Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer may be infected, continous issues and errors installing/runni

Started by data_dumb , Sep 22 2015 04:39 PM
office 2013 error message download error message opening documen

  • This topic is locked This topic is locked

#46
dbreeze
Posted 10 October 2015 - 09:58 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Ok; that is conclusive proof that the policy / profiles are not correct on this system. 
 
Windows 8 and above gives a easier way to recover from these errors (than previous Windows did) but before we explorer that route I need to ask if you have a Windows 8.1 installation disk?
 
In the meantime, delete the additional Users you added to the system by

  • Press Windows key + X and select the "Control Panel"
  • Go to User Accounts and Family Safety> Remove user accounts (under User Accounts)
  • Select the user account you want to delete and click "Delete the Account".
  • Confirm the information on keeping or deleting the files (should delete them).

  • 0

Advertisements

#47
data_dumb
Posted 10 October 2015 - 11:02 PM

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Ok; that is conclusive proof that the policy / profiles are not correct on this system. 
 
Windows 8 and above gives a easier way to recover from these errors (than previous Windows did) but before we explorer that route I need to ask if you have a Windows 8.1 installation disk?
 
In the meantime, delete the additional Users you added to the system by

  • Press Windows key + X and select the "Control Panel"
  • Go to User Accounts and Family Safety> Remove user accounts (under User Accounts)
  • Select the user account you want to delete and click "Delete the Account".
  • Confirm the information on keeping or deleting the files (should delete them).

No I do not have a disc. I'm not even sure the laptop came with one, if it did, we lost it during our two moves within the last three years. I will delete the other profiles.
  • 0

#48
dbreeze
Posted 12 October 2015 - 03:14 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Let's undo the changes to the file / folder views so that you are back to the view as before:

 

  • Right click bottom left corner and select File Explorer
  • Click view and then on the right Options (change folder and search options)
  • Select View tab
  • Put the radio button in Don't Show Hidden Files
  • Place a tick in the Hide Extensions for known file types (if this was there to begin with)
  • Place a tick in the Hide Operating System files
  • Click OK

The desktop.ini file (with the Gear in the icon view) should now be 'gone' and viewing files and folders in Explorer should now be back to your regular views.

 

To reset the policy / permissions on the system, a Windows 8 / 8.1 Refresh can be used.  This leaves the user files and data intact but repairs the Windows installation.  Please read through this tutorial on this to see if you want to go this direction: How To Refresh A Windows 8.1 Installation Without Losing Your Data .


  • 0

#49
data_dumb
Posted 13 October 2015 - 08:18 AM

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Let's undo the changes to the file / folder views so that you are back to the view as before:

 

  • Right click bottom left corner and select File Explorer
  • Click view and then on the right Options (change folder and search options)
  • Select View tab
  • Put the radio button in Don't Show Hidden Files
  • Place a tick in the Hide Extensions for known file types (if this was there to begin with)
  • Place a tick in the Hide Operating System files
  • Click OK

The desktop.ini file (with the Gear in the icon view) should now be 'gone' and viewing files and folders in Explorer should now be back to your regular views.

 

To reset the policy / permissions on the system, a Windows 8 / 8.1 Refresh can be used.  This leaves the user files and data intact but repairs the Windows installation.  Please read through this tutorial on this to see if you want to go this direction: How To Refresh A Windows 8.1 Installation Without Losing Your Data .

 

 

I completed all as instructed. I attempted to refresh, and it would not. After I clicked on "Refresh your PC without affecting your files" a blue banner came across the screen "Preparing, please wait", then it stated "There was a problem refreshing your PC, no changes were made". There was an option to check online for solutions, I clicked it with no results.


Edited by data_dumb, 13 October 2015 - 08:18 AM.

  • 0

#50
dbreeze
Posted 14 October 2015 - 09:40 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Before we continue on, I want to look one more time for any signs of malware on the system.  Everything seems to point to policy / permission settings being the problem here but I just want to make sure I did not overlook any detail.  Thanks.

 

We need to get a fresh scan from FRST.

  • If you do not have a copy of FRST64.exe on your desktop, you can download Farbar Recovery Scan Tool 64bit and save it to your Desktop.
  • If you still have the Addition.txt file on your desktop, please delete it now.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update.  Allow it do this please.  Otherwise, just wait for the "The tool is ready to use." message.
  • Please check the Addition.txt in the Option Scan section of FRST.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The tool will generate will another log (Addition.txt - also located in the same directory as FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 


  • 0

#51
data_dumb
Posted 15 October 2015 - 10:51 AM

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-10-2015 01
Ran by A-TEAM (administrator) on ATEAM (15-10-2015 11:46:23)
Running from C:\Users\A-TEAM\Desktop\Computer Aid
Loaded Profiles: A-TEAM (Available Profiles: A-TEAM & ATEAM & TEST ACCOUNT & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\A-TEAM\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Spotify Ltd) C:\Users\A-TEAM\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corp.) C:\Users\A-TEAM\AppData\Local\Microsoft\OffCAT\OffCAT_RTS.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\A-TEAM\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\A-TEAM\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\A-TEAM\AppData\Roaming\Spotify\Spotify.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-11] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3249384 2015-05-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\Run: [Spotify Web Helper] => C:\Users\A-TEAM\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2541160 2015-10-02] (Spotify Ltd)
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\Run: [Facebook Update] => C:\Users\A-TEAM\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-03] (Facebook Inc.)
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\Run: [Spotify] => C:\Users\A-TEAM\AppData\Roaming\Spotify\Spotify.exe [7660648 2015-10-02] (Spotify Ltd)
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\Run: [OffCAT] => C:\Users\A-TEAM\AppData\Local\Microsoft\OffCAT\OffCAT_RTS.exe [356504 2015-07-09] (Microsoft Corp.)
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-28] (Skype Technologies S.A.)
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\MountPoints2: {1e0349ae-7a69-11e3-8262-a4db307c2082} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\MountPoints2: {a9a86dd9-136c-11e4-827b-a4db307c2082} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\MountPoints2: {d2178b98-9e98-11e4-8298-a4db307c2082} - "F:\VZW_Software_upgrade_assistant.exe"
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{027CF7D7-4952-4D79-9497-304660F3B912}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7A38CE4B-9F90-4E52-9B27-8BAF8CE03453}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-952693156-1331711187-3647457651-1001 -> DefaultScope {E117D019-363C-499C-86B6-7154504445CC} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US550D20150923&p={searchTerms}
SearchScopes: HKU\S-1-5-21-952693156-1331711187-3647457651-1001 -> {95E77644-C85D-4E84-AA35-1EAEAF7E753A} URL =
SearchScopes: HKU\S-1-5-21-952693156-1331711187-3647457651-1001 -> {E117D019-363C-499C-86B6-7154504445CC} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US550D20150923&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-10-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-10-13] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-10-13] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll [2013-02-03] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\A-TEAM\AppData\Roaming\Mozilla\Firefox\Profiles\fq7i3ocx.default
FF DefaultSearchEngine.US: Secure Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_207.dll [2015-10-13] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll [2015-10-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-952693156-1331711187-3647457651-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\A-TEAM\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF SearchPlugin: C:\Users\A-TEAM\AppData\Roaming\Mozilla\Firefox\Profiles\fq7i3ocx.default\searchplugins\McSiteAdvisor.xml [2015-09-24]
FF Extension: MediaPlayer - C:\Users\A-TEAM\AppData\Roaming\Mozilla\Firefox\Profiles\fq7i3ocx.default\Extensions\[email protected] [2015-06-27]
FF Extension: Pin It Button - C:\Users\A-TEAM\AppData\Roaming\Mozilla\Firefox\Profiles\fq7i3ocx.default\Extensions\[email protected] [2014-12-28]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-09-24]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-09-23]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-24]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-22] (Windows ® Win 7 DDK provider) [File not signed]
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-29] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-09-22] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-15] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1817704 2012-11-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4226560 2014-10-27] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EMVSCARD; C:\Windows\System32\Drivers\EMVSCARD.sys [28544 2006-12-13] (USB Smart Card Reader)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [105704 2013-08-16] (GenesysLogic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-15] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-13 19:35 - 2015-10-13 19:35 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-13 17:45 - 2015-10-13 17:45 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-13 10:38 - 2015-10-13 10:38 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2015-10-13 10:32 - 2015-10-13 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-13 10:32 - 2015-10-13 10:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-10-13 10:31 - 2015-10-13 10:32 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-13 09:31 - 2015-10-13 10:00 - 2201997312 _____ C:\Users\A-TEAM\Downloads\HomeStudentRetail.img
2015-10-10 12:11 - 2015-10-10 12:11 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-952693156-1331711187-3647457651-1007
2015-10-10 12:11 - 2015-10-10 12:11 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Roaming\ATI
2015-10-10 12:11 - 2015-10-10 12:11 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Local\ATI
2015-10-10 12:09 - 2015-10-10 12:09 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Local\CrashDumps
2015-10-10 12:08 - 2015-10-10 12:08 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{55FD4F31-2FF6-41C8-B197-66B6A0E86ECF}
2015-10-10 12:06 - 2015-10-10 12:06 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Roaming\Apple Computer
2015-10-10 12:06 - 2015-10-10 12:06 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Local\TOSHIBA
2015-10-10 12:05 - 2015-10-10 12:06 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Local\Packages
2015-10-10 12:05 - 2015-10-10 12:06 - 00000000 ____D C:\Users\TEST ACCOUNT
2015-10-10 12:05 - 2015-10-10 12:05 - 00001453 _____ C:\Users\TEST ACCOUNT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-10 12:05 - 2015-10-10 12:05 - 00000020 ___SH C:\Users\TEST ACCOUNT\ntuser.ini
2015-10-10 12:05 - 2015-10-10 12:05 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Roaming\Adobe
2015-10-10 12:05 - 2015-10-10 12:05 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Local\VirtualStore
2015-10-10 12:05 - 2015-08-16 11:56 - 00000000 ___RD C:\Users\TEST ACCOUNT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-10 12:05 - 2015-08-14 10:07 - 00000000 ___RD C:\Users\TEST ACCOUNT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-10 12:05 - 2015-03-14 19:45 - 00000000 ___RD C:\Users\TEST ACCOUNT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-10 12:05 - 2015-02-12 14:36 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Roaming\Macromedia
2015-10-10 12:05 - 2014-02-21 23:37 - 00000369 _____ C:\Users\TEST ACCOUNT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-10-10 12:05 - 2014-02-21 23:37 - 00000369 _____ C:\Users\TEST ACCOUNT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-10-10 12:05 - 2013-12-15 11:38 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Local\Google
2015-10-10 12:05 - 2013-08-22 10:36 - 00000000 ____D C:\Users\TEST ACCOUNT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-09 14:45 - 2015-10-09 14:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-09 14:45 - 2015-10-09 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-09 09:21 - 2015-10-09 09:21 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-952693156-1331711187-3647457651-1006
2015-10-09 09:21 - 2015-10-09 09:21 - 00000000 ____D C:\Users\ATEAM\AppData\Roaming\ATI
2015-10-09 09:21 - 2015-10-09 09:21 - 00000000 ____D C:\Users\ATEAM\AppData\Local\ATI
2015-10-09 09:20 - 2015-10-09 09:20 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CB5E0AA8-061C-4490-8BFC-7EDD5A919EA8}
2015-10-09 08:56 - 2015-10-09 08:56 - 00000000 ____D C:\Users\ATEAM\AppData\Roaming\Apple Computer
2015-10-09 08:56 - 2015-10-09 08:56 - 00000000 ____D C:\Users\ATEAM\AppData\Local\TOSHIBA
2015-10-09 08:54 - 2015-10-09 08:56 - 00000000 ____D C:\Users\ATEAM\AppData\Local\Packages
2015-10-09 08:54 - 2015-10-09 08:54 - 00001453 _____ C:\Users\ATEAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-09 08:54 - 2015-10-09 08:54 - 00000000 ____D C:\Users\ATEAM\AppData\Roaming\Adobe
2015-10-09 08:54 - 2015-10-09 08:54 - 00000000 ____D C:\Users\ATEAM\AppData\Local\VirtualStore
2015-10-09 08:52 - 2015-10-09 08:55 - 00000000 ____D C:\Users\ATEAM
2015-10-09 08:52 - 2015-10-09 08:52 - 00000020 ___SH C:\Users\ATEAM\ntuser.ini
2015-10-09 08:52 - 2015-08-16 11:56 - 00000000 ___RD C:\Users\ATEAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-09 08:52 - 2015-08-14 10:07 - 00000000 ___RD C:\Users\ATEAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-09 08:52 - 2015-03-14 19:45 - 00000000 ___RD C:\Users\ATEAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-09 08:52 - 2015-02-12 14:36 - 00000000 ____D C:\Users\ATEAM\AppData\Roaming\Macromedia
2015-10-09 08:52 - 2014-02-21 23:37 - 00000369 _____ C:\Users\ATEAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-10-09 08:52 - 2014-02-21 23:37 - 00000369 _____ C:\Users\ATEAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-10-09 08:52 - 2013-12-15 11:38 - 00000000 ____D C:\Users\ATEAM\AppData\Local\Google
2015-10-09 08:52 - 2013-08-22 10:36 - 00000000 ____D C:\Users\ATEAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-08 13:03 - 2015-10-08 13:03 - 00000162 _____ C:\Users\A-TEAM\Downloads\OMPF.zip.jni3ar6 (1) (1).zip
2015-10-08 13:02 - 2015-10-08 13:03 - 00000000 _____ C:\Users\A-TEAM\Downloads\OMPF.zip.jni3ar6 (1) (1).partial
2015-10-08 13:00 - 2015-10-08 13:01 - 00000000 _____ C:\Users\A-TEAM\Downloads\OMPF.zip.jni3ar6 (1).partial
2015-10-07 17:19 - 2015-10-07 17:19 - 00000000 ____D C:\Users\Guest\AppData\Roaming\ATI
2015-10-07 17:19 - 2015-10-07 17:19 - 00000000 ____D C:\Users\Guest\AppData\Local\ATI
2015-10-07 17:14 - 2015-10-07 17:14 - 00001453 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-07 17:14 - 2015-10-07 17:14 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2015-10-07 17:14 - 2015-10-07 17:14 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer
2015-10-07 17:14 - 2015-10-07 17:14 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2015-10-07 17:14 - 2015-10-07 17:14 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2015-10-07 17:14 - 2015-10-07 17:14 - 00000000 ____D C:\Users\Guest\AppData\Local\TOSHIBA
2015-10-07 17:14 - 2015-10-07 17:14 - 00000000 ____D C:\Users\Guest\AppData\Local\Packages
2015-10-07 17:13 - 2015-10-07 17:14 - 00000000 ____D C:\Users\Guest
2015-10-07 17:13 - 2015-08-16 11:56 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-07 17:13 - 2015-08-14 10:07 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-07 17:13 - 2015-03-14 19:45 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-07 17:13 - 2015-02-12 14:36 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2015-10-07 17:13 - 2014-02-21 23:37 - 00000369 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-10-07 17:13 - 2014-02-21 23:37 - 00000369 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-10-07 17:13 - 2013-12-15 11:38 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2015-10-07 17:13 - 2013-08-22 10:36 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-06 08:17 - 2015-10-06 08:17 - 00000000 ____D C:\ProgramData\Symantec
2015-10-06 07:52 - 2015-10-06 07:52 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-10-06 07:51 - 2015-10-06 07:51 - 00000000 ____D C:\Users\A-TEAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-10-04 17:25 - 2015-10-15 11:46 - 00000000 ____D C:\Users\A-TEAM\Desktop\Computer Aid
2015-10-04 17:20 - 2015-10-08 13:10 - 00000000 _____ C:\Users\A-TEAM\Downloads\OMPF.zip.jni3ar6.partial
2015-10-04 16:00 - 2015-10-15 09:56 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-04 16:00 - 2015-10-13 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-04 16:00 - 2015-10-13 19:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-04 16:00 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-04 16:00 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-04 16:00 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-04 16:00 - 2015-10-04 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-02 21:55 - 2015-10-02 21:59 - 00000000 ____D C:\AdwCleaner
2015-10-02 19:30 - 2015-10-02 21:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-30 13:03 - 2015-09-30 13:03 - 00000000 ____D C:\Users\A-TEAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office Configuration Analyzer Tool
2015-09-30 13:03 - 2015-09-30 13:03 - 00000000 ____D C:\StartMenuOffCATFolder
2015-09-26 09:07 - 2015-09-26 09:07 - 00072638 _____ C:\Windows\system32\sfcdetails.txt
2015-09-23 10:59 - 2015-09-23 10:59 - 00001943 _____ C:\Users\Public\Desktop\McAfee Internet Security.lnk
2015-09-23 10:59 - 2015-09-23 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-09-23 10:58 - 2015-05-19 13:59 - 00207208 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-09-23 10:57 - 2015-09-23 10:57 - 00003080 _____ C:\Windows\System32\Tasks\McAfeeLogon
2015-09-23 10:57 - 2015-09-23 10:57 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2015-09-23 10:55 - 2015-09-25 08:38 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-09-23 10:55 - 2015-09-23 10:58 - 00000000 ____D C:\Program Files\McAfee
2015-09-23 10:55 - 2015-09-23 10:55 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-09-23 10:55 - 2015-09-23 10:55 - 00000000 ____D C:\Program Files\McAfee.com
2015-09-23 10:55 - 2015-09-23 10:55 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-23 10:51 - 2015-09-23 10:58 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-09-23 10:51 - 2015-06-29 10:03 - 00254792 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-09-23 10:50 - 2015-09-23 10:50 - 08102800 _____ (McAfee, Inc.) C:\Users\A-TEAM\Desktop\Setup_serial_YhO7Vp-VaO2JMFmsQTl3YQ2_key.exe
2015-09-22 17:24 - 2015-10-15 11:46 - 00000000 ____D C:\FRST
2015-09-22 17:06 - 2015-09-22 17:06 - 00197679 _____ C:\Users\A-TEAM\Downloads\ListChkdskResult(1).exe
2015-09-22 16:58 - 2015-09-22 16:58 - 00197679 _____ C:\Users\A-TEAM\Downloads\ListChkdskResult.exe
2015-09-22 16:51 - 2015-09-22 16:51 - 02023693 _____ C:\Users\A-TEAM\Downloads\tweaking.com_registry_backup_portable(1).zip
2015-09-22 16:50 - 2015-09-22 16:51 - 02023693 _____ C:\Users\A-TEAM\Downloads\tweaking.com_registry_backup_portable.zip
2015-09-21 13:53 - 2015-09-21 13:55 - 222396474 _____ C:\Users\A-TEAM\Downloads\GT-RockBackingTracks.zip
2015-09-17 18:17 - 2015-09-17 18:17 - 00000000 ____D C:\Users\A-TEAM\Downloads\unclass-installroot_v3-16a
2015-09-17 18:16 - 2015-09-17 18:16 - 01845266 _____ C:\Users\A-TEAM\Downloads\unclass-installroot_v3-16a.zip
2015-09-17 18:11 - 2015-09-17 18:12 - 00958037 _____ C:\Users\A-TEAM\Downloads\HomeUserCertTool_V03 (1).zip
2015-09-17 18:10 - 2015-09-17 18:10 - 00958037 _____ C:\Users\A-TEAM\Downloads\HomeUserCertTool_V03.zip
2015-09-17 18:01 - 2015-10-04 15:50 - 00000000 ____D C:\Users\A-TEAM\AppData\Local\DoD-PKE
2015-09-17 17:26 - 2015-09-17 17:28 - 20487592 _____ C:\Users\A-TEAM\Downloads\OMPF documents.zip
2015-09-17 08:46 - 2015-09-17 08:46 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0e3a811a26d39
2015-09-16 09:56 - 2015-10-10 12:19 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-09-16 09:42 - 2015-10-13 19:11 - 00000000 ____D C:\Users\A-TEAM\AppData\Roaming\Skype
2015-09-16 09:42 - 2015-10-09 14:45 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-16 09:42 - 2015-10-09 14:45 - 00000000 ____D C:\ProgramData\Skype
2015-09-16 09:42 - 2015-09-16 09:42 - 00000000 ____D C:\Users\A-TEAM\AppData\Local\Skype
2015-09-16 09:40 - 2015-09-16 09:40 - 00000000 ____D C:\Program Files\AMD
2015-09-16 09:38 - 2015-01-05 22:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2015-09-16 09:38 - 2015-01-05 21:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2015-09-16 09:38 - 2015-01-05 20:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2015-09-16 09:38 - 2015-01-05 20:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2015-09-16 09:33 - 2015-08-06 14:15 - 01658544 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-16 09:33 - 2015-08-06 14:15 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-09-16 09:33 - 2015-08-06 14:15 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-16 09:33 - 2015-08-06 14:15 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-09-16 09:33 - 2015-08-06 11:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-09-16 09:33 - 2015-08-06 11:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-09-16 09:33 - 2014-11-15 14:05 - 00801584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-09-16 09:33 - 2014-11-15 01:29 - 00962216 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-09-16 09:33 - 2014-11-14 01:57 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-09-16 09:33 - 2014-11-14 00:03 - 00885760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-09-16 09:33 - 2014-11-10 13:06 - 00473408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-09-16 09:33 - 2014-11-09 20:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2015-09-16 09:33 - 2014-11-07 22:58 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2015-09-16 09:33 - 2014-11-07 21:38 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2015-09-16 09:33 - 2014-11-07 20:58 - 04837376 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2015-09-16 09:33 - 2014-11-07 20:49 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2015-09-16 09:33 - 2014-11-06 22:58 - 00952896 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-09-16 09:33 - 2014-11-06 22:20 - 00786120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-09-16 09:33 - 2014-11-04 21:12 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2015-09-16 09:33 - 2014-11-04 20:43 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-09-16 09:33 - 2014-11-04 20:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-09-16 09:33 - 2014-11-04 20:39 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2015-09-16 09:33 - 2014-11-04 20:21 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2015-09-16 09:33 - 2014-11-04 20:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-09-16 09:33 - 2014-11-04 20:06 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2015-09-16 09:33 - 2014-11-04 14:33 - 00058176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2015-09-16 09:33 - 2014-11-04 00:01 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-09-16 09:33 - 2014-10-28 22:05 - 00551232 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-09-16 09:33 - 2014-10-28 20:55 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2015-09-16 09:32 - 2015-08-10 13:15 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-09-16 09:32 - 2015-08-10 13:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-09-16 09:32 - 2015-08-10 13:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-09-16 09:32 - 2015-08-10 12:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-09-16 09:32 - 2015-08-10 11:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-09-16 09:32 - 2015-08-10 11:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-09-16 09:32 - 2015-08-07 16:41 - 07460168 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-16 09:32 - 2015-08-07 16:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-16 09:32 - 2015-08-07 16:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-16 09:32 - 2015-08-07 16:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-16 09:32 - 2015-08-07 16:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-16 09:32 - 2015-08-07 16:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-16 09:32 - 2015-08-07 09:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-16 09:32 - 2015-08-06 12:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2015-09-16 09:32 - 2015-08-06 11:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2015-09-16 09:32 - 2015-04-30 20:13 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2015-09-16 09:32 - 2015-04-30 20:13 - 01488000 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-09-16 09:32 - 2015-04-30 20:13 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2015-09-16 09:32 - 2014-11-17 15:17 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2015-09-16 09:32 - 2014-11-17 15:17 - 00273240 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2015-09-16 09:32 - 2014-11-14 01:54 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2015-09-16 09:32 - 2014-11-14 01:46 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2015-09-16 09:32 - 2014-11-10 13:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-09-16 09:32 - 2014-11-09 21:57 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2015-09-16 09:32 - 2014-11-09 20:08 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2015-09-16 09:32 - 2014-11-09 19:57 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2015-09-16 09:32 - 2014-11-07 23:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2015-09-16 09:32 - 2014-11-07 22:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2015-09-16 09:32 - 2014-11-07 22:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2015-09-16 09:32 - 2014-11-07 22:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2015-09-16 09:32 - 2014-11-07 22:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2015-09-16 09:32 - 2014-11-07 22:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2015-09-16 09:32 - 2014-11-07 22:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2015-09-16 09:32 - 2014-11-07 22:13 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2015-09-16 09:32 - 2014-11-07 21:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2015-09-16 09:32 - 2014-11-07 21:17 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2015-09-16 09:32 - 2014-11-07 21:03 - 00733696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2015-09-16 09:32 - 2014-11-04 21:12 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2015-09-16 09:32 - 2014-11-04 21:06 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2015-09-16 09:32 - 2014-11-04 20:44 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-09-16 09:32 - 2014-11-04 20:39 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2015-09-16 09:32 - 2014-11-04 20:33 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2015-09-16 09:32 - 2014-11-04 20:20 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-09-16 09:32 - 2014-11-04 20:14 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2015-09-16 09:32 - 2014-11-04 01:27 - 00128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2015-09-16 09:32 - 2014-10-28 20:13 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2015-09-16 09:32 - 2014-10-20 20:59 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
2015-09-16 09:32 - 2014-10-20 20:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2015-09-16 09:32 - 2014-10-20 19:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2015-09-16 09:32 - 2014-10-20 19:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2015-09-16 09:32 - 2014-10-20 19:31 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2015-09-16 09:32 - 2014-10-20 19:30 - 01454080 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2015-09-16 09:32 - 2014-10-20 19:20 - 01142272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2015-09-16 09:32 - 2014-10-16 23:56 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2015-09-16 09:32 - 2014-10-16 22:35 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-09-16 09:29 - 2015-08-22 08:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-16 09:29 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-16 09:29 - 2015-07-16 13:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll
2015-09-16 09:29 - 2015-06-09 17:39 - 00081920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2015-09-16 09:29 - 2015-06-09 17:39 - 00053248 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2015-09-16 09:29 - 2015-06-09 17:38 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-09-15 16:40 - 2015-09-15 16:40 - 00891392 _____ (Farbar) C:\Users\A-TEAM\Downloads\MiniToolBox.exe
2015-09-15 14:50 - 2015-09-15 14:50 - 00000000 ____D C:\Users\A-TEAM\Downloads\tweaking.com_windows_repair_aio(2)
2015-09-15 14:48 - 2015-09-15 14:49 - 18071383 _____ C:\Users\A-TEAM\Downloads\tweaking.com_windows_repair_aio(2).zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-15 11:45 - 2015-09-04 14:31 - 02043925 _____ C:\Windows\WindowsUpdate.log
2015-10-15 11:23 - 2013-12-19 20:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-15 11:22 - 2014-04-03 20:17 - 00000944 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952693156-1331711187-3647457651-1001UA.job
2015-10-15 11:02 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-10-15 10:52 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-10-15 10:51 - 2013-10-09 02:20 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-15 10:35 - 2013-12-27 00:47 - 00000000 ____D C:\Users\A-TEAM\AppData\Roaming\Spotify
2015-10-15 09:56 - 2013-12-27 00:48 - 00000000 ____D C:\Users\A-TEAM\AppData\Local\Spotify
2015-10-14 08:51 - 2015-08-30 23:46 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e3a811a26d39.job
2015-10-13 21:23 - 2013-12-19 20:45 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-13 21:00 - 2013-12-16 12:42 - 03878912 ___SH C:\Users\A-TEAM\Desktop\Thumbs.db
2015-10-13 20:22 - 2014-04-03 20:17 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952693156-1331711187-3647457651-1001Core.job
2015-10-13 19:43 - 2013-12-15 11:35 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-952693156-1331711187-3647457651-1001
2015-10-13 19:12 - 2013-09-12 00:37 - 00765714 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-13 19:08 - 2015-01-01 13:09 - 00000000 ____D C:\Users\A-TEAM\OneDrive
2015-10-13 19:07 - 2013-10-09 02:20 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-13 19:06 - 2015-09-05 14:39 - 00005529 _____ C:\Windows\setupact.log
2015-10-13 19:06 - 2013-12-15 11:29 - 00000000 ____D C:\Users\A-TEAM
2015-10-13 19:06 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-13 17:46 - 2015-05-01 09:55 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-13 09:20 - 2013-10-09 02:17 - 32095742 _____ C:\Users\Public\CAFADEBUG.log
2015-10-10 12:20 - 2015-09-05 23:06 - 00113714 _____ C:\Windows\PFRO.log
2015-10-10 12:20 - 2013-08-22 08:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-10-08 14:01 - 2013-12-26 23:27 - 00000000 ____D C:\Users\A-TEAM\Documents\Anthony
2015-10-08 12:05 - 2013-12-19 20:43 - 01620992 ___SH C:\Users\A-TEAM\Downloads\Thumbs.db
2015-10-08 08:39 - 2015-04-04 15:57 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-07 17:34 - 2015-04-04 15:57 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-07 09:52 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-10-06 16:22 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2015-10-06 14:55 - 2013-08-22 09:44 - 00391352 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-06 11:30 - 2013-08-22 08:25 - 00000128 _____ C:\Windows\win.ini
2015-10-06 11:22 - 2015-09-05 21:56 - 00765714 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-10-04 16:37 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\Branding
2015-10-02 21:49 - 2013-12-15 18:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-02 20:50 - 2013-12-15 23:14 - 00000000 ____D C:\Users\A-TEAM\Desktop\Amanda
2015-09-30 23:09 - 2014-07-16 22:47 - 00000000 ____D C:\Users\A-TEAM\Desktop\1906427
2015-09-28 14:35 - 2013-12-23 11:59 - 00000000 ____D C:\Users\A-TEAM\AppData\Local\CrashDumps
2015-09-24 09:41 - 2015-02-28 19:10 - 00000000 ____D C:\Users\A-TEAM\AppData\LocalLow\Temp
2015-09-24 09:41 - 2013-12-15 11:33 - 00000000 ____D C:\Windows\System32\Tasks\Norton Anti-Theft
2015-09-24 09:35 - 2015-09-07 14:42 - 00000000 ____D C:\ProgramData\McAfee
2015-09-23 10:57 - 2015-09-12 06:46 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2015-09-17 12:34 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2015-09-17 08:46 - 2013-10-09 02:20 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 16:30 - 2015-09-05 20:49 - 00000000 __SHD C:\found.000
2015-09-16 12:28 - 2015-04-02 22:13 - 00013831 _____ C:\Users\A-TEAM\Desktop\INFO v2.xlsx
2015-09-16 09:55 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2015-09-16 09:55 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\setup
2015-09-15 13:29 - 2015-09-06 01:16 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-952693156-1331711187-3647457651-1001

Some files in TEMP:
====================
C:\Users\A-TEAM\AppData\Local\Temp\OfficeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-06 15:17

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-10-2015 01
Ran by A-TEAM (2015-10-15 11:48:34)
Running from C:\Users\A-TEAM\Desktop\Computer Aid
Windows 8.1 (X64) (2013-12-15 16:29:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

A-TEAM (S-1-5-21-952693156-1331711187-3647457651-1001 - Administrator - Enabled) => C:\Users\A-TEAM
Administrator (S-1-5-21-952693156-1331711187-3647457651-500 - Administrator - Disabled)
ATEAM (S-1-5-21-952693156-1331711187-3647457651-1006 - Limited - Enabled) => C:\Users\ATEAM
Guest (S-1-5-21-952693156-1331711187-3647457651-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-952693156-1331711187-3647457651-1003 - Limited - Enabled)
TEST ACCOUNT (S-1-5-21-952693156-1331711187-3647457651-1007 - Limited - Enabled) => C:\Users\TEST ACCOUNT

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActivClient CAC x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.0.12510 - Adobe Systems Inc.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.207 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{D71FAC89-D061-7BDB-C3C2-A5BAAEA26CBC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.2.0 - Conexant)
DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
ELAN Touchpad 11.8.43.1_X64_WHQL (HKLM\...\Elantech) (Version: 11.8.43.1 - ELAN Microelectronic Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.8 - Genesys Logic)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.167 - McAfee, Inc.)
Microsoft Office Configuration Analyzer Tool 2.1 (HKLM-x32\...\{EA5C0F11-00C9-02C5-070A-140F0201138D}) (Version: 2.1.5005.709 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4433.1508 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft S/MIME (HKLM-x32\...\{D932D6AE-786B-4ECD-B6FE-B9C0EB059B3C}) (Version: 14.3.123.2 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
MULTIFIT visualization tool (HKLM-x32\...\14AF7854-4BCC-4E9C-927A-849E36B82DDF) (Version: 1.7 - Multi Fit)
Multifit_Elearning (HKLM-x32\...\com.MultifitElearning) (Version: 1.9 - UNKNOWN)
Multifit_Elearning (x32 Version: 1.9 - UNKNOWN) Hidden
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4433.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4433.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4433.1508 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.300 - Qualcomm Atheros)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\Spotify) (Version: 1.0.15.133.gf21970bd - Spotify AB)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 5.0.1.0 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

24-09-2015 09:40:44 Restore Point Created by FRST
30-09-2015 13:02:34 Installed Microsoft Office Configuration Analyzer Tool 2.1
02-10-2015 21:41:52 JRT Pre-Junkware Removal
03-10-2015 00:35:19 McAfee Vulnerability Scanner
04-10-2015 15:49:27 Removed InstallRoot
07-10-2015 17:33:23 Windows Update
09-10-2015 14:43:18 McAfee Vulnerability Scanner

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2015-10-06 11:30 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1A910B0A-A630-4172-92A2-1159F7494578} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-952693156-1331711187-3647457651-1001
Task: {2C38235E-4764-4B91-A406-FF9233725FB5} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
Task: {57BD9BB6-9CE8-41A1-ABF3-D7FE7FDA8850} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2013-08-28] ()
Task: {59B7B84D-4002-467C-8383-255BE9DEF924} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {61A02317-A4A3-46E9-B831-0C5C68CDAE3A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {65BDF8DD-A245-4243-91D6-EB685ADA5850} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-952693156-1331711187-3647457651-1001UA => C:\Users\A-TEAM\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-03] (Facebook Inc.)
Task: {74DCC224-7062-45E6-AE8C-572E92D41E3A} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {781B68A3-6B53-45AC-9D36-6B22F06F3EF5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-11-22] (Microsoft Corporation)
Task: {871A3DF0-BB59-4996-A043-4B7AEDE3FB39} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-952693156-1331711187-3647457651-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {8809BDAB-4180-4D22-96D6-C429E13A7357} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e3a811a26d39 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {8A14202A-1702-4EC7-BB1E-685560681A6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {93613264-BCE1-4BC5-8B7B-7BCF3C3052E4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-13] (Adobe Systems Incorporated)
Task: {A16B98DC-70DB-4165-8B9F-8BDD67AFBCC7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-952693156-1331711187-3647457651-1001Core => C:\Users\A-TEAM\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-03] (Facebook Inc.)
Task: {A7D13113-9E1C-476F-BFB1-907E8691940D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C2F38ED8-7791-432B-910A-7BA97F29C4DE} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {C4D1BAC3-9D33-4326-9F00-07CB6F2F2476} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {C8F2D03C-1ADB-40A8-BB12-7C5A133D3E58} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {EE470B74-6A73-49A0-95F9-7A9B97A09CC2} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952693156-1331711187-3647457651-1001Core.job => C:\Users\A-TEAM\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952693156-1331711187-3647457651-1001UA.job => C:\Users\A-TEAM\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e3a811a26d39.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-10 14:54 - 2013-09-10 14:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2015-10-13 10:31 - 2012-11-02 19:33 - 00373312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2015-10-13 10:31 - 2012-11-02 19:32 - 00499264 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2015-10-13 10:31 - 2012-11-02 19:32 - 00601152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2015-10-13 10:34 - 2015-10-13 10:34 - 06522480 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-09 02:09 - 2013-08-28 19:08 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-08-01 15:24 - 2013-08-01 15:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2013-08-22 02:19 - 2013-08-22 01:54 - 00174592 _____ () C:\Windows\system32\WinMetadata\Windows.UI.winmd
2013-08-22 02:19 - 2013-08-22 01:54 - 00050176 _____ () C:\Windows\system32\WinMetadata\Windows.Data.winmd
2015-08-02 19:30 - 2015-08-02 19:30 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\b3972424579e18e6699549ecb948c4ef\Windows.Foundation.ni.dll
2015-03-11 20:12 - 2015-10-02 21:51 - 50680424 _____ () C:\Users\A-TEAM\AppData\Roaming\Spotify\libcef.dll
2015-03-11 20:12 - 2015-10-02 21:51 - 01882728 _____ () C:\Users\A-TEAM\AppData\Roaming\Spotify\libglesv2.dll
2015-03-11 20:12 - 2015-10-02 21:51 - 00083048 _____ () C:\Users\A-TEAM\AppData\Roaming\Spotify\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\A-TEAM\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-952693156-1331711187-3647457651-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\A-TEAM\Desktop\10494674_10152290541721523_808374366938200630_n.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "FastMediaConverter.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{31DDD3F4-0513-4E9F-B893-CA7DC71329CF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F24FF3CC-F29A-4499-BE22-878745E35555}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/15/2015 11:31:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McUpdate.exe, version: 14.0.4121.0, time stamp: 0x55d7828e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1668
Faulting application start time: 0xMcUpdate.exe0
Faulting application path: McUpdate.exe1
Faulting module path: McUpdate.exe2
Report Id: McUpdate.exe3
Faulting package full name: McUpdate.exe4
Faulting package-relative application ID: McUpdate.exe5

Error: (10/15/2015 10:43:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McUpdate.exe, version: 14.0.4121.0, time stamp: 0x55d7828e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x17d8
Faulting application start time: 0xMcUpdate.exe0
Faulting application path: McUpdate.exe1
Faulting module path: McUpdate.exe2
Report Id: McUpdate.exe3
Faulting package full name: McUpdate.exe4
Faulting package-relative application ID: McUpdate.exe5

Error: (10/15/2015 10:36:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.10208.0, time stamp: 0x55b5cf7a
Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe
Exception code: 0xc0000005
Fault offset: 0x00000000000017be
Faulting process id: 0x1fac
Faulting application start time: 0xCompatTelRunner.exe0
Faulting application path: CompatTelRunner.exe1
Faulting module path: CompatTelRunner.exe2
Report Id: CompatTelRunner.exe3
Faulting package full name: CompatTelRunner.exe4
Faulting package-relative application ID: CompatTelRunner.exe5

Error: (10/15/2015 10:05:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McUpdate.exe, version: 14.0.4121.0, time stamp: 0x55d7828e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x11f0
Faulting application start time: 0xMcUpdate.exe0
Faulting application path: McUpdate.exe1
Faulting module path: McUpdate.exe2
Report Id: McUpdate.exe3
Faulting package full name: McUpdate.exe4
Faulting package-relative application ID: McUpdate.exe5

Error: (10/15/2015 10:03:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1668

Start Time: 01d1068c54976c66

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: dbf0cd1b-734c-11e5-82fa-a4db307c2082

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (10/15/2015 10:01:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mcupdate.exe, version: 14.0.4121.0, time stamp: 0x55d7828e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1094
Faulting application start time: 0xmcupdate.exe0
Faulting application path: mcupdate.exe1
Faulting module path: mcupdate.exe2
Report Id: mcupdate.exe3
Faulting package full name: mcupdate.exe4
Faulting package-relative application ID: mcupdate.exe5

Error: (10/15/2015 09:58:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ATEAM)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/15/2015 09:58:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program UNKNOWN version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1fe4

Start Time: 01d10759ab4779db

Termination Time: 4294967295

Application Path: UNKNOWN

Report Id: 26de6145-734d-11e5-82fa-a4db307c2082

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (10/15/2015 09:56:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ATEAM)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/14/2015 12:27:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11547


System errors:
=============
Error: (10/15/2015 10:06:29 AM) (Source: DCOM) (EventID: 10010) (User: ATEAM)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}

Error: (10/15/2015 10:04:48 AM) (Source: DCOM) (EventID: 10010) (User: ATEAM)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}

Error: (10/15/2015 09:59:44 AM) (Source: DCOM) (EventID: 10010) (User: ATEAM)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}

Error: (10/15/2015 09:58:13 AM) (Source: DCOM) (EventID: 10010) (User: ATEAM)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (10/15/2015 09:56:27 AM) (Source: DCOM) (EventID: 10001) (User: ATEAM)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server31Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable

Error: (10/14/2015 09:27:23 AM) (Source: DCOM) (EventID: 10010) (User: ATEAM)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}

Error: (10/14/2015 09:22:29 AM) (Source: DCOM) (EventID: 10010) (User: ATEAM)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}

Error: (10/13/2015 07:14:20 PM) (Source: DCOM) (EventID: 10010) (User: ATEAM)
Description: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}

Error: (10/13/2015 07:12:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Home Network service hung on starting.

Error: (10/13/2015 07:09:11 PM) (Source: DCOM) (EventID: 10010) (User: ATEAM)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}


CodeIntegrity:
===================================
  Date: 2015-10-13 19:07:26.739
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-10 12:21:48.946
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-09 09:24:25.934
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-09 09:16:07.805
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-09 09:00:04.248
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-09 08:54:03.852
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-07 09:51:25.945
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-06 14:57:39.743
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-22 17:02:50.556
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-22 11:39:58.129
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A10-5750M APU with Radeon™ HD Graphics
Percentage of memory in use: 37%
Total physical RAM: 7374.26 MB
Available physical RAM: 4575.17 MB
Total Virtual: 8526.26 MB
Available Virtual: 5006.43 MB

==================== Drives ================================

Drive c: (TI10675800F) (Fixed) (Total:922.19 GB) (Free:848.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

#52
dbreeze
Posted 16 October 2015 - 10:40 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Seems some things have come back that I thought we had taken care of ...

 

FIRST >>>>

Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter.  Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\MountPoints2: {1e0349ae-7a69-11e3-8262-a4db307c2082} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\MountPoints2: {a9a86dd9-136c-11e4-827b-a4db307c2082} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\MountPoints2: {d2178b98-9e98-11e4-8298-a4db307c2082} - "F:\VZW_Software_upgrade_assistant.exe"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-952693156-1331711187-3647457651-1001 -> DefaultScope {E117D019-363C-499C-86B6-7154504445CC} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US550D20150923&p={searchTerms}
SearchScopes: HKU\S-1-5-21-952693156-1331711187-3647457651-1001 -> {95E77644-C85D-4E84-AA35-1EAEAF7E753A} URL =
SearchScopes: HKU\S-1-5-21-952693156-1331711187-3647457651-1001 -> {E117D019-363C-499C-86B6-7154504445CC} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US550D20150923&p={searchTerms}
FF DefaultSearchEngine.US: Secure Search
2015-10-08 13:02 - 2015-10-08 13:03 - 00000000 _____ C:\Users\A-TEAM\Downloads\OMPF.zip.jni3ar6 (1) (1).partial
2015-10-08 13:00 - 2015-10-08 13:01 - 00000000 _____ C:\Users\A-TEAM\Downloads\OMPF.zip.jni3ar6 (1).partial
C:\Users\A-TEAM\AppData\Local\Temp\OfficeSetup.exe
Task: {74DCC224-7062-45E6-AE8C-572E92D41E3A} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
C:\Program Files (x86)\Norton Anti-Theft
Task: {EE470B74-6A73-49A0-95F9-7A9B97A09CC2} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


SECOND >>>>

I did not see any signs of these viewers on the system so I want to see if this will at least get the MS Office files open and viewed.

 

Please download one or both of the following:

Word Viewer

Excel Viewer

 

Please install one of these and see if you can open the corresponding office document with the viewer.  If successful, see if Office will repeat that.

 


  • 0

#53
data_dumb
Posted 18 October 2015 - 11:38 AM

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:14-10-2015 01
Ran by A-TEAM (2015-10-18 12:19:19) Run:2
Running from C:\Users\A-TEAM\Desktop
Loaded Profiles: A-TEAM (Available Profiles: A-TEAM & ATEAM & TEST ACCOUNT & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\MountPoints2: {1e0349ae-7a69-11e3-8262-a4db307c2082} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\MountPoints2: {a9a86dd9-136c-11e4-827b-a4db307c2082} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\...\MountPoints2: {d2178b98-9e98-11e4-8298-a4db307c2082} - "F:\VZW_Software_upgrade_assistant.exe"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-952693156-1331711187-3647457651-1001 -> DefaultScope {E117D019-363C-499C-86B6-7154504445CC} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US550D20150923&p={searchTerms}
SearchScopes: HKU\S-1-5-21-952693156-1331711187-3647457651-1001 -> {95E77644-C85D-4E84-AA35-1EAEAF7E753A} URL =
SearchScopes: HKU\S-1-5-21-952693156-1331711187-3647457651-1001 -> {E117D019-363C-499C-86B6-7154504445CC} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US550D20150923&p={searchTerms}
FF DefaultSearchEngine.US: Secure Search
2015-10-08 13:02 - 2015-10-08 13:03 - 00000000 _____ C:\Users\A-TEAM\Downloads\OMPF.zip.jni3ar6 (1) (1).partial
2015-10-08 13:00 - 2015-10-08 13:01 - 00000000 _____ C:\Users\A-TEAM\Downloads\OMPF.zip.jni3ar6 (1).partial
C:\Users\A-TEAM\AppData\Local\Temp\OfficeSetup.exe
Task: {74DCC224-7062-45E6-AE8C-572E92D41E3A} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
C:\Program Files (x86)\Norton Anti-Theft
Task: {EE470B74-6A73-49A0-95F9-7A9B97A09CC2} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e0349ae-7a69-11e3-8262-a4db307c2082}" => key removed successfully
HKCR\CLSID\{1e0349ae-7a69-11e3-8262-a4db307c2082} => key not found.
"HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9a86dd9-136c-11e4-827b-a4db307c2082}" => key removed successfully
HKCR\CLSID\{a9a86dd9-136c-11e4-827b-a4db307c2082} => key not found.
"HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2178b98-9e98-11e4-8298-a4db307c2082}" => key removed successfully
HKCR\CLSID\{d2178b98-9e98-11e4-8298-a4db307c2082} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95E77644-C85D-4E84-AA35-1EAEAF7E753A}" => key removed successfully
HKCR\CLSID\{95E77644-C85D-4E84-AA35-1EAEAF7E753A} => key not found.
"HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E117D019-363C-499C-86B6-7154504445CC}" => key removed successfully
HKCR\CLSID\{E117D019-363C-499C-86B6-7154504445CC} => key not found.
Firefox DefaultSearchEngine.US removed successfully
C:\Users\A-TEAM\Downloads\OMPF.zip.jni3ar6 (1) (1).partial => moved successfully
C:\Users\A-TEAM\Downloads\OMPF.zip.jni3ar6 (1).partial => moved successfully
C:\Users\A-TEAM\AppData\Local\Temp\OfficeSetup.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74DCC224-7062-45E6-AE8C-572E92D41E3A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74DCC224-7062-45E6-AE8C-572E92D41E3A}" => key removed successfully
C:\Windows\System32\Tasks\Norton Anti-Theft\Norton Error Processor => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Anti-Theft\Norton Error Processor" => key removed successfully
"C:\Program Files (x86)\Norton Anti-Theft" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE470B74-6A73-49A0-95F9-7A9B97A09CC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE470B74-6A73-49A0-95F9-7A9B97A09CC2}" => key removed successfully
C:\Windows\System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\McAfee Auto Maintenance Task Agent" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MCODS" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => key removed successfully

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 96.9 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 12:21:06 ====


  • 0

#54
dbreeze
Posted 19 October 2015 - 08:45 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Thank you; that went fine and removed all that was found.  One last scan for anything improper .....
 

This next step may take a while (just to warn you) .....

ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead.  ESET Online does work with IE 10 and earlier.

You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

-------------------------------------------------------------------------------------------------------------------

Hold down Control key and click on the following link to open ESET OnlineScan in a new window.

Link =>> ESET Online Scanner  <<

Click the Run ESET Online Scanner located on the left side of the page (not the free trial).

abfacb96-0c99-4b59-b9e9-9298aa0ee3ec_zps

For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step)
Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop.

Getinstallerpopup2_zps65f446a6.png

Double click on the icon on your desktop.

desktopfile_zps98a1ee89.png

Check (accept) the Terms of Use.

TOU_zps4ecd3406.png

Click the START button.
Accept any security warnings from your browser.

Now in the Computer scan settings window that appears:-
Make sure that the option Enable detection of potentially unwanted applications is selected.
Now click on Advanced Settings and configure the options as follows:

Remove found threats is Not checked
Scan archives is checked
Scan for potentially unsafe applications is checked
Enable Anti-Stealth Technology is checked


Now click on: Start
Loadsettings_2014-08-23_zps3f2d0c88.png



ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

Downloadingsignatures_zps36c38587.png


Scanningdisplay_zpsec3aac14.png

When the scan is finished, if any threats are found you will see the screen below.  Click to view the found threats.

Threatsfound_zpsfe95fb4e.png

At the bottom of the listed threats, there is an option to save the results to a text file.  Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).

Exporttotextfile_zps16cb487f.png

Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.

UninstallcheckedandFinish_zps6fb26ad8.pn

Attach the saved log file in your next reply please.  Thanks.


  • 0

#55
data_dumb
Posted 20 October 2015 - 04:59 PM

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

As requested.

Attached Files


  • 0

Advertisements

#56
dbreeze
Posted 20 October 2015 - 08:55 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter.  Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

start
CreateRestorePoint:
CloseProcesses:
C:\Users\Alaina\AppData\Local\Mozilla\Firefox\Profiles\8wnhnbin.default\cache2\entries\853753386E8206264DAB7EB3655847F5D6E44DB9
C:\Users\Alaina\AppData\Local\Mozilla\Firefox\Profiles\8wnhnbin.default\cache2\entries\9E577015F930A0476F9F78E1637B9588405BB85E
C:\Users\Alaina\AppData\Local\Mozilla\Firefox\Profiles\8wnhnbin.default\cache2\entries\CACD37DD25F8BE6082EB18C94759BA7D5603D989
C:\Users\Alaina\AppData\Local\Mozilla\Firefox\Profiles\8wnhnbin.default\cache2\entries\E4D065671648F7F8447B0AE37E25411E9056E074
C:\Program Files (x86)\Re-Markable
[-HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}]
[-HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}]
[-HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}]
[-HKCU\Software\AppDataLow\Software\Re_Markable]
[-HKU\S-1-5-21-952693156-1331711187-3647457651-1001\Software\AppDataLow\Software\Re_Markable]
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end



NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
  • 0

#57
data_dumb
Posted 21 October 2015 - 03:55 AM

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:14-10-2015 01
Ran by A-TEAM (2015-10-21 04:35:26) Run:3
Running from C:\Users\A-TEAM\Desktop
Loaded Profiles: A-TEAM (Available Profiles: A-TEAM & ATEAM & TEST ACCOUNT & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Users\Alaina\AppData\Local\Mozilla\Firefox\Profiles\8wnhnbin.default\cache2\entries\853753386E8206264DAB7EB3655847F5D6E44DB9
C:\Users\Alaina\AppData\Local\Mozilla\Firefox\Profiles\8wnhnbin.default\cache2\entries\9E577015F930A0476F9F78E1637B9588405BB85E
C:\Users\Alaina\AppData\Local\Mozilla\Firefox\Profiles\8wnhnbin.default\cache2\entries\CACD37DD25F8BE6082EB18C94759BA7D5603D989
C:\Users\Alaina\AppData\Local\Mozilla\Firefox\Profiles\8wnhnbin.default\cache2\entries\E4D065671648F7F8447B0AE37E25411E9056E074
C:\Program Files (x86)\Re-Markable
[-HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}]
[-HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}]
[-HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}]
[-HKCU\Software\AppDataLow\Software\Re_Markable]
[-HKU\S-1-5-21-952693156-1331711187-3647457651-1001\Software\AppDataLow\Software\Re_Markable]
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Alaina\AppData\Local\Mozilla\Firefox\Profiles\8wnhnbin.default\cache2\entries\853753386E8206264DAB7EB3655847F5D6E44DB9 => moved successfully
C:\Users\Alaina\AppData\Local\Mozilla\Firefox\Profiles\8wnhnbin.default\cache2\entries\9E577015F930A0476F9F78E1637B9588405BB85E => moved successfully
C:\Users\Alaina\AppData\Local\Mozilla\Firefox\Profiles\8wnhnbin.default\cache2\entries\CACD37DD25F8BE6082EB18C94759BA7D5603D989 => moved successfully
C:\Users\Alaina\AppData\Local\Mozilla\Firefox\Profiles\8wnhnbin.default\cache2\entries\E4D065671648F7F8447B0AE37E25411E9056E074 => moved successfully
"C:\Program Files (x86)\Re-Markable" => File/Folder not found.
HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} => key removed successfully
HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5} => key removed successfully
HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} => key not found.
HKCU\Software\AppDataLow\Software\Re_Markable => key not found.
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\Software\AppDataLow\Software\Re_Markable => key not found.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 218.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 04:37:21 ====


  • 0

#58
data_dumb
Posted 21 October 2015 - 03:11 PM

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Do you see any issues with me upgrading to Windows 10, or shall I wait until this process is over? I've uninstalled Microsoft Office until we have figured out what the issue is. Thanks.


  • 0

#59
dbreeze
Posted 21 October 2015 - 10:04 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

You actually have arrived at the what I was going to suggest;  your system / logs are clean and if you are looking to upgrade to Win10 then this would be a great time to do so.

 

I would recommend two things to do first:

1)  Remove the extra accounts from the system

2)  Just before you start the Win10 "install", uninstall McAfee.


  • 0

#60
data_dumb
Posted 23 October 2015 - 02:09 PM

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

You actually have arrived at the what I was going to suggest;  your system / logs are clean and if you are looking to upgrade to Win10 then this would be a great time to do so.

 

I would recommend two things to do first:

1)  Remove the extra accounts from the system

2)  Just before you start the Win10 "install", uninstall McAfee.

 

Everything was going well until the last bit of the download. I received an error message that

 

"Windows 10 couldn't be installed"

Failed: 1 update

Error(s) found: Code C190011F  Windows update ran into a problem.

 

This happened three times. The first time I clicked "Try again", and same happened. The second time I clicked on the "Get help with this error" hyperlink, and followed the troubleshooter problem that updates failed to install, and tried again, same results. I went to my windows updates and ran any failed or uncompleted updates and restarted my system, then tried to download it again. Same error. I am banging my head on my keyboard here! What is missing, or on here that shouldn't be that is causing the issues with Office and now Windows 10.

 

On a side note, my wife has access to Microsoft Office 2016, but I will not allow her to download it until I figure out what the problem is on this computer. Thank you for your help this far, what else do you have for me that could potentially put a nail in this coffin?


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: office 2013, error message download, error message opening documen

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP