Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-10-2015 01
Ran by A-TEAM (administrator) on ATEAM (15-10-2015 11:46:23)
Running from C:\Users\A-TEAM\Desktop\Computer Aid
Loaded Profiles: A-TEAM (Available Profiles: A-TEAM & ATEAM & TEST ACCOUNT & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\A-TEAM\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Spotify Ltd) C:\Users\A-TEAM\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corp.) C:\Users\A-TEAM\AppData\Local\Microsoft\OffCAT\OffCAT_RTS.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\A-TEAM\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\A-TEAM\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\A-TEAM\AppData\Roaming\Spotify\Spotify.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-11] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3249384 2015-05-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\Run: [Spotify Web Helper] => C:\Users\A-TEAM\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2541160 2015-10-02] (Spotify Ltd)
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\Run: [Facebook Update] => C:\Users\A-TEAM\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-03] (Facebook Inc.)
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\Run: [Spotify] => C:\Users\A-TEAM\AppData\Roaming\Spotify\Spotify.exe [7660648 2015-10-02] (Spotify Ltd)
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\Run: [OffCAT] => C:\Users\A-TEAM\AppData\Local\Microsoft\OffCAT\OffCAT_RTS.exe [356504 2015-07-09] (Microsoft Corp.)
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-28] (Skype Technologies S.A.)
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\MountPoints2: {1e0349ae-7a69-11e3-8262-a4db307c2082} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\MountPoints2: {a9a86dd9-136c-11e4-827b-a4db307c2082} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\MountPoints2: {d2178b98-9e98-11e4-8298-a4db307c2082} - "F:\VZW_Software_upgrade_assistant.exe"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{027CF7D7-4952-4D79-9497-304660F3B912}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7A38CE4B-9F90-4E52-9B27-8BAF8CE03453}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-952693156-1331711187-3647457651-1001 -> DefaultScope {E117D019-363C-499C-86B6-7154504445CC} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US550D20150923&p={searchTerms}
SearchScopes: HKU\S-1-5-21-952693156-1331711187-3647457651-1001 -> {95E77644-C85D-4E84-AA35-1EAEAF7E753A} URL =
SearchScopes: HKU\S-1-5-21-952693156-1331711187-3647457651-1001 -> {E117D019-363C-499C-86B6-7154504445CC} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US550D20150923&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-10-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-10-13] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-10-13] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll [2013-02-03] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\A-TEAM\AppData\Roaming\Mozilla\Firefox\Profiles\fq7i3ocx.default
FF DefaultSearchEngine.US: Secure Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_207.dll [2015-10-13] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll [2015-10-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-952693156-1331711187-3647457651-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\A-TEAM\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF SearchPlugin: C:\Users\A-TEAM\AppData\Roaming\Mozilla\Firefox\Profiles\fq7i3ocx.default\searchplugins\McSiteAdvisor.xml [2015-09-24]
FF Extension: MediaPlayer - C:\Users\A-TEAM\AppData\Roaming\Mozilla\Firefox\Profiles\fq7i3ocx.default\Extensions\[email protected] [2015-06-27]
FF Extension: Pin It Button - C:\Users\A-TEAM\AppData\Roaming\Mozilla\Firefox\Profiles\fq7i3ocx.default\Extensions\[email protected] [2014-12-28]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-09-24]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-09-23]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-24]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-24]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-22] (Windows ® Win 7 DDK provider) [File not signed]
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-29] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-09-22] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-15] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1817704 2012-11-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4226560 2014-10-27] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EMVSCARD; C:\Windows\System32\Drivers\EMVSCARD.sys [28544 2006-12-13] (USB Smart Card Reader)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [105704 2013-08-16] (GenesysLogic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-15] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-13 19:35 - 2015-10-13 19:35 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-13 17:45 - 2015-10-13 17:45 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-13 10:38 - 2015-10-13 10:38 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2015-10-13 10:32 - 2015-10-13 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-13 10:32 - 2015-10-13 10:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-10-13 10:31 - 2015-10-13 10:32 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-13 09:31 - 2015-10-13 10:00 - 2201997312 _____ C:\Users\A-TEAM\Downloads\HomeStudentRetail.img
2015-10-10 12:11 - 2015-10-10 12:11 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-952693156-1331711187-3647457651-1007
2015-10-10 12:11 - 2015-10-10 12:11 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Roaming\ATI
2015-10-10 12:11 - 2015-10-10 12:11 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Local\ATI
2015-10-10 12:09 - 2015-10-10 12:09 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Local\CrashDumps
2015-10-10 12:08 - 2015-10-10 12:08 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{55FD4F31-2FF6-41C8-B197-66B6A0E86ECF}
2015-10-10 12:06 - 2015-10-10 12:06 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Roaming\Apple Computer
2015-10-10 12:06 - 2015-10-10 12:06 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Local\TOSHIBA
2015-10-10 12:05 - 2015-10-10 12:06 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Local\Packages
2015-10-10 12:05 - 2015-10-10 12:06 - 00000000 ____D C:\Users\TEST ACCOUNT
2015-10-10 12:05 - 2015-10-10 12:05 - 00001453 _____ C:\Users\TEST ACCOUNT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-10 12:05 - 2015-10-10 12:05 - 00000020 ___SH C:\Users\TEST ACCOUNT\ntuser.ini
2015-10-10 12:05 - 2015-10-10 12:05 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Roaming\Adobe
2015-10-10 12:05 - 2015-10-10 12:05 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Local\VirtualStore
2015-10-10 12:05 - 2015-08-16 11:56 - 00000000 ___RD C:\Users\TEST ACCOUNT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-10 12:05 - 2015-08-14 10:07 - 00000000 ___RD C:\Users\TEST ACCOUNT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-10 12:05 - 2015-03-14 19:45 - 00000000 ___RD C:\Users\TEST ACCOUNT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-10 12:05 - 2015-02-12 14:36 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Roaming\Macromedia
2015-10-10 12:05 - 2014-02-21 23:37 - 00000369 _____ C:\Users\TEST ACCOUNT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-10-10 12:05 - 2014-02-21 23:37 - 00000369 _____ C:\Users\TEST ACCOUNT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-10-10 12:05 - 2013-12-15 11:38 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Local\Google
2015-10-10 12:05 - 2013-08-22 10:36 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-09 14:45 - 2015-10-09 14:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-09 14:45 - 2015-10-09 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-09 09:21 - 2015-10-09 09:21 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-952693156-1331711187-3647457651-1006
2015-10-09 09:21 - 2015-10-09 09:21 - 00000000 ____D C:\Users\ATEAM\AppData\Roaming\ATI
2015-10-09 09:21 - 2015-10-09 09:21 - 00000000 ____D C:\Users\ATEAM\AppData\Local\ATI
2015-10-09 09:20 - 2015-10-09 09:20 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CB5E0AA8-061C-4490-8BFC-7EDD5A919EA8}
2015-10-09 08:56 - 2015-10-09 08:56 - 00000000 ____D C:\Users\ATEAM\AppData\Roaming\Apple Computer
2015-10-09 08:56 - 2015-10-09 08:56 - 00000000 ____D C:\Users\ATEAM\AppData\Local\TOSHIBA
2015-10-09 08:54 - 2015-10-09 08:56 - 00000000 ____D C:\Users\ATEAM\AppData\Local\Packages
2015-10-09 08:54 - 2015-10-09 08:54 - 00001453 _____ C:\Users\ATEAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-09 08:54 - 2015-10-09 08:54 - 00000000 ____D C:\Users\ATEAM\AppData\Roaming\Adobe
2015-10-09 08:54 - 2015-10-09 08:54 - 00000000 ____D C:\Users\ATEAM\AppData\Local\VirtualStore
2015-10-09 08:52 - 2015-10-09 08:55 - 00000000 ____D C:\Users\ATEAM
2015-10-09 08:52 - 2015-10-09 08:52 - 00000020 ___SH C:\Users\ATEAM\ntuser.ini
2015-10-09 08:52 - 2015-08-16 11:56 - 00000000 ___RD C:\Users\ATEAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-09 08:52 - 2015-08-14 10:07 - 00000000 ___RD C:\Users\ATEAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-09 08:52 - 2015-03-14 19:45 - 00000000 ___RD C:\Users\ATEAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-09 08:52 - 2015-02-12 14:36 - 00000000 ____D C:\Users\ATEAM\AppData\Roaming\Macromedia
2015-10-09 08:52 - 2014-02-21 23:37 - 00000369 _____ C:\Users\ATEAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-10-09 08:52 - 2014-02-21 23:37 - 00000369 _____ C:\Users\ATEAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-10-09 08:52 - 2013-12-15 11:38 - 00000000 ____D C:\Users\ATEAM\AppData\Local\Google
2015-10-09 08:52 - 2013-08-22 10:36 - 00000000 ____D C:\Users\ATEAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-08 13:03 - 2015-10-08 13:03 - 00000162 _____ C:\Users\A-TEAM\Downloads\OMPF.zip.jni3ar6 (1) (1).zip
2015-10-08 13:02 - 2015-10-08 13:03 - 00000000 _____ C:\Users\A-TEAM\Downloads\OMPF.zip.jni3ar6 (1) (1).partial
2015-10-08 13:00 - 2015-10-08 13:01 - 00000000 _____ C:\Users\A-TEAM\Downloads\OMPF.zip.jni3ar6 (1).partial
2015-10-07 17:19 - 2015-10-07 17:19 - 00000000 ____D C:\Users\Guest\AppData\Roaming\ATI
2015-10-07 17:19 - 2015-10-07 17:19 - 00000000 ____D C:\Users\Guest\AppData\Local\ATI
2015-10-07 17:14 - 2015-10-07 17:14 - 00001453 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-07 17:14 - 2015-10-07 17:14 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2015-10-07 17:14 - 2015-10-07 17:14 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer
2015-10-07 17:14 - 2015-10-07 17:14 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2015-10-07 17:14 - 2015-10-07 17:14 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2015-10-07 17:14 - 2015-10-07 17:14 - 00000000 ____D C:\Users\Guest\AppData\Local\TOSHIBA
2015-10-07 17:14 - 2015-10-07 17:14 - 00000000 ____D C:\Users\Guest\AppData\Local\Packages
2015-10-07 17:13 - 2015-10-07 17:14 - 00000000 ____D C:\Users\Guest
2015-10-07 17:13 - 2015-08-16 11:56 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-07 17:13 - 2015-08-14 10:07 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-07 17:13 - 2015-03-14 19:45 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-07 17:13 - 2015-02-12 14:36 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2015-10-07 17:13 - 2014-02-21 23:37 - 00000369 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-10-07 17:13 - 2014-02-21 23:37 - 00000369 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-10-07 17:13 - 2013-12-15 11:38 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2015-10-07 17:13 - 2013-08-22 10:36 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-06 08:17 - 2015-10-06 08:17 - 00000000 ____D C:\ProgramData\Symantec
2015-10-06 07:52 - 2015-10-06 07:52 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-10-06 07:51 - 2015-10-06 07:51 - 00000000 ____D C:\Users\A-TEAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-10-04 17:25 - 2015-10-15 11:46 - 00000000 ____D C:\Users\A-TEAM\Desktop\Computer Aid
2015-10-04 17:20 - 2015-10-08 13:10 - 00000000 _____ C:\Users\A-TEAM\Downloads\OMPF.zip.jni3ar6.partial
2015-10-04 16:00 - 2015-10-15 09:56 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-04 16:00 - 2015-10-13 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-04 16:00 - 2015-10-13 19:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-04 16:00 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-04 16:00 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-04 16:00 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-04 16:00 - 2015-10-04 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-02 21:55 - 2015-10-02 21:59 - 00000000 ____D C:\AdwCleaner
2015-10-02 19:30 - 2015-10-02 21:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-30 13:03 - 2015-09-30 13:03 - 00000000 ____D C:\Users\A-TEAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office Configuration Analyzer Tool
2015-09-30 13:03 - 2015-09-30 13:03 - 00000000 ____D C:\StartMenuOffCATFolder
2015-09-26 09:07 - 2015-09-26 09:07 - 00072638 _____ C:\Windows\system32\sfcdetails.txt
2015-09-23 10:59 - 2015-09-23 10:59 - 00001943 _____ C:\Users\Public\Desktop\McAfee Internet Security.lnk
2015-09-23 10:59 - 2015-09-23 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-09-23 10:58 - 2015-05-19 13:59 - 00207208 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-09-23 10:57 - 2015-09-23 10:57 - 00003080 _____ C:\Windows\System32\Tasks\McAfeeLogon
2015-09-23 10:57 - 2015-09-23 10:57 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2015-09-23 10:55 - 2015-09-25 08:38 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-09-23 10:55 - 2015-09-23 10:58 - 00000000 ____D C:\Program Files\McAfee
2015-09-23 10:55 - 2015-09-23 10:55 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-09-23 10:55 - 2015-09-23 10:55 - 00000000 ____D C:\Program Files\McAfee.com
2015-09-23 10:55 - 2015-09-23 10:55 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-23 10:51 - 2015-09-23 10:58 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-09-23 10:51 - 2015-06-29 10:03 - 00254792 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-09-23 10:50 - 2015-09-23 10:50 - 08102800 _____ (McAfee, Inc.) C:\Users\A-TEAM\Desktop\Setup_serial_YhO7Vp-VaO2JMFmsQTl3YQ2_key.exe
2015-09-22 17:24 - 2015-10-15 11:46 - 00000000 ____D C:\FRST
2015-09-22 17:06 - 2015-09-22 17:06 - 00197679 _____ C:\Users\A-TEAM\Downloads\ListChkdskResult(1).exe
2015-09-22 16:58 - 2015-09-22 16:58 - 00197679 _____ C:\Users\A-TEAM\Downloads\ListChkdskResult.exe
2015-09-22 16:51 - 2015-09-22 16:51 - 02023693 _____ C:\Users\A-TEAM\Downloads\tweaking.com_registry_backup_portable(1).zip
2015-09-22 16:50 - 2015-09-22 16:51 - 02023693 _____ C:\Users\A-TEAM\Downloads\tweaking.com_registry_backup_portable.zip
2015-09-21 13:53 - 2015-09-21 13:55 - 222396474 _____ C:\Users\A-TEAM\Downloads\GT-RockBackingTracks.zip
2015-09-17 18:17 - 2015-09-17 18:17 - 00000000 ____D C:\Users\A-TEAM\Downloads\unclass-installroot_v3-16a
2015-09-17 18:16 - 2015-09-17 18:16 - 01845266 _____ C:\Users\A-TEAM\Downloads\unclass-installroot_v3-16a.zip
2015-09-17 18:11 - 2015-09-17 18:12 - 00958037 _____ C:\Users\A-TEAM\Downloads\HomeUserCertTool_V03 (1).zip
2015-09-17 18:10 - 2015-09-17 18:10 - 00958037 _____ C:\Users\A-TEAM\Downloads\HomeUserCertTool_V03.zip
2015-09-17 18:01 - 2015-10-04 15:50 - 00000000 ____D C:\Users\A-TEAM\AppData\Local\DoD-PKE
2015-09-17 17:26 - 2015-09-17 17:28 - 20487592 _____ C:\Users\A-TEAM\Downloads\OMPF documents.zip
2015-09-17 08:46 - 2015-09-17 08:46 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0e3a811a26d39
2015-09-16 09:56 - 2015-10-10 12:19 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-09-16 09:42 - 2015-10-13 19:11 - 00000000 ____D C:\Users\A-TEAM\AppData\Roaming\Skype
2015-09-16 09:42 - 2015-10-09 14:45 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-16 09:42 - 2015-10-09 14:45 - 00000000 ____D C:\ProgramData\Skype
2015-09-16 09:42 - 2015-09-16 09:42 - 00000000 ____D C:\Users\A-TEAM\AppData\Local\Skype
2015-09-16 09:40 - 2015-09-16 09:40 - 00000000 ____D C:\Program Files\AMD
2015-09-16 09:38 - 2015-01-05 22:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2015-09-16 09:38 - 2015-01-05 21:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2015-09-16 09:38 - 2015-01-05 20:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2015-09-16 09:38 - 2015-01-05 20:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2015-09-16 09:33 - 2015-08-06 14:15 - 01658544 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-16 09:33 - 2015-08-06 14:15 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-09-16 09:33 - 2015-08-06 14:15 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-16 09:33 - 2015-08-06 14:15 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-09-16 09:33 - 2015-08-06 11:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-09-16 09:33 - 2015-08-06 11:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-09-16 09:33 - 2014-11-15 14:05 - 00801584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-09-16 09:33 - 2014-11-15 01:29 - 00962216 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-09-16 09:33 - 2014-11-14 01:57 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-09-16 09:33 - 2014-11-14 00:03 - 00885760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-09-16 09:33 - 2014-11-10 13:06 - 00473408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-09-16 09:33 - 2014-11-09 20:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2015-09-16 09:33 - 2014-11-07 22:58 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2015-09-16 09:33 - 2014-11-07 21:38 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2015-09-16 09:33 - 2014-11-07 20:58 - 04837376 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2015-09-16 09:33 - 2014-11-07 20:49 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2015-09-16 09:33 - 2014-11-06 22:58 - 00952896 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-09-16 09:33 - 2014-11-06 22:20 - 00786120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-09-16 09:33 - 2014-11-04 21:12 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2015-09-16 09:33 - 2014-11-04 20:43 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-09-16 09:33 - 2014-11-04 20:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-09-16 09:33 - 2014-11-04 20:39 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2015-09-16 09:33 - 2014-11-04 20:21 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2015-09-16 09:33 - 2014-11-04 20:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-09-16 09:33 - 2014-11-04 20:06 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2015-09-16 09:33 - 2014-11-04 14:33 - 00058176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2015-09-16 09:33 - 2014-11-04 00:01 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-09-16 09:33 - 2014-10-28 22:05 - 00551232 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-09-16 09:33 - 2014-10-28 20:55 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2015-09-16 09:32 - 2015-08-10 13:15 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-09-16 09:32 - 2015-08-10 13:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-09-16 09:32 - 2015-08-10 13:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-09-16 09:32 - 2015-08-10 12:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-09-16 09:32 - 2015-08-10 11:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-09-16 09:32 - 2015-08-10 11:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-09-16 09:32 - 2015-08-07 16:41 - 07460168 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-16 09:32 - 2015-08-07 16:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-16 09:32 - 2015-08-07 16:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-16 09:32 - 2015-08-07 16:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-16 09:32 - 2015-08-07 16:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-16 09:32 - 2015-08-07 16:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-16 09:32 - 2015-08-07 09:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-16 09:32 - 2015-08-06 12:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2015-09-16 09:32 - 2015-08-06 11:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2015-09-16 09:32 - 2015-04-30 20:13 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2015-09-16 09:32 - 2015-04-30 20:13 - 01488000 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-09-16 09:32 - 2015-04-30 20:13 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2015-09-16 09:32 - 2014-11-17 15:17 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2015-09-16 09:32 - 2014-11-17 15:17 - 00273240 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2015-09-16 09:32 - 2014-11-14 01:54 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2015-09-16 09:32 - 2014-11-14 01:46 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2015-09-16 09:32 - 2014-11-10 13:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-09-16 09:32 - 2014-11-09 21:57 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2015-09-16 09:32 - 2014-11-09 20:08 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2015-09-16 09:32 - 2014-11-09 19:57 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2015-09-16 09:32 - 2014-11-07 23:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2015-09-16 09:32 - 2014-11-07 22:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2015-09-16 09:32 - 2014-11-07 22:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2015-09-16 09:32 - 2014-11-07 22:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2015-09-16 09:32 - 2014-11-07 22:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2015-09-16 09:32 - 2014-11-07 22:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2015-09-16 09:32 - 2014-11-07 22:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2015-09-16 09:32 - 2014-11-07 22:13 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2015-09-16 09:32 - 2014-11-07 21:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2015-09-16 09:32 - 2014-11-07 21:17 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2015-09-16 09:32 - 2014-11-07 21:03 - 00733696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2015-09-16 09:32 - 2014-11-04 21:12 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2015-09-16 09:32 - 2014-11-04 21:06 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2015-09-16 09:32 - 2014-11-04 20:44 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-09-16 09:32 - 2014-11-04 20:39 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2015-09-16 09:32 - 2014-11-04 20:33 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2015-09-16 09:32 - 2014-11-04 20:20 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-09-16 09:32 - 2014-11-04 20:14 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2015-09-16 09:32 - 2014-11-04 01:27 - 00128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2015-09-16 09:32 - 2014-10-28 20:13 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2015-09-16 09:32 - 2014-10-20 20:59 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
2015-09-16 09:32 - 2014-10-20 20:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2015-09-16 09:32 - 2014-10-20 19:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2015-09-16 09:32 - 2014-10-20 19:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2015-09-16 09:32 - 2014-10-20 19:31 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2015-09-16 09:32 - 2014-10-20 19:30 - 01454080 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2015-09-16 09:32 - 2014-10-20 19:20 - 01142272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2015-09-16 09:32 - 2014-10-16 23:56 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2015-09-16 09:32 - 2014-10-16 22:35 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-09-16 09:29 - 2015-08-22 08:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-16 09:29 - 2015-07-16 13:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll
2015-09-16 09:29 - 2015-06-09 17:39 - 00081920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2015-09-16 09:29 - 2015-06-09 17:39 - 00053248 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2015-09-16 09:29 - 2015-06-09 17:38 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-09-15 16:40 - 2015-09-15 16:40 - 00891392 _____ (Farbar) C:\Users\A-TEAM\Downloads\MiniToolBox.exe
2015-09-15 14:50 - 2015-09-15 14:50 - 00000000 ____D C:\Users\A-TEAM\Downloads\tweaking.com_windows_repair_aio(2)
2015-09-15 14:48 - 2015-09-15 14:49 - 18071383 _____ C:\Users\A-TEAM\Downloads\tweaking.com_windows_repair_aio(2).zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-15 11:45 - 2015-09-04 14:31 - 02043925 _____ C:\Windows\WindowsUpdate.log
2015-10-15 11:23 - 2013-12-19 20:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-15 11:22 - 2014-04-03 20:17 - 00000944 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952693156-1331711187-3647457651-1001UA.job
2015-10-15 11:02 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-10-15 10:52 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-10-15 10:51 - 2013-10-09 02:20 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-15 10:35 - 2013-12-27 00:47 - 00000000 ____D C:\Users\A-TEAM\AppData\Roaming\Spotify
2015-10-15 09:56 - 2013-12-27 00:48 - 00000000 ____D C:\Users\A-TEAM\AppData\Local\Spotify
2015-10-14 08:51 - 2015-08-30 23:46 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e3a811a26d39.job
2015-10-13 21:23 - 2013-12-19 20:45 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-13 21:00 - 2013-12-16 12:42 - 03878912 ___SH C:\Users\A-TEAM\Desktop\Thumbs.db
2015-10-13 20:22 - 2014-04-03 20:17 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952693156-1331711187-3647457651-1001Core.job
2015-10-13 19:43 - 2013-12-15 11:35 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-952693156-1331711187-3647457651-1001
2015-10-13 19:12 - 2013-09-12 00:37 - 00765714 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-13 19:08 - 2015-01-01 13:09 - 00000000 ____D C:\Users\A-TEAM\OneDrive
2015-10-13 19:07 - 2013-10-09 02:20 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-13 19:06 - 2015-09-05 14:39 - 00005529 _____ C:\Windows\setupact.log
2015-10-13 19:06 - 2013-12-15 11:29 - 00000000 ____D C:\Users\A-TEAM
2015-10-13 19:06 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-13 17:46 - 2015-05-01 09:55 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-13 09:20 - 2013-10-09 02:17 - 32095742 _____ C:\Users\Public\CAFADEBUG.log
2015-10-10 12:20 - 2015-09-05 23:06 - 00113714 _____ C:\Windows\PFRO.log
2015-10-10 12:20 - 2013-08-22 08:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-10-08 14:01 - 2013-12-26 23:27 - 00000000 ____D C:\Users\A-TEAM\Documents\Anthony
2015-10-08 12:05 - 2013-12-19 20:43 - 01620992 ___SH C:\Users\A-TEAM\Downloads\Thumbs.db
2015-10-08 08:39 - 2015-04-04 15:57 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-07 17:34 - 2015-04-04 15:57 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-07 09:52 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-10-06 16:22 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2015-10-06 14:55 - 2013-08-22 09:44 - 00391352 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-06 11:30 - 2013-08-22 08:25 - 00000128 _____ C:\Windows\win.ini
2015-10-06 11:22 - 2015-09-05 21:56 - 00765714 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-10-04 16:37 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\Branding
2015-10-02 21:49 - 2013-12-15 18:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-02 20:50 - 2013-12-15 23:14 - 00000000 ____D C:\Users\A-TEAM\Desktop\Amanda
2015-09-30 23:09 - 2014-07-16 22:47 - 00000000 ____D C:\Users\A-TEAM\Desktop\1906427
2015-09-28 14:35 - 2013-12-23 11:59 - 00000000 ____D C:\Users\A-TEAM\AppData\Local\CrashDumps
2015-09-24 09:41 - 2015-02-28 19:10 - 00000000 ____D C:\Users\A-TEAM\AppData\LocalLow\Temp
2015-09-24 09:41 - 2013-12-15 11:33 - 00000000 ____D C:\Windows\System32\Tasks\Norton Anti-Theft
2015-09-24 09:35 - 2015-09-07 14:42 - 00000000 ____D C:\ProgramData\McAfee
2015-09-23 10:57 - 2015-09-12 06:46 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2015-09-17 12:34 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2015-09-17 08:46 - 2013-10-09 02:20 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 16:30 - 2015-09-05 20:49 - 00000000 __SHD C:\found.000
2015-09-16 12:28 - 2015-04-02 22:13 - 00013831 _____ C:\Users\A-TEAM\Desktop\INFO v2.xlsx
2015-09-16 09:55 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2015-09-16 09:55 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\setup
2015-09-15 13:29 - 2015-09-06 01:16 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-952693156-1331711187-3647457651-1001
Some files in TEMP:
====================
C:\Users\A-TEAM\AppData\Local\Temp\OfficeSetup.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-10-06 15:17
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-10-2015 01
Ran by A-TEAM (2015-10-15 11:48:34)
Running from C:\Users\A-TEAM\Desktop\Computer Aid
Windows 8.1 (X64) (2013-12-15 16:29:18)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
A-TEAM (S-1-5-21-952693156-1331711187-3647457651-1001 - Administrator - Enabled) => C:\Users\A-TEAM
Administrator (S-1-5-21-952693156-1331711187-3647457651-500 - Administrator - Disabled)
ATEAM (S-1-5-21-952693156-1331711187-3647457651-1006 - Limited - Enabled) => C:\Users\ATEAM
Guest (S-1-5-21-952693156-1331711187-3647457651-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-952693156-1331711187-3647457651-1003 - Limited - Enabled)
TEST ACCOUNT (S-1-5-21-952693156-1331711187-3647457651-1007 - Limited - Enabled) => C:\Users\TEST ACCOUNT
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ActivClient CAC x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.0.12510 - Adobe Systems Inc.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.207 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{D71FAC89-D061-7BDB-C3C2-A5BAAEA26CBC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.2.0 - Conexant)
DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
ELAN Touchpad 11.8.43.1_X64_WHQL (HKLM\...\Elantech) (Version: 11.8.43.1 - ELAN Microelectronic Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.8 - Genesys Logic)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.167 - McAfee, Inc.)
Microsoft Office Configuration Analyzer Tool 2.1 (HKLM-x32\...\{EA5C0F11-00C9-02C5-070A-140F0201138D}) (Version: 2.1.5005.709 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4433.1508 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft S/MIME (HKLM-x32\...\{D932D6AE-786B-4ECD-B6FE-B9C0EB059B3C}) (Version: 14.3.123.2 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
MULTIFIT visualization tool (HKLM-x32\...\14AF7854-4BCC-4E9C-927A-849E36B82DDF) (Version: 1.7 - Multi Fit)
Multifit_Elearning (HKLM-x32\...\com.MultifitElearning) (Version: 1.9 - UNKNOWN)
Multifit_Elearning (x32 Version: 1.9 - UNKNOWN) Hidden
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4433.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4433.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4433.1508 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.300 - Qualcomm Atheros)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\Spotify) (Version: 1.0.15.133.gf21970bd - Spotify AB)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 5.0.1.0 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
24-09-2015 09:40:44 Restore Point Created by FRST
30-09-2015 13:02:34 Installed Microsoft Office Configuration Analyzer Tool 2.1
02-10-2015 21:41:52 JRT Pre-Junkware Removal
03-10-2015 00:35:19 McAfee Vulnerability Scanner
04-10-2015 15:49:27 Removed InstallRoot
07-10-2015 17:33:23 Windows Update
09-10-2015 14:43:18 McAfee Vulnerability Scanner
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2015-10-06 11:30 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1A910B0A-A630-4172-92A2-1159F7494578} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-952693156-1331711187-3647457651-1001
Task: {2C38235E-4764-4B91-A406-FF9233725FB5} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
Task: {57BD9BB6-9CE8-41A1-ABF3-D7FE7FDA8850} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2013-08-28] ()
Task: {59B7B84D-4002-467C-8383-255BE9DEF924} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {61A02317-A4A3-46E9-B831-0C5C68CDAE3A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {65BDF8DD-A245-4243-91D6-EB685ADA5850} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-952693156-1331711187-3647457651-1001UA => C:\Users\A-TEAM\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-03] (Facebook Inc.)
Task: {74DCC224-7062-45E6-AE8C-572E92D41E3A} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {781B68A3-6B53-45AC-9D36-6B22F06F3EF5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-11-22] (Microsoft Corporation)
Task: {871A3DF0-BB59-4996-A043-4B7AEDE3FB39} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-952693156-1331711187-3647457651-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {8809BDAB-4180-4D22-96D6-C429E13A7357} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e3a811a26d39 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {8A14202A-1702-4EC7-BB1E-685560681A6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {93613264-BCE1-4BC5-8B7B-7BCF3C3052E4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-13] (Adobe Systems Incorporated)
Task: {A16B98DC-70DB-4165-8B9F-8BDD67AFBCC7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-952693156-1331711187-3647457651-1001Core => C:\Users\A-TEAM\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-03] (Facebook Inc.)
Task: {A7D13113-9E1C-476F-BFB1-907E8691940D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C2F38ED8-7791-432B-910A-7BA97F29C4DE} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {C4D1BAC3-9D33-4326-9F00-07CB6F2F2476} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {C8F2D03C-1ADB-40A8-BB12-7C5A133D3E58} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {EE470B74-6A73-49A0-95F9-7A9B97A09CC2} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952693156-1331711187-3647457651-1001Core.job => C:\Users\A-TEAM\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952693156-1331711187-3647457651-1001UA.job => C:\Users\A-TEAM\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e3a811a26d39.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-10 14:54 - 2013-09-10 14:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2015-10-13 10:31 - 2012-11-02 19:33 - 00373312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2015-10-13 10:31 - 2012-11-02 19:32 - 00499264 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2015-10-13 10:31 - 2012-11-02 19:32 - 00601152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2015-10-13 10:34 - 2015-10-13 10:34 - 06522480 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-09 02:09 - 2013-08-28 19:08 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-08-01 15:24 - 2013-08-01 15:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2013-08-22 02:19 - 2013-08-22 01:54 - 00174592 _____ () C:\Windows\system32\WinMetadata\Windows.UI.winmd
2013-08-22 02:19 - 2013-08-22 01:54 - 00050176 _____ () C:\Windows\system32\WinMetadata\Windows.Data.winmd
2015-08-02 19:30 - 2015-08-02 19:30 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\b3972424579e18e6699549ecb948c4ef\Windows.Foundation.ni.dll
2015-03-11 20:12 - 2015-10-02 21:51 - 50680424 _____ () C:\Users\A-TEAM\AppData\Roaming\Spotify\libcef.dll
2015-03-11 20:12 - 2015-10-02 21:51 - 01882728 _____ () C:\Users\A-TEAM\AppData\Roaming\Spotify\libglesv2.dll
2015-03-11 20:12 - 2015-10-02 21:51 - 00083048 _____ () C:\Users\A-TEAM\AppData\Roaming\Spotify\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\A-TEAM\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\A-TEAM\Desktop\10494674_10152290541721523_808374366938200630_n.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "FastMediaConverter.lnk"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{31DDD3F4-0513-4E9F-B893-CA7DC71329CF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F24FF3CC-F29A-4499-BE22-878745E35555}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/15/2015 11:31:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McUpdate.exe, version: 14.0.4121.0, time stamp: 0x55d7828e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1668
Faulting application start time: 0xMcUpdate.exe0
Faulting application path: McUpdate.exe1
Faulting module path: McUpdate.exe2
Report Id: McUpdate.exe3
Faulting package full name: McUpdate.exe4
Faulting package-relative application ID: McUpdate.exe5
Error: (10/15/2015 10:43:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McUpdate.exe, version: 14.0.4121.0, time stamp: 0x55d7828e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x17d8
Faulting application start time: 0xMcUpdate.exe0
Faulting application path: McUpdate.exe1
Faulting module path: McUpdate.exe2
Report Id: McUpdate.exe3
Faulting package full name: McUpdate.exe4
Faulting package-relative application ID: McUpdate.exe5
Error: (10/15/2015 10:36:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.10208.0, time stamp: 0x55b5cf7a
Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe
Exception code: 0xc0000005
Fault offset: 0x00000000000017be
Faulting process id: 0x1fac
Faulting application start time: 0xCompatTelRunner.exe0
Faulting application path: CompatTelRunner.exe1
Faulting module path: CompatTelRunner.exe2
Report Id: CompatTelRunner.exe3
Faulting package full name: CompatTelRunner.exe4
Faulting package-relative application ID: CompatTelRunner.exe5
Error: (10/15/2015 10:05:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McUpdate.exe, version: 14.0.4121.0, time stamp: 0x55d7828e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x11f0
Faulting application start time: 0xMcUpdate.exe0
Faulting application path: McUpdate.exe1
Faulting module path: McUpdate.exe2
Report Id: McUpdate.exe3
Faulting package full name: McUpdate.exe4
Faulting package-relative application ID: McUpdate.exe5
Error: (10/15/2015 10:03:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1668
Start Time: 01d1068c54976c66
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
Report Id: dbf0cd1b-734c-11e5-82fa-a4db307c2082
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
Error: (10/15/2015 10:01:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mcupdate.exe, version: 14.0.4121.0, time stamp: 0x55d7828e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1094
Faulting application start time: 0xmcupdate.exe0
Faulting application path: mcupdate.exe1
Faulting module path: mcupdate.exe2
Report Id: mcupdate.exe3
Faulting package full name: mcupdate.exe4
Faulting package-relative application ID: mcupdate.exe5
Error: (10/15/2015 09:58:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ATEAM)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (10/15/2015 09:58:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program UNKNOWN version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1fe4
Start Time: 01d10759ab4779db
Termination Time: 4294967295
Application Path: UNKNOWN
Report Id: 26de6145-734d-11e5-82fa-a4db307c2082
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
Error: (10/15/2015 09:56:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ATEAM)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (10/14/2015 12:27:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11547
System errors:
=============
Error: (10/15/2015 10:06:29 AM) (Source: DCOM) (EventID: 10010) (User: ATEAM)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}
Error: (10/15/2015 10:04:48 AM) (Source: DCOM) (EventID: 10010) (User: ATEAM)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}
Error: (10/15/2015 09:59:44 AM) (Source: DCOM) (EventID: 10010) (User: ATEAM)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}
Error: (10/15/2015 09:58:13 AM) (Source: DCOM) (EventID: 10010) (User: ATEAM)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (10/15/2015 09:56:27 AM) (Source: DCOM) (EventID: 10001) (User: ATEAM)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server31Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable
Error: (10/14/2015 09:27:23 AM) (Source: DCOM) (EventID: 10010) (User: ATEAM)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}
Error: (10/14/2015 09:22:29 AM) (Source: DCOM) (EventID: 10010) (User: ATEAM)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}
Error: (10/13/2015 07:14:20 PM) (Source: DCOM) (EventID: 10010) (User: ATEAM)
Description: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
Error: (10/13/2015 07:12:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Home Network service hung on starting.
Error: (10/13/2015 07:09:11 PM) (Source: DCOM) (EventID: 10010) (User: ATEAM)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}
CodeIntegrity:
===================================
Date: 2015-10-13 19:07:26.739
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-10-10 12:21:48.946
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-10-09 09:24:25.934
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-10-09 09:16:07.805
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-10-09 09:00:04.248
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-10-09 08:54:03.852
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-10-07 09:51:25.945
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-10-06 14:57:39.743
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-09-22 17:02:50.556
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-09-22 11:39:58.129
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD A10-5750M APU with Radeon HD Graphics
Percentage of memory in use: 37%
Total physical RAM: 7374.26 MB
Available physical RAM: 4575.17 MB
Total Virtual: 8526.26 MB
Available Virtual: 5006.43 MB
==================== Drives ================================
Drive c: (TI10675800F) (Fixed) (Total:922.19 GB) (Free:848.31 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================