22-2015 @ 00:15:43
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0xe6,0x53b>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: ATeam
Event Code: 26228
Record Number: 86288
Source Name: Chkdsk
Time Written: 08-21-2015 @ 23:29:39
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume4
Volume label is TI10675800F.

Examining 2 corruption records ...

Record 1 of 2: Corrupt File "<0x1,0xcca>" ... no corruption found.

Record 2 of 2: Corrupt File "<0x3e,0x1898e>" ... no corruption found.

2 corruption records processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
 


  • 0

#9
dbreeze
Posted 25 September 2015 - 12:59 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Please run a CHKDSK scan on this system and report the findings.  To do this ....
 
Click Start > type cmd in the Search programs and files box.  Right click on the cmd.exe and select Run as Administrator.
Start%20cmd%20steps%20numbered_zpsreuu9r
 
 
In the Windows Command Processor window, type the following and press Enter.
 
sfc /scannow
 
(Notice the spacing in the command string).

Please wait for the scan to finish and note the information it provides (it will tell you that everything was fine, all errors were corrected or that there were corrupt files that it could not fix).  Please post back here the status.
 


  • 0

#10
data_dumb
Posted 25 September 2015 - 01:57 PM

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

It stated:

 

Windows Resource Protection found corrupt files but was unable to fix some of them. Details are located in the CBS.Log windir\Logs\CBS\CBS.log. Note that logging is currently not supported in offline servicing scenarios.


  • 0

Advertisements

#11
dbreeze
Posted 25 September 2015 - 10:28 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Let's get a deeper look at what it could not repair ...

Click Start > type cmd in the Search programs and files box.  Right click on the cmd.exe and select Run as Administrator.
Start%20cmd%20steps%20numbered_zpsreuu9r
 
 
In the Windows Command Processor window, type the following and press Enter.
 
findstr /c:”[SR]” %windir%\logs\cbs\cbs.log >sfcdetails.txt
 
(Notice the spacing in the command string).

Please attach the resulting file located in C:\Windows\System32\sfcdetails.txt .  Thanks.


  • 0

#12
data_dumb
Posted 26 September 2015 - 08:27 AM

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

I did as requested above, but am having issues when attempting to find the file to attach. When I go to the folder normally, the file is there, when I attempt to attach it, it isn't there. Would you like for me to copy and paste the contents of the file or does it need to be attached?

 

EDIT: SEE NEXT POST....I was able to attach after saving to the desktop.


Edited by data_dumb, 26 September 2015 - 08:31 AM.

  • 0

#13
data_dumb
Posted 26 September 2015 - 08:31 AM

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

I saved it to the desktop, from the system 32 folder and attached it.

Attached Files


  • 0

#14
dbreeze
Posted 26 September 2015 - 09:18 AM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Thank you for the log; I will update my instructions to first copy the file to the desktop and then post it.

 

Please download Farbar Service Scanner to your desktop and double click on the file to run it.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

 


  • 0

#15
data_dumb
Posted 26 September 2015 - 11:12 AM

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Farbar Service Scanner Version: 26-07-2015
Ran by A-TEAM (administrator) on 26-09-2015 at 12:11:04
Running from "C:\Users\A-TEAM\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: office 2013, error message download, error message opening documen

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP