Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

CMD Keeps Popping Up - Computer Slow

Started by KylieDogLover , Mar 09 2017 08:00 PM

  • Please log in to reply

#1
KylieDogLover
Posted 09 March 2017 - 08:00 PM

KylieDogLover

    New Member

  • Member
  • Pip
  • 1 posts

Hello everyone,

 

My computer is extremely slow and the CMD keeps popping up. Please help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by Kylie McFarland (administrator) on DESKTOP-F5CM8M5 (09-03-2017 20:43:35)
Running from C:\Users\Kylie McFarland\Desktop
Loaded Profiles: Kylie McFarland (Available Profiles: Kylie McFarland)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_75bf0d025ab049e0\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\TOSTABSYSSVC.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\McCSPServiceHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_75bf0d025ab049e0\igfxEM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\Chroma Tune for TOSHIBA\ChromaTune.exe
() C:\Program Files\TOSHIBA\System Setting\Hotkey\TCrdKBB.exe
(Spotify Ltd) C:\Users\Kylie McFarland\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Kylie McFarland\AppData\Roaming\Spotify\Spotify.exe
(Flux Software LLC) C:\Users\Kylie McFarland\AppData\Local\FluxSoftware\Flux\flux.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Spotify Ltd) C:\Users\Kylie McFarland\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Kylie McFarland\AppData\Roaming\Spotify\Spotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_75bf0d025ab049e0\IntelCpHeciSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Application Manager\AvidApplicationManager.exe
() C:\Program Files\Avid\Application Manager\QtWebEngineProcess.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Application Manager\AvidAppManHelper.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [559920 2015-10-09] (TOSHIBA Corporation)
HKLM\...\Run: [ChromaTuneTOSHIBAx64] => C:\Program Files\Portrait Displays\Chroma Tune for TOSHIBA\ChromaTune.exe [3018528 2015-06-01] (Portrait Displays, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3937448 2015-07-21] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [27308304 2017-03-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated)
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\Run: [Spotify Web Helper] => C:\Users\Kylie McFarland\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-21] (Spotify Ltd)
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\Run: [Spotify] => C:\Users\Kylie McFarland\AppData\Roaming\Spotify\Spotify.exe [7067760 2017-02-21] (Spotify Ltd)
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\Run: [f.lux] => C:\Users\Kylie McFarland\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avid Application Manager.lnk [2016-11-21]
ShortcutTarget: Avid Application Manager.lnk -> C:\Windows\Installer\{99E377DB-D2D0-44A5-8533-AA8BE1381644}\NewShortcut1_E1E0FF1FC1474601A40EFEF248F11D43.exe (Flexera Software LLC)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{afc94792-10e7-43f6-a597-a0c8133408a7}: [DhcpNameServer] 75.114.81.1 75.114.81.2
 
Internet Explorer:
==================
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.new.toshiba.com?cid=H16C1
SearchScopes: HKU\S-1-5-21-1176222283-3520375575-650995412-1001 -> DefaultScope {FEE638D5-96D0-4558-97E5-76AE0770DFCB} URL = 
SearchScopes: HKU\S-1-5-21-1176222283-3520375575-650995412-1001 -> {FEE638D5-96D0-4558-97E5-76AE0770DFCB} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-02] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-02] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-03-02] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-02] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-02] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2017-02-10] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2017-02-10] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-24]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-03-04] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-02-10] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-02-10] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2016-09-16] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://search-startpage.com/?s=toshibaupd&m=home&brw=ch
CHR StartupUrls: Default -> "hxxps://search-startpage.com/?s=toshibaupd&m=start&brw=ch"
CHR Profile: C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default [2017-03-09]
CHR Extension: (Google Slides) - C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-20]
CHR Extension: (Google Docs) - C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-20]
CHR Extension: (Google Drive) - C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-20]
CHR Extension: (YouTube) - C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-20]
CHR Extension: (Google Sheets) - C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-20]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-02-26]
CHR Extension: (Google Docs Offline) - C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-20]
CHR Extension: (Chrome Media Router) - C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [102064 2017-02-28] ()
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3735744 2017-03-02] (Microsoft Corporation)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1747800 2017-02-16] (Intel Security)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_75bf0d025ab049e0\IntelCpHeciSvc.exe [302584 2017-01-15] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_75bf0d025ab049e0\IntelCpHDCPSvc.exe [480248 2017-01-15] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-31] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-31] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-01-20] (Dropbox, Inc.)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-16] (WildTangent)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_75bf0d025ab049e0\igfxCUIService.exe [342008 2017-01-15] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-24] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-22] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-23] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [379896 2015-07-03] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe [2054080 2017-02-03] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1342904 2017-02-01] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-11-29] ()
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [323320 2016-08-26] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-21] (Synaptics Incorporated)
R2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [330032 2015-11-20] (TOSHIBA)
R2 TOSTABSYSSVC; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\TOSTABSYSSVC.exe [240432 2015-10-26] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-11-29] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-02-24] ()
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_75bf0d025ab049e0\igdkmd64.sys [11058168 2017-01-15] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-08] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-03-08] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-08] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-09] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 Netwtw02; C:\WINDOWS\System32\drivers\Netwtw02.sys [7075568 2015-08-23] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7918840 2016-12-19] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [301784 2015-06-01] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-21] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45728 2015-08-07] (Toshiba Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-09 20:43 - 2017-03-09 20:46 - 00034181 _____ C:\Users\Kylie McFarland\Desktop\FRST.txt
2017-03-09 20:41 - 2017-03-09 20:43 - 00000000 ____D C:\FRST
2017-03-09 20:40 - 2017-03-09 20:41 - 02423808 _____ (Farbar) C:\Users\Kylie McFarland\Desktop\FRST64.exe
2017-03-09 20:35 - 2017-03-09 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-03-09 16:34 - 2017-03-09 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-08 19:07 - 2017-03-08 19:08 - 00013739 ____H C:\Users\Kylie McFarland\Desktop\~WRL1611.tmp
2017-03-08 17:59 - 2017-03-09 17:24 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-08 17:59 - 2017-03-08 17:59 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-08 17:59 - 2017-03-08 17:59 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-08 17:58 - 2017-03-08 17:58 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-08 17:58 - 2017-03-08 17:58 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-08 17:58 - 2017-03-08 17:58 - 00001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-08 17:58 - 2017-03-08 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-08 17:58 - 2017-03-08 17:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-08 17:58 - 2017-03-08 17:58 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-08 17:58 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-08 17:56 - 2017-03-08 17:57 - 57131432 _____ (Malwarebytes ) C:\Users\Kylie McFarland\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-08 14:02 - 2017-03-08 14:02 - 00004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-03-06 15:50 - 2017-03-06 15:50 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-03-06 12:30 - 2017-03-06 12:30 - 00143301 _____ C:\Users\Kylie McFarland\Downloads\ACG 2021 - Definitions for Block 2.pdf
2017-03-01 21:24 - 2017-03-01 21:24 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-02-27 10:58 - 2017-03-09 19:09 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-02-26 19:27 - 2017-02-26 19:28 - 01683476 _____ C:\Users\Kylie McFarland\Downloads\Purdue OWL sample APA paper.pdf
2017-02-26 19:20 - 2017-02-26 19:20 - 02711952 _____ C:\Users\Kylie McFarland\Downloads\ACG 2021 Chapter Five Power Point S17.pptx
2017-02-24 15:51 - 2016-07-20 10:12 - 00170992 _____ C:\Users\Kylie McFarland\Desktop\received_1143355222387914.jpeg
2017-02-24 15:51 - 2016-07-20 09:49 - 00593842 _____ C:\Users\Kylie McFarland\Desktop\received_1143355615721208.jpeg
2017-02-22 12:08 - 2017-02-22 12:08 - 00079120 _____ C:\Users\Kylie McFarland\Downloads\ACG 2021 Chapter Five Handouts S16.pptx
2017-02-21 22:59 - 2017-02-26 19:43 - 00018291 ____H C:\Users\Kylie McFarland\Desktop\~WRL0005.tmp
2017-02-21 22:59 - 2017-02-21 23:01 - 00017392 ____H C:\Users\Kylie McFarland\Desktop\~WRL3781.tmp
2017-02-17 16:13 - 2017-02-17 16:13 - 00673496 _____ C:\Users\Kylie McFarland\Downloads\ACG 2021Handouts for Chapter 4 S16.pptx
2017-02-15 12:23 - 2017-02-15 12:23 - 00673282 _____ C:\Users\Kylie McFarland\Downloads\ACG 2021Handouts for Chapter 4 S16-1.pptx
2017-02-14 16:38 - 2017-02-07 11:39 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-13 13:13 - 2017-02-13 13:13 - 00000000 ___RD C:\Users\Kylie McFarland\3D Objects
2017-02-13 13:12 - 2017-02-13 13:12 - 00000000 ____D C:\Users\Kylie McFarland\AppData\Roaming\me.digi
2017-02-13 09:57 - 2017-02-13 11:23 - 00000000 ____D C:\Users\Kylie McFarland\Desktop\Spring 17
2017-02-13 09:57 - 2017-02-13 09:58 - 00000000 ____D C:\Users\Kylie McFarland\Desktop\New Folders
2017-02-13 09:43 - 2017-03-03 15:36 - 00000000 ____D C:\Users\Kylie McFarland\Desktop\Marketing
2017-02-11 09:44 - 2017-02-11 09:44 - 00088473 _____ C:\Users\Kylie McFarland\Downloads\Co-Signer Form ASHTON (5).pdf
2017-02-11 09:44 - 2017-02-11 09:44 - 00088473 _____ C:\Users\Kylie McFarland\Downloads\Co-Signer Form ASHTON (4).pdf
2017-02-11 09:44 - 2017-02-11 09:44 - 00088473 _____ C:\Users\Kylie McFarland\Downloads\Co-Signer Form ASHTON (3).pdf
2017-02-10 13:42 - 2017-02-10 13:42 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-10 13:42 - 2017-02-10 13:42 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-07 17:16 - 2017-02-07 17:16 - 00088473 _____ C:\Users\Kylie McFarland\Downloads\Co-Signer Form ASHTON (2).pdf
2017-02-07 17:15 - 2017-02-07 17:15 - 00088473 _____ C:\Users\Kylie McFarland\Downloads\Co-Signer Form ASHTON (1).pdf
2017-02-07 17:14 - 2017-02-07 17:14 - 00088473 _____ C:\Users\Kylie McFarland\Downloads\Co-Signer Form ASHTON.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-09 20:28 - 2016-08-24 12:20 - 00000000 ____D C:\Users\Kylie McFarland\AppData\Local\Spotify
2017-03-09 20:27 - 2016-09-25 20:14 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-09 17:18 - 2017-01-22 17:44 - 00004186 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B8E21B1B-BE73-4471-86AF-5DBEBF2069DD}
2017-03-09 16:36 - 2016-08-31 11:49 - 00000000 ___RD C:\Users\Kylie McFarland\Dropbox
2017-03-09 16:35 - 2016-03-25 05:58 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-09 16:31 - 2016-08-24 12:19 - 00000000 ____D C:\Users\Kylie McFarland\AppData\Roaming\Spotify
2017-03-09 16:29 - 2016-10-07 15:26 - 00000000 ____D C:\Users\Kylie McFarland\AppData\Local\Adobe
2017-03-09 15:52 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-09 10:49 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-08 11:55 - 2016-08-20 09:26 - 00000000 ____D C:\Users\Kylie McFarland\AppData\Local\App Place for Toshiba
2017-03-08 11:45 - 2016-08-25 22:01 - 00000000 ____D C:\Users\Kylie McFarland\AppData\Roaming\Skype
2017-03-08 11:44 - 2017-01-16 10:02 - 00000000 ___RD C:\Users\Kylie McFarland\iCloudDrive
2017-03-08 11:43 - 2016-12-25 16:47 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-08 11:41 - 2016-08-20 09:26 - 00000000 __SHD C:\Users\Kylie McFarland\IntelGraphicsProfiles
2017-03-08 11:40 - 2016-09-25 20:22 - 00000000 ____D C:\Users\Kylie McFarland
2017-03-08 11:39 - 2016-09-25 20:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-06 21:21 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-03-03 16:09 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-03 16:08 - 2016-03-25 06:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-03 15:37 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-03-01 21:24 - 2017-02-03 17:50 - 00002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmazonAssistant.lnk
2017-03-01 12:59 - 2016-09-25 20:41 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-03-01 12:59 - 2016-09-25 20:41 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-02-27 19:58 - 2016-12-14 18:33 - 00003310 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-27 19:58 - 2016-08-21 19:38 - 00002404 _____ C:\Users\Kylie McFarland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-27 19:58 - 2016-08-20 09:30 - 00000000 ___RD C:\Users\Kylie McFarland\OneDrive
2017-02-26 23:29 - 2016-08-20 09:26 - 00000000 ____D C:\Users\Kylie McFarland\AppData\Local\Packages
2017-02-26 19:27 - 2016-08-25 22:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-26 19:21 - 2016-08-25 22:03 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-24 16:24 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-13 09:58 - 2017-01-01 20:56 - 00000000 ____D C:\Users\Kylie McFarland\Desktop\PHOTO
 
==================== Files in the root of some directories =======
 
2016-11-21 14:39 - 2016-11-21 14:39 - 0000604 ____H () C:\Program Files (x86)\Br1S
2016-11-21 14:31 - 2016-11-21 14:31 - 1575370 _____ () C:\Users\Kylie McFarland\AppData\Roaming\AvidApplicationManager_Install.log
2017-02-13 13:12 - 2017-02-13 13:12 - 0000258 _____ () C:\Users\Kylie McFarland\AppData\Local\digi.me-Internal-Helper.log
2016-09-25 20:16 - 2016-09-25 20:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2017-01-07 22:58 - 2017-01-07 22:58 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext11142030291533485.dll
2016-11-22 13:05 - 2016-11-22 13:06 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext1220965999079692697.dll
2016-12-06 10:48 - 2016-12-06 10:48 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext125451587652733510.dll
2016-12-06 10:49 - 2016-12-06 10:49 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext1258841136708843965.dll
2016-12-05 23:43 - 2016-12-05 23:43 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext1584672743979665973.dll
2016-12-27 23:38 - 2016-12-27 23:38 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext2077103210606500094.dll
2017-01-06 13:57 - 2017-01-06 13:57 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext2152539649107661038.dll
2016-11-21 14:40 - 2016-11-21 14:40 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext240219430093385370.dll
2016-11-24 12:27 - 2016-11-24 12:27 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext2413568598558344315.dll
2017-01-07 23:10 - 2017-01-07 23:10 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext2450596995055893917.dll
2017-01-07 13:10 - 2017-01-07 13:10 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext2790604166316202425.dll
2016-12-12 08:10 - 2016-12-12 08:10 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext2818353074128452874.dll
2016-12-31 00:58 - 2016-12-31 00:58 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext2904386541787684632.dll
2017-01-03 15:12 - 2017-01-03 15:12 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext2930280568925712597.dll
2016-12-23 22:11 - 2016-12-23 22:11 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext300215956878438413.dll
2016-11-30 08:25 - 2016-11-30 08:25 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext3033098397045066273.dll
2016-12-19 12:01 - 2016-12-19 12:01 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext3181854325650580446.dll
2016-12-06 16:36 - 2016-12-06 16:36 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext3851655030422222077.dll
2016-12-23 14:09 - 2016-12-23 14:09 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext3929343465193323303.dll
2016-12-31 00:56 - 2016-12-31 00:56 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext4177695764379234643.dll
2016-12-08 15:49 - 2016-12-08 15:49 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext4191458941260304294.dll
2016-11-29 23:47 - 2016-11-29 23:47 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext4579305488145237072.dll
2016-11-30 18:31 - 2016-11-30 18:31 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext461866442848525165.dll
2016-12-25 00:51 - 2016-12-25 00:51 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5052818807617536038.dll
2016-12-02 13:23 - 2016-12-02 13:23 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext507536794823114444.dll
2016-11-24 12:30 - 2016-11-24 12:30 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5158695721042234349.dll
2016-11-22 13:49 - 2016-11-22 13:49 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5189128375610296495.dll
2016-12-02 13:34 - 2016-12-02 13:34 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5237708321298925734.dll
2016-11-29 12:06 - 2016-11-29 12:06 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5323490126234642197.dll
2016-12-15 17:23 - 2016-12-15 17:23 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5340099635981723250.dll
2016-12-13 14:10 - 2016-12-13 14:10 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5392083961885581945.dll
2016-12-01 17:07 - 2016-12-01 17:07 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5493771969510168850.dll
2016-12-12 17:50 - 2016-12-12 17:50 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext552553432897856769.dll
2016-11-22 22:27 - 2016-11-22 22:27 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext56176752763730187.dll
2016-11-22 12:03 - 2016-11-22 12:03 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5669151882075152064.dll
2017-01-10 09:53 - 2017-01-10 09:53 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext571606586876947616.dll
2016-12-19 17:18 - 2016-12-19 17:18 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5728638858994728780.dll
2016-12-17 01:00 - 2016-12-17 01:00 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5746727722213736666.dll
2016-12-25 08:48 - 2016-12-25 08:48 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5777867671070179955.dll
2016-12-11 00:43 - 2016-12-11 00:43 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5794447246494544269.dll
2016-12-05 14:43 - 2016-12-05 14:43 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext6088358457869937811.dll
2016-12-27 11:57 - 2016-12-27 11:57 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext6112725453800717142.dll
2016-12-14 14:35 - 2016-12-14 14:35 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext6177696777127060058.dll
2017-01-02 01:23 - 2017-01-02 01:23 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext6249637177487091781.dll
2016-12-31 11:01 - 2016-12-31 11:01 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext630362675338826714.dll
2016-11-30 12:42 - 2016-11-30 12:42 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext6475115811065085854.dll
2016-12-02 08:29 - 2016-12-02 08:29 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext6717283325869078458.dll
2016-11-29 13:41 - 2016-11-29 13:41 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext6731291073618412288.dll
2016-12-28 23:58 - 2016-12-28 23:58 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext697139318977930927.dll
2016-11-23 10:41 - 2016-11-23 10:41 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext7083731519726470188.dll
2016-12-09 04:27 - 2016-12-09 04:27 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext7094681995895828039.dll
2016-11-26 01:16 - 2016-11-26 01:16 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext7172788450789200068.dll
2016-12-07 17:05 - 2016-12-07 17:05 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext7339412193734789061.dll
2016-12-18 10:47 - 2016-12-18 10:47 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext7576203505414247519.dll
2016-11-28 17:28 - 2016-11-28 17:28 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext7578393393707143404.dll
2017-01-07 22:30 - 2017-01-07 22:30 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext786139258354987879.dll
2016-12-16 17:51 - 2016-12-16 17:51 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext8170777302129152379.dll
2017-01-10 09:36 - 2017-01-10 09:36 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext81966837122874324.dll
2017-01-04 15:38 - 2017-01-04 15:38 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext8364891532524950752.dll
2016-12-12 20:43 - 2016-12-12 20:43 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext839259246722324053.dll
2017-01-06 13:56 - 2017-01-06 13:56 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext919815768354557693.dll
2016-10-06 07:16 - 2016-10-06 07:16 - 58523704 _____ (SweetLabs,Inc.) C:\Users\Kylie McFarland\AppData\Local\Temp\octC58D.tmp.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-27 20:55
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
Ran by Kylie McFarland (09-03-2017 20:51:53)
Running from C:\Users\Kylie McFarland\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-26 01:44:45)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1176222283-3520375575-650995412-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1176222283-3520375575-650995412-503 - Limited - Disabled)
Guest (S-1-5-21-1176222283-3520375575-650995412-501 - Limited - Disabled)
Kylie McFarland (S-1-5-21-1176222283-3520375575-650995412-1001 - Administrator - Enabled) => C:\Users\Kylie McFarland
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
12 Labours of Hercules III: Girl Power (x32 Version: 3.0.2.118 - WildTangent) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Amazon Assistant (HKLM-x32\...\{5437E77B-E4B5-45E7-BD33-95C3F0AA6602}) (Version: 10.17.0228 - Amazon) <==== ATTENTION
App Place for Toshiba (HKLM-x32\...\App Place for Toshiba) (Version: 4.13.22 - IS AppCloud Software)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avid Application Manager (HKLM\...\{99E377DB-D2D0-44A5-8533-AA8BE1381644}) (Version: 2.5.8.13040 - Avid Technology, Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bluetooth® Link (HKLM\...\{936D21BF-3344-4B20-BC4C-3B67580C19F5}) (Version: 4.3.04 - Toshiba Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J4320DW (HKLM-x32\...\{7FC49664-DAA4-4E7C-ADD0-614ABB43691B}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Chroma Tune for TOSHIBA (HKLM\...\{CD1AE048-DC88-4615-9A5F-7E607C000736}) (Version: 2.06.7 - Portrait Displays, Inc.)
Cities: Skylines (HKLM\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6312.0 - CyberLink Corp.)
CyberLink PhotoDirector 5 (Version: 5.0.6312.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4425.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.4425.0 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
digi.me (HKLM-x32\...\digi.me) (Version: 7.0.9 - digi.me Limited)
Dropbox (HKLM-x32\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DTS Sound (HKLM-x32\...\{793B70D2-41E9-46AB-9DDC-B34C99D07DB5}) (Version: 1.02.4100 - DTS, Inc.)
f.lux (HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\Flux) (Version:  - )
Family Vacation 2: Road Trip (x32 Version: 3.0.2.59 - WildTangent) Hidden
Finale (HKLM\...\{48133FCD-8D55-4D52-A668-D1A988FC00C4}) (Version: 25.0.0.6858 - MakeMusic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden
iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.)
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4574 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® WiDi (HKLM\...\{5DD8D7E4-87F1-4134-AD28-4228FB1A03BA}) (Version: 6.0.44.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (x32 Version: 1.1.383 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{31C74FA2-2AB9-41C3-BFBE-693283E4C28B}) (Version: 17.1.1527.1534 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{5853172b-5520-4089-9ef4-e26c594382b3}) (Version: 19.30.0 - Intel Corporation)
Jewel Match Snowscapes (x32 Version: 3.0.2.118 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.12000 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.235 - McAfee, Inc.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7870.2013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
MMFonts (HKLM-x32\...\{1DD5D3E6-8DF5-4657-8825-713C499CDCC0}) (Version: 1.1.1.1 - MakeMusic, Inc.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MuseScore 2 (HKLM-x32\...\{4F0E15EA-F64C-11E5-9992-E717EA7DB0C8}) (Version: 2.0.3 - Werner Schweer and Others)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7870.2013 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7830.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7870.2013 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10130.29089 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.)
Rory's Restaurant (x32 Version: 3.0.2.126 - WildTangent) Hidden
Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden
Sibelius (HKLM\...\{6420DC80-3BCF-4C96-A209-B0C5D26E140D}) (Version: 8.4.2.231 - Avid Technology)
Sibelius 7 OpenType Fonts (HKLM-x32\...\{623C2BD8-1B28-4F98-B578-E9D139827269}) (Version: 7.1.3 - Avid)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.8 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 3.0.2.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{0B39C39A-3ECE-4582-9C91-842D22819A24}) (Version: 2.0.1.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.4.6401 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 4.17.000 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 2.02.0002.02 - Toshiba Corporation)
TOSHIBA System Settings (HKLM\...\{B040D5C9-C9AA-430A-A44E-696656012E61}) (Version: 3.0.7.6401 - Toshiba Corporation)
TOSHIBA User Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.03 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.1.2 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.16 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11552 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1176222283-3520375575-650995412-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-9A43B719B35A}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-1176222283-3520375575-650995412-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0488F793-6CA9-4EA7-8C9D-0A58D0AF223B} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-24] (Intel Corporation)
Task: {0AC20E7F-86D3-4C90-AB66-C99A4C49884C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {13D00CF9-C38C-4CA3-8098-B985FCD803C8} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {1B2A8F40-BA5B-4E97-AAAA-A58E07DF6C6F} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-12-09] (McAfee, Inc.)
Task: {2CFC239E-BEA1-42D5-8BF7-AB22A27DDB1E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-03-03] (Microsoft Corporation)
Task: {363B01B7-9D61-4BCC-8D31-8C9E9459C7C8} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-02-05] (McAfee, Inc.)
Task: {43123D0B-3D81-47D0-B3A3-167ADB71F6F0} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2015-05-27] ()
Task: {4CD44EB3-7F9F-4274-A422-B33031FE2972} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-02] (Microsoft Corporation)
Task: {4FF70877-C232-4E44-8D53-6BF0EB6BEFB4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-20] (Google Inc.)
Task: {50C899AF-24EA-49B6-ACB6-46E5CF255E3A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Kylie McFarland\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe 
Task: {5200C11C-F391-4668-8C8A-A44E44B2D333} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-20] (Google Inc.)
Task: {6EF41C9F-F0B2-47F8-9F7B-F7AAA47BD227} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-08-26] (Realtek Semiconductor)
Task: {843D5838-C047-45E7-BFFF-3D9C593F63C8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-31] (Dropbox, Inc.)
Task: {855E7E96-DF11-42F6-BCD0-1340539A9613} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-24] (Intel Corporation)
Task: {8C6B3D34-08FB-4643-86FC-488286BE750C} - System32\Tasks\IS AppCloud Software\App Place for Toshiba => C:\Program Files (x86)\Toshiba\AppPlace\toshibaappplace.exe [2016-06-08] (IS AppCloud Software)
Task: {8EE4A2D9-50CE-4030-A824-B713A3B1C603} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {94745968-A700-41A7-A061-C3BE394E461E} - System32\Tasks\BTSchedulerTask => C:\Program Files (x86)\TOSHIBA\Toshiba Bluetooth Device Profile Utility\TosBt_NotificationScheduler.exe [2015-07-08] (Toshiba Corporation)
Task: {ADDC366D-2016-486F-9299-3E69E80EDF45} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-02-05] (McAfee, Inc.)
Task: {C29DFCD4-D868-4381-9F03-923E109DD366} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {C5A7A9D5-FA93-4E84-8A83-B5757C5DC90D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-03-03] (Microsoft Corporation)
Task: {C9F1D663-F7BD-431A-A771-60275393D234} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe 
Task: {CF190811-40A5-4F8E-A8CB-A4ED273382A0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-31] (Dropbox, Inc.)
Task: {D0F3198F-3A0C-4CC3-81C5-5EB3861D957D} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {D6B4EDF5-52F1-4D27-B7BF-24F48EC00ADF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-02] (Microsoft Corporation)
Task: {EFB631C6-83BD-4DEC-B969-5DC6B92CB386} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-F5CM8M5-Kylie McFarland => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {FD9F2C5B-B310-4D31-B90B-9050B2518B3F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-03-03] (Microsoft Corporation)
Task: {FEB36D7A-1300-49CD-81D5-7CF7451ED836} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2015-06-12] (TOSHIBA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 14:51 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2013-03-27 14:53 - 2013-03-27 14:53 - 00163168 _____ () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
2017-02-28 15:19 - 2017-02-28 15:19 - 00102064 _____ () C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
2017-02-28 15:20 - 2017-02-28 15:20 - 00141488 _____ () C:\Program Files (x86)\Amazon\Amazon Assistant\aaLoader64.dll
2015-10-26 19:16 - 2015-10-26 19:16 - 00240432 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\TOSTABSYSSVC.exe
2016-08-25 21:37 - 2005-04-21 23:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2016-03-25 06:11 - 2014-04-14 20:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-12-14 14:51 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-05-22 18:33 - 2016-05-22 18:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-08-22 19:33 - 2017-02-26 14:32 - 08930496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-26 00:08 - 2016-09-26 00:08 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-15 13:06 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-15 13:05 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-15 13:05 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-15 13:05 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-15 13:05 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-15 13:05 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-15 13:05 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-07-18 20:38 - 2012-07-18 20:38 - 00020904 _____ () C:\Program Files\TOSHIBA\System Setting\SmoothView.dll
2013-08-01 16:24 - 2013-08-01 16:24 - 00438112 _____ () C:\Program Files\TOSHIBA\System Setting\Hotkey\TcrdKBB.exe
2015-05-27 14:46 - 2015-05-27 14:46 - 00019960 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2016-05-22 18:32 - 2016-05-22 18:32 - 31680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-02-06 17:30 - 2017-02-01 04:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 17:30 - 2017-02-01 04:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-02-22 20:23 - 2017-02-22 20:23 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 20:23 - 2017-02-22 20:23 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 20:23 - 2017-02-22 20:23 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 22:12 - 2017-02-06 22:13 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2017-03-08 17:58 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-08 17:58 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-08-15 17:12 - 2016-08-15 17:12 - 00012288 _____ () C:\Program Files\Avid\Application Manager\QtWebEngineProcess.exe
2015-08-12 16:15 - 2015-08-12 16:15 - 07803392 _____ () c:\program files\avid\application manager\jre\bin\server\jvm.dll
2016-08-24 12:20 - 2017-02-21 21:16 - 51777648 _____ () C:\Users\Kylie McFarland\AppData\Roaming\Spotify\libcef.dll
2016-11-03 08:08 - 2017-02-21 21:16 - 00110192 _____ () C:\Users\Kylie McFarland\AppData\Roaming\Spotify\SpotifyWinRT.dll
2016-11-17 01:29 - 2016-11-17 01:29 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-11-17 01:29 - 2016-11-17 01:29 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-08-25 21:37 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-08-24 07:45 - 2016-08-24 07:45 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-08-24 12:20 - 2017-02-21 21:16 - 01803888 _____ () C:\Users\Kylie McFarland\AppData\Roaming\Spotify\libglesv2.dll
2016-08-24 12:20 - 2017-02-21 21:16 - 00086128 _____ () C:\Users\Kylie McFarland\AppData\Roaming\Spotify\libegl.dll
2016-06-07 23:10 - 2016-06-07 23:10 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-06-07 23:10 - 2016-06-07 23:10 - 00205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-06-07 23:10 - 2016-06-07 23:10 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-06-07 23:10 - 2016-06-07 23:10 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-08-24 07:24 - 2016-08-24 07:24 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-06-07 23:10 - 2016-06-07 23:10 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-08-22 19:19 - 2017-03-02 16:27 - 00252608 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\IEAWSDC.DLL
2017-03-09 16:33 - 2017-03-06 15:59 - 00807232 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-01-15 11:28 - 2017-02-08 21:19 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-01-15 11:28 - 2017-02-08 21:19 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-01-15 11:28 - 2017-02-08 21:19 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-01-15 11:28 - 2017-03-06 16:01 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-01-15 11:28 - 2017-02-08 21:19 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-01-15 11:28 - 2017-02-08 21:20 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-03-09 16:33 - 2017-02-08 21:19 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-03-09 16:33 - 2017-02-08 21:20 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-03-09 16:33 - 2017-02-08 21:19 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-01-15 11:28 - 2017-02-08 21:22 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-01-15 11:28 - 2017-03-06 16:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-03-09 16:33 - 2017-02-08 21:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-03-09 16:33 - 2017-02-08 21:22 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-01-15 11:28 - 2017-03-06 16:01 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-01-15 11:28 - 2017-03-06 16:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-01-15 11:28 - 2017-02-08 21:21 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-01-15 11:28 - 2017-03-06 16:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-01-15 11:28 - 2017-02-08 21:20 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-02-27 19:56 - 2017-03-06 16:01 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-24 00:05 - 2017-03-06 16:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-01-15 11:28 - 2017-03-06 16:01 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-01-24 00:05 - 2017-03-06 16:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-24 00:05 - 2017-03-06 16:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-24 00:05 - 2017-03-06 16:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-01-15 11:28 - 2017-03-06 16:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-03-09 16:33 - 2017-02-08 21:17 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-03-09 16:33 - 2017-03-06 16:01 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-03-09 16:33 - 2016-12-02 16:44 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-03-09 16:33 - 2017-03-06 16:01 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-03-09 16:33 - 2017-02-08 21:27 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-03-09 16:33 - 2017-02-08 21:27 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-03-09 16:33 - 2017-03-06 16:01 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-01-15 11:28 - 2017-03-06 16:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Kylie McFarland\Desktop\Screenshot 2017-02-27 15.51.14 - Copy.png:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Kylie McFarland\Desktop\Screenshot 2017-02-27 15.51.14.png:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Kylie McFarland\Desktop\Screenshot 2017-02-27 15.51.24 - Copy.png:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Kylie McFarland\Desktop\Screenshot 2017-02-27 15.51.24.png:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\sharepoint.com -> hxxps://stluciepublicschools-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 02:24 - 2015-10-30 02:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kylie McFarland\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.114.81.1 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6364823B-ED6F-48C4-A328-402CB4319088}] => (Allow) LPort=54925
FirewallRules: [{A61E6C9D-0A70-41DC-91D8-656C8B6692F0}] => (Allow) C:\Program Files (x86)\Brother\Brmfl14e\FAXRX.EXE
FirewallRules: [{3C373903-F33F-4DFA-8F1C-3816DE55DFAC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{FE57F1E4-C775-4E8C-902A-2AB3945593EE}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{48061787-4B09-4003-B785-57170B88BABF}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{7829E694-0C8D-455A-B45B-A6E4FF3B7F30}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyCrashService.exe
FirewallRules: [{2E85C9D8-0042-4603-B2F0-B34CC825210E}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyCrashService.exe
FirewallRules: [{85460138-C931-4171-A331-257D93CD66BB}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyWebHelper.exe
FirewallRules: [{BB4F3BDC-A109-483E-9E6B-176E94DD1059}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyWebHelper.exe
FirewallRules: [{F404A27D-7C4B-4D73-BED9-1C3E8323F33C}] => (Allow) C:\Program Files (x86)\Spotify\Spotify.exe
FirewallRules: [{25DE307E-A33D-4993-8AFD-8D3C2CC8816E}] => (Allow) C:\Program Files (x86)\Spotify\Spotify.exe
FirewallRules: [{BF49B1FD-29A3-4435-9904-C68548F9887F}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{C9BE4ABE-8486-4F97-A072-65302DD5E6FC}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{0948B83B-9514-4C2B-912C-CDA339A222F6}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{1BC55276-8EC0-41F3-B950-0F0587F094E7}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{062B37BF-3CA4-49F0-A55B-0FB375873097}] => (Allow) C:\Program Files\Avid\Application Manager\jre\bin\java.exe
FirewallRules: [{649BED38-371C-4B28-A9BF-EE0CFCA5DAD9}] => (Allow) C:\Program Files\Avid\Application Manager\AvidApplicationManager.exe
FirewallRules: [{8B35E804-74E4-430A-AB25-98965567B4CE}] => (Allow) C:\Program Files\Avid\Application Manager\AvidAppManHelper.exe
FirewallRules: [TCP Query User{1E82B8E6-DEF8-4B92-9E66-6005CA7BCAB9}C:\users\kylie mcfarland\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kylie mcfarland\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{913A1253-D2D1-4A06-BBBB-A39E68C0DBDB}C:\users\kylie mcfarland\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kylie mcfarland\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E7D735F0-24DD-4FA2-9E8D-F58B17AE4BDD}] => (Block) C:\users\kylie mcfarland\appdata\roaming\spotify\spotify.exe
FirewallRules: [{2D8380A3-08AA-48A8-9B66-64DFCF1830C9}] => (Block) C:\users\kylie mcfarland\appdata\roaming\spotify\spotify.exe
FirewallRules: [{69104ED9-3A30-4C67-B7CE-E2DD71F39FD4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F968E078-A183-4F3D-8EA0-6E48DDDB46F9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{EC1E46C0-028C-4554-AD84-E013F1EFE48A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{666450D2-F7E4-43B3-99D2-791C7BB95E93}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{AD90DCF7-40ED-475E-A3F4-A4AB93925AC6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0F25C50B-D148-4481-B3E6-A69E28BE08B5}] => (Allow) LPort=2869
FirewallRules: [{976BA78B-06C3-48E9-A0D6-C0DDAC83C8F9}] => (Allow) LPort=1900
FirewallRules: [{DE7960BB-CCF3-4DAF-8F3F-4D0365C9C0A6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E26B391C-E3EB-4908-985A-B5B907319634}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{38041E2E-0060-4A6F-9531-ACDB5902206B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{99A6F8BA-F9B8-48A1-82BB-64F594EA7470}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{897919C1-DBC4-44A0-821D-626B6B8340A9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{94E63FF0-0A30-4772-9148-169CA6A36F42}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{87ED128A-53DE-4150-A9B3-68A994D265A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{F1309AC4-4812-46F1-8C63-44AF9FA7B015}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{D393757F-124B-472C-B539-33251CECEB0E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EAFBE697-0CBE-4D6E-82E3-43BDDBB0C5D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A51FB09D-E7EF-431A-83BB-C62EFDC69537}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{18F4F234-9D90-4EFB-8E36-15D57F0EE186}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C69EC54F-0BD8-4ACD-807B-4013247FCB44}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{6E6447CA-F559-4A87-9965-E4DE1C0C0ACF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1BA67908-BB59-4206-AB86-0E46B7B04D33}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/09/2017 07:27:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1250
 
Error: (03/09/2017 07:27:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1250
 
Error: (03/09/2017 07:27:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/09/2017 06:02:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2250
 
Error: (03/09/2017 06:02:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2250
 
Error: (03/09/2017 06:02:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/09/2017 06:02:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1094
 
Error: (03/09/2017 06:02:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1094
 
Error: (03/09/2017 06:02:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/09/2017 04:13:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10063
 
 
System errors:
=============
Error: (03/09/2017 07:27:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/09/2017 06:02:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/09/2017 04:13:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/09/2017 03:54:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (03/09/2017 11:26:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/09/2017 10:55:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/08/2017 08:36:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/08/2017 08:03:50 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-F5CM8M5)
Description: The server App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.
 
Error: (03/08/2017 08:03:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/08/2017 03:04:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 65%
Total physical RAM: 12147.72 MB
Available physical RAM: 4185.09 MB
Total Virtual: 14003.72 MB
Available Virtual: 3594.98 MB
 
==================== Drives ================================
 
Drive c: (TIS0008500E) (Fixed) (Total:930.79 GB) (Free:242.08 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
RKinner
Posted 12 March 2017 - 01:11 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
 
Do:
 
Process Explorer
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
 
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 
 
Let's also run Rogue Killer
 
Click on the download button for
 
Portable 64 bits
 
Download and Save.
 
 
 
Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe)
 
click on the Start Scan button
 
click on the Start Scan button again
 
Will take about 20 minutes to complete.
 
Open Report
Export TXT (save it to your desktop as rk) Save
 
Do not let Rogue Killer remove anything until you hear from me.  Leave Rogue Killer up (but minimized) so you won't have to rescan.

Open rk.txt and copy and paste it to your next Reply. 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP