Hello everyone,
My computer is extremely slow and the CMD keeps popping up. Please help.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by Kylie McFarland (administrator) on DESKTOP-F5CM8M5 (09-03-2017 20:43:35)
Running from C:\Users\Kylie McFarland\Desktop
Loaded Profiles: Kylie McFarland (Available Profiles: Kylie McFarland)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_75bf0d025ab049e0\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\TOSTABSYSSVC.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\McCSPServiceHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_75bf0d025ab049e0\igfxEM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\Chroma Tune for TOSHIBA\ChromaTune.exe
() C:\Program Files\TOSHIBA\System Setting\Hotkey\TCrdKBB.exe
(Spotify Ltd) C:\Users\Kylie McFarland\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Kylie McFarland\AppData\Roaming\Spotify\Spotify.exe
(Flux Software LLC) C:\Users\Kylie McFarland\AppData\Local\FluxSoftware\Flux\flux.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Spotify Ltd) C:\Users\Kylie McFarland\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Kylie McFarland\AppData\Roaming\Spotify\Spotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_75bf0d025ab049e0\IntelCpHeciSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Application Manager\AvidApplicationManager.exe
() C:\Program Files\Avid\Application Manager\QtWebEngineProcess.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Application Manager\AvidAppManHelper.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [559920 2015-10-09] (TOSHIBA Corporation)
HKLM\...\Run: [ChromaTuneTOSHIBAx64] => C:\Program Files\Portrait Displays\Chroma Tune for TOSHIBA\ChromaTune.exe [3018528 2015-06-01] (Portrait Displays, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3937448 2015-07-21] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [27308304 2017-03-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated)
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\Run: [Spotify Web Helper] => C:\Users\Kylie McFarland\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-21] (Spotify Ltd)
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\Run: [Spotify] => C:\Users\Kylie McFarland\AppData\Roaming\Spotify\Spotify.exe [7067760 2017-02-21] (Spotify Ltd)
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\Run: [f.lux] => C:\Users\Kylie McFarland\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avid Application Manager.lnk [2016-11-21]
ShortcutTarget: Avid Application Manager.lnk -> C:\Windows\Installer\{99E377DB-D2D0-44A5-8533-AA8BE1381644}\NewShortcut1_E1E0FF1FC1474601A40EFEF248F11D43.exe (Flexera Software LLC)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{afc94792-10e7-43f6-a597-a0c8133408a7}: [DhcpNameServer] 75.114.81.1 75.114.81.2
Internet Explorer:
==================
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.new.toshiba.com?cid=H16C1
SearchScopes: HKU\S-1-5-21-1176222283-3520375575-650995412-1001 -> DefaultScope {FEE638D5-96D0-4558-97E5-76AE0770DFCB} URL =
SearchScopes: HKU\S-1-5-21-1176222283-3520375575-650995412-1001 -> {FEE638D5-96D0-4558-97E5-76AE0770DFCB} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-02] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-02] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-03-02] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-02] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-02] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2017-02-10] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2017-02-10] (McAfee, Inc.)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-24]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-03-04] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-02-10] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-02-10] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2016-09-16] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems)
Chrome:
=======
CHR HomePage: Default -> hxxps://search-startpage.com/?s=toshibaupd&m=home&brw=ch
CHR StartupUrls: Default -> "hxxps://search-startpage.com/?s=toshibaupd&m=start&brw=ch"
CHR Profile: C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default [2017-03-09]
CHR Extension: (Google Slides) - C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-20]
CHR Extension: (Google Docs) - C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-20]
CHR Extension: (Google Drive) - C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-20]
CHR Extension: (YouTube) - C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-20]
CHR Extension: (Google Sheets) - C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-20]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-02-26]
CHR Extension: (Google Docs Offline) - C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-20]
CHR Extension: (Chrome Media Router) - C:\Users\Kylie McFarland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [102064 2017-02-28] ()
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3735744 2017-03-02] (Microsoft Corporation)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1747800 2017-02-16] (Intel Security)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_75bf0d025ab049e0\IntelCpHeciSvc.exe [302584 2017-01-15] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_75bf0d025ab049e0\IntelCpHDCPSvc.exe [480248 2017-01-15] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-31] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-31] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-01-20] (Dropbox, Inc.)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-16] (WildTangent)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_75bf0d025ab049e0\igfxCUIService.exe [342008 2017-01-15] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-24] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-22] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-23] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [379896 2015-07-03] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe [2054080 2017-02-03] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1342904 2017-02-01] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-11-29] ()
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [323320 2016-08-26] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-21] (Synaptics Incorporated)
R2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [330032 2015-11-20] (TOSHIBA)
R2 TOSTABSYSSVC; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\TOSTABSYSSVC.exe [240432 2015-10-26] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-11-29] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-02-24] ()
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_75bf0d025ab049e0\igdkmd64.sys [11058168 2017-01-15] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-08] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-03-08] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-08] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-09] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 Netwtw02; C:\WINDOWS\System32\drivers\Netwtw02.sys [7075568 2015-08-23] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7918840 2016-12-19] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [301784 2015-06-01] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-21] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45728 2015-08-07] (Toshiba Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-09 20:43 - 2017-03-09 20:46 - 00034181 _____ C:\Users\Kylie McFarland\Desktop\FRST.txt
2017-03-09 20:41 - 2017-03-09 20:43 - 00000000 ____D C:\FRST
2017-03-09 20:40 - 2017-03-09 20:41 - 02423808 _____ (Farbar) C:\Users\Kylie McFarland\Desktop\FRST64.exe
2017-03-09 20:35 - 2017-03-09 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-03-09 16:34 - 2017-03-09 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-08 19:07 - 2017-03-08 19:08 - 00013739 ____H C:\Users\Kylie McFarland\Desktop\~WRL1611.tmp
2017-03-08 17:59 - 2017-03-09 17:24 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-08 17:59 - 2017-03-08 17:59 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-08 17:59 - 2017-03-08 17:59 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-08 17:58 - 2017-03-08 17:58 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-08 17:58 - 2017-03-08 17:58 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-08 17:58 - 2017-03-08 17:58 - 00001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-08 17:58 - 2017-03-08 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-08 17:58 - 2017-03-08 17:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-08 17:58 - 2017-03-08 17:58 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-08 17:58 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-08 17:56 - 2017-03-08 17:57 - 57131432 _____ (Malwarebytes ) C:\Users\Kylie McFarland\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-08 14:02 - 2017-03-08 14:02 - 00004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-03-06 15:50 - 2017-03-06 15:50 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-03-06 12:30 - 2017-03-06 12:30 - 00143301 _____ C:\Users\Kylie McFarland\Downloads\ACG 2021 - Definitions for Block 2.pdf
2017-03-01 21:24 - 2017-03-01 21:24 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-02-27 10:58 - 2017-03-09 19:09 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-02-26 19:27 - 2017-02-26 19:28 - 01683476 _____ C:\Users\Kylie McFarland\Downloads\Purdue OWL sample APA paper.pdf
2017-02-26 19:20 - 2017-02-26 19:20 - 02711952 _____ C:\Users\Kylie McFarland\Downloads\ACG 2021 Chapter Five Power Point S17.pptx
2017-02-24 15:51 - 2016-07-20 10:12 - 00170992 _____ C:\Users\Kylie McFarland\Desktop\received_1143355222387914.jpeg
2017-02-24 15:51 - 2016-07-20 09:49 - 00593842 _____ C:\Users\Kylie McFarland\Desktop\received_1143355615721208.jpeg
2017-02-22 12:08 - 2017-02-22 12:08 - 00079120 _____ C:\Users\Kylie McFarland\Downloads\ACG 2021 Chapter Five Handouts S16.pptx
2017-02-21 22:59 - 2017-02-26 19:43 - 00018291 ____H C:\Users\Kylie McFarland\Desktop\~WRL0005.tmp
2017-02-21 22:59 - 2017-02-21 23:01 - 00017392 ____H C:\Users\Kylie McFarland\Desktop\~WRL3781.tmp
2017-02-17 16:13 - 2017-02-17 16:13 - 00673496 _____ C:\Users\Kylie McFarland\Downloads\ACG 2021Handouts for Chapter 4 S16.pptx
2017-02-15 12:23 - 2017-02-15 12:23 - 00673282 _____ C:\Users\Kylie McFarland\Downloads\ACG 2021Handouts for Chapter 4 S16-1.pptx
2017-02-14 16:38 - 2017-02-07 11:39 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-13 13:13 - 2017-02-13 13:13 - 00000000 ___RD C:\Users\Kylie McFarland\3D Objects
2017-02-13 13:12 - 2017-02-13 13:12 - 00000000 ____D C:\Users\Kylie McFarland\AppData\Roaming\me.digi
2017-02-13 09:57 - 2017-02-13 11:23 - 00000000 ____D C:\Users\Kylie McFarland\Desktop\Spring 17
2017-02-13 09:57 - 2017-02-13 09:58 - 00000000 ____D C:\Users\Kylie McFarland\Desktop\New Folders
2017-02-13 09:43 - 2017-03-03 15:36 - 00000000 ____D C:\Users\Kylie McFarland\Desktop\Marketing
2017-02-11 09:44 - 2017-02-11 09:44 - 00088473 _____ C:\Users\Kylie McFarland\Downloads\Co-Signer Form ASHTON (5).pdf
2017-02-11 09:44 - 2017-02-11 09:44 - 00088473 _____ C:\Users\Kylie McFarland\Downloads\Co-Signer Form ASHTON (4).pdf
2017-02-11 09:44 - 2017-02-11 09:44 - 00088473 _____ C:\Users\Kylie McFarland\Downloads\Co-Signer Form ASHTON (3).pdf
2017-02-10 13:42 - 2017-02-10 13:42 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-10 13:42 - 2017-02-10 13:42 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-07 17:16 - 2017-02-07 17:16 - 00088473 _____ C:\Users\Kylie McFarland\Downloads\Co-Signer Form ASHTON (2).pdf
2017-02-07 17:15 - 2017-02-07 17:15 - 00088473 _____ C:\Users\Kylie McFarland\Downloads\Co-Signer Form ASHTON (1).pdf
2017-02-07 17:14 - 2017-02-07 17:14 - 00088473 _____ C:\Users\Kylie McFarland\Downloads\Co-Signer Form ASHTON.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-09 20:28 - 2016-08-24 12:20 - 00000000 ____D C:\Users\Kylie McFarland\AppData\Local\Spotify
2017-03-09 20:27 - 2016-09-25 20:14 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-09 17:18 - 2017-01-22 17:44 - 00004186 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B8E21B1B-BE73-4471-86AF-5DBEBF2069DD}
2017-03-09 16:36 - 2016-08-31 11:49 - 00000000 ___RD C:\Users\Kylie McFarland\Dropbox
2017-03-09 16:35 - 2016-03-25 05:58 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-09 16:31 - 2016-08-24 12:19 - 00000000 ____D C:\Users\Kylie McFarland\AppData\Roaming\Spotify
2017-03-09 16:29 - 2016-10-07 15:26 - 00000000 ____D C:\Users\Kylie McFarland\AppData\Local\Adobe
2017-03-09 15:52 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-09 10:49 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-08 11:55 - 2016-08-20 09:26 - 00000000 ____D C:\Users\Kylie McFarland\AppData\Local\App Place for Toshiba
2017-03-08 11:45 - 2016-08-25 22:01 - 00000000 ____D C:\Users\Kylie McFarland\AppData\Roaming\Skype
2017-03-08 11:44 - 2017-01-16 10:02 - 00000000 ___RD C:\Users\Kylie McFarland\iCloudDrive
2017-03-08 11:43 - 2016-12-25 16:47 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-08 11:41 - 2016-08-20 09:26 - 00000000 __SHD C:\Users\Kylie McFarland\IntelGraphicsProfiles
2017-03-08 11:40 - 2016-09-25 20:22 - 00000000 ____D C:\Users\Kylie McFarland
2017-03-08 11:39 - 2016-09-25 20:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-06 21:21 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-03-03 16:09 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-03 16:08 - 2016-03-25 06:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-03 15:37 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-03-01 21:24 - 2017-02-03 17:50 - 00002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmazonAssistant.lnk
2017-03-01 12:59 - 2016-09-25 20:41 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-03-01 12:59 - 2016-09-25 20:41 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-02-27 19:58 - 2016-12-14 18:33 - 00003310 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-27 19:58 - 2016-08-21 19:38 - 00002404 _____ C:\Users\Kylie McFarland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-27 19:58 - 2016-08-20 09:30 - 00000000 ___RD C:\Users\Kylie McFarland\OneDrive
2017-02-26 23:29 - 2016-08-20 09:26 - 00000000 ____D C:\Users\Kylie McFarland\AppData\Local\Packages
2017-02-26 19:27 - 2016-08-25 22:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-26 19:21 - 2016-08-25 22:03 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-24 16:24 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-13 09:58 - 2017-01-01 20:56 - 00000000 ____D C:\Users\Kylie McFarland\Desktop\PHOTO
==================== Files in the root of some directories =======
2016-11-21 14:39 - 2016-11-21 14:39 - 0000604 ____H () C:\Program Files (x86)\Br1S
2016-11-21 14:31 - 2016-11-21 14:31 - 1575370 _____ () C:\Users\Kylie McFarland\AppData\Roaming\AvidApplicationManager_Install.log
2017-02-13 13:12 - 2017-02-13 13:12 - 0000258 _____ () C:\Users\Kylie McFarland\AppData\Local\digi.me-Internal-Helper.log
2016-09-25 20:16 - 2016-09-25 20:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
2017-01-07 22:58 - 2017-01-07 22:58 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext11142030291533485.dll
2016-11-22 13:05 - 2016-11-22 13:06 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext1220965999079692697.dll
2016-12-06 10:48 - 2016-12-06 10:48 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext125451587652733510.dll
2016-12-06 10:49 - 2016-12-06 10:49 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext1258841136708843965.dll
2016-12-05 23:43 - 2016-12-05 23:43 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext1584672743979665973.dll
2016-12-27 23:38 - 2016-12-27 23:38 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext2077103210606500094.dll
2017-01-06 13:57 - 2017-01-06 13:57 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext2152539649107661038.dll
2016-11-21 14:40 - 2016-11-21 14:40 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext240219430093385370.dll
2016-11-24 12:27 - 2016-11-24 12:27 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext2413568598558344315.dll
2017-01-07 23:10 - 2017-01-07 23:10 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext2450596995055893917.dll
2017-01-07 13:10 - 2017-01-07 13:10 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext2790604166316202425.dll
2016-12-12 08:10 - 2016-12-12 08:10 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext2818353074128452874.dll
2016-12-31 00:58 - 2016-12-31 00:58 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext2904386541787684632.dll
2017-01-03 15:12 - 2017-01-03 15:12 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext2930280568925712597.dll
2016-12-23 22:11 - 2016-12-23 22:11 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext300215956878438413.dll
2016-11-30 08:25 - 2016-11-30 08:25 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext3033098397045066273.dll
2016-12-19 12:01 - 2016-12-19 12:01 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext3181854325650580446.dll
2016-12-06 16:36 - 2016-12-06 16:36 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext3851655030422222077.dll
2016-12-23 14:09 - 2016-12-23 14:09 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext3929343465193323303.dll
2016-12-31 00:56 - 2016-12-31 00:56 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext4177695764379234643.dll
2016-12-08 15:49 - 2016-12-08 15:49 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext4191458941260304294.dll
2016-11-29 23:47 - 2016-11-29 23:47 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext4579305488145237072.dll
2016-11-30 18:31 - 2016-11-30 18:31 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext461866442848525165.dll
2016-12-25 00:51 - 2016-12-25 00:51 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5052818807617536038.dll
2016-12-02 13:23 - 2016-12-02 13:23 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext507536794823114444.dll
2016-11-24 12:30 - 2016-11-24 12:30 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5158695721042234349.dll
2016-11-22 13:49 - 2016-11-22 13:49 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5189128375610296495.dll
2016-12-02 13:34 - 2016-12-02 13:34 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5237708321298925734.dll
2016-11-29 12:06 - 2016-11-29 12:06 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5323490126234642197.dll
2016-12-15 17:23 - 2016-12-15 17:23 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5340099635981723250.dll
2016-12-13 14:10 - 2016-12-13 14:10 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5392083961885581945.dll
2016-12-01 17:07 - 2016-12-01 17:07 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5493771969510168850.dll
2016-12-12 17:50 - 2016-12-12 17:50 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext552553432897856769.dll
2016-11-22 22:27 - 2016-11-22 22:27 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext56176752763730187.dll
2016-11-22 12:03 - 2016-11-22 12:03 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5669151882075152064.dll
2017-01-10 09:53 - 2017-01-10 09:53 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext571606586876947616.dll
2016-12-19 17:18 - 2016-12-19 17:18 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5728638858994728780.dll
2016-12-17 01:00 - 2016-12-17 01:00 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5746727722213736666.dll
2016-12-25 08:48 - 2016-12-25 08:48 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5777867671070179955.dll
2016-12-11 00:43 - 2016-12-11 00:43 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext5794447246494544269.dll
2016-12-05 14:43 - 2016-12-05 14:43 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext6088358457869937811.dll
2016-12-27 11:57 - 2016-12-27 11:57 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext6112725453800717142.dll
2016-12-14 14:35 - 2016-12-14 14:35 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext6177696777127060058.dll
2017-01-02 01:23 - 2017-01-02 01:23 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext6249637177487091781.dll
2016-12-31 11:01 - 2016-12-31 11:01 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext630362675338826714.dll
2016-11-30 12:42 - 2016-11-30 12:42 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext6475115811065085854.dll
2016-12-02 08:29 - 2016-12-02 08:29 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext6717283325869078458.dll
2016-11-29 13:41 - 2016-11-29 13:41 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext6731291073618412288.dll
2016-12-28 23:58 - 2016-12-28 23:58 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext697139318977930927.dll
2016-11-23 10:41 - 2016-11-23 10:41 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext7083731519726470188.dll
2016-12-09 04:27 - 2016-12-09 04:27 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext7094681995895828039.dll
2016-11-26 01:16 - 2016-11-26 01:16 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext7172788450789200068.dll
2016-12-07 17:05 - 2016-12-07 17:05 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext7339412193734789061.dll
2016-12-18 10:47 - 2016-12-18 10:47 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext7576203505414247519.dll
2016-11-28 17:28 - 2016-11-28 17:28 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext7578393393707143404.dll
2017-01-07 22:30 - 2017-01-07 22:30 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext786139258354987879.dll
2016-12-16 17:51 - 2016-12-16 17:51 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext8170777302129152379.dll
2017-01-10 09:36 - 2017-01-10 09:36 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext81966837122874324.dll
2017-01-04 15:38 - 2017-01-04 15:38 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext8364891532524950752.dll
2016-12-12 20:43 - 2016-12-12 20:43 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext839259246722324053.dll
2017-01-06 13:56 - 2017-01-06 13:56 - 0152576 _____ () C:\Users\Kylie McFarland\AppData\Local\Temp\ext919815768354557693.dll
2016-10-06 07:16 - 2016-10-06 07:16 - 58523704 _____ (SweetLabs,Inc.) C:\Users\Kylie McFarland\AppData\Local\Temp\octC58D.tmp.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-27 20:55
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
Ran by Kylie McFarland (09-03-2017 20:51:53)
Running from C:\Users\Kylie McFarland\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-26 01:44:45)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1176222283-3520375575-650995412-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1176222283-3520375575-650995412-503 - Limited - Disabled)
Guest (S-1-5-21-1176222283-3520375575-650995412-501 - Limited - Disabled)
Kylie McFarland (S-1-5-21-1176222283-3520375575-650995412-1001 - Administrator - Enabled) => C:\Users\Kylie McFarland
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
12 Labours of Hercules III: Girl Power (x32 Version: 3.0.2.118 - WildTangent) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Amazon Assistant (HKLM-x32\...\{5437E77B-E4B5-45E7-BD33-95C3F0AA6602}) (Version: 10.17.0228 - Amazon) <==== ATTENTION
App Place for Toshiba (HKLM-x32\...\App Place for Toshiba) (Version: 4.13.22 - IS AppCloud Software)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avid Application Manager (HKLM\...\{99E377DB-D2D0-44A5-8533-AA8BE1381644}) (Version: 2.5.8.13040 - Avid Technology, Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bluetooth® Link (HKLM\...\{936D21BF-3344-4B20-BC4C-3B67580C19F5}) (Version: 4.3.04 - Toshiba Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J4320DW (HKLM-x32\...\{7FC49664-DAA4-4E7C-ADD0-614ABB43691B}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Chroma Tune for TOSHIBA (HKLM\...\{CD1AE048-DC88-4615-9A5F-7E607C000736}) (Version: 2.06.7 - Portrait Displays, Inc.)
Cities: Skylines (HKLM\...\Steam App 255710) (Version: - Colossal Order Ltd.)
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6312.0 - CyberLink Corp.)
CyberLink PhotoDirector 5 (Version: 5.0.6312.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4425.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.4425.0 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
digi.me (HKLM-x32\...\digi.me) (Version: 7.0.9 - digi.me Limited)
Dropbox (HKLM-x32\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DTS Sound (HKLM-x32\...\{793B70D2-41E9-46AB-9DDC-B34C99D07DB5}) (Version: 1.02.4100 - DTS, Inc.)
f.lux (HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\Flux) (Version: - )
Family Vacation 2: Road Trip (x32 Version: 3.0.2.59 - WildTangent) Hidden
Finale (HKLM\...\{48133FCD-8D55-4D52-A668-D1A988FC00C4}) (Version: 25.0.0.6858 - MakeMusic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden
iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.)
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4574 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® WiDi (HKLM\...\{5DD8D7E4-87F1-4134-AD28-4228FB1A03BA}) (Version: 6.0.44.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (x32 Version: 1.1.383 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{31C74FA2-2AB9-41C3-BFBE-693283E4C28B}) (Version: 17.1.1527.1534 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{5853172b-5520-4089-9ef4-e26c594382b3}) (Version: 19.30.0 - Intel Corporation)
Jewel Match Snowscapes (x32 Version: 3.0.2.118 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.12000 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.235 - McAfee, Inc.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7870.2013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
MMFonts (HKLM-x32\...\{1DD5D3E6-8DF5-4657-8825-713C499CDCC0}) (Version: 1.1.1.1 - MakeMusic, Inc.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MuseScore 2 (HKLM-x32\...\{4F0E15EA-F64C-11E5-9992-E717EA7DB0C8}) (Version: 2.0.3 - Werner Schweer and Others)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7870.2013 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7830.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7870.2013 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10130.29089 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.)
Rory's Restaurant (x32 Version: 3.0.2.126 - WildTangent) Hidden
Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden
Sibelius (HKLM\...\{6420DC80-3BCF-4C96-A209-B0C5D26E140D}) (Version: 8.4.2.231 - Avid Technology)
Sibelius 7 OpenType Fonts (HKLM-x32\...\{623C2BD8-1B28-4F98-B578-E9D139827269}) (Version: 7.1.3 - Avid)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.8 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 3.0.2.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{0B39C39A-3ECE-4582-9C91-842D22819A24}) (Version: 2.0.1.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.4.6401 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 4.17.000 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 2.02.0002.02 - Toshiba Corporation)
TOSHIBA System Settings (HKLM\...\{B040D5C9-C9AA-430A-A44E-696656012E61}) (Version: 3.0.7.6401 - Toshiba Corporation)
TOSHIBA User Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.03 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.1.2 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.16 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11552 - WinZip Computing, S.L. )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1176222283-3520375575-650995412-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-9A43B719B35A}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-1176222283-3520375575-650995412-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0488F793-6CA9-4EA7-8C9D-0A58D0AF223B} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-24] (Intel Corporation)
Task: {0AC20E7F-86D3-4C90-AB66-C99A4C49884C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {13D00CF9-C38C-4CA3-8098-B985FCD803C8} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {1B2A8F40-BA5B-4E97-AAAA-A58E07DF6C6F} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-12-09] (McAfee, Inc.)
Task: {2CFC239E-BEA1-42D5-8BF7-AB22A27DDB1E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-03-03] (Microsoft Corporation)
Task: {363B01B7-9D61-4BCC-8D31-8C9E9459C7C8} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-02-05] (McAfee, Inc.)
Task: {43123D0B-3D81-47D0-B3A3-167ADB71F6F0} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2015-05-27] ()
Task: {4CD44EB3-7F9F-4274-A422-B33031FE2972} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-02] (Microsoft Corporation)
Task: {4FF70877-C232-4E44-8D53-6BF0EB6BEFB4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-20] (Google Inc.)
Task: {50C899AF-24EA-49B6-ACB6-46E5CF255E3A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Kylie McFarland\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {5200C11C-F391-4668-8C8A-A44E44B2D333} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-20] (Google Inc.)
Task: {6EF41C9F-F0B2-47F8-9F7B-F7AAA47BD227} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-08-26] (Realtek Semiconductor)
Task: {843D5838-C047-45E7-BFFF-3D9C593F63C8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-31] (Dropbox, Inc.)
Task: {855E7E96-DF11-42F6-BCD0-1340539A9613} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-24] (Intel Corporation)
Task: {8C6B3D34-08FB-4643-86FC-488286BE750C} - System32\Tasks\IS AppCloud Software\App Place for Toshiba => C:\Program Files (x86)\Toshiba\AppPlace\toshibaappplace.exe [2016-06-08] (IS AppCloud Software)
Task: {8EE4A2D9-50CE-4030-A824-B713A3B1C603} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {94745968-A700-41A7-A061-C3BE394E461E} - System32\Tasks\BTSchedulerTask => C:\Program Files (x86)\TOSHIBA\Toshiba Bluetooth Device Profile Utility\TosBt_NotificationScheduler.exe [2015-07-08] (Toshiba Corporation)
Task: {ADDC366D-2016-486F-9299-3E69E80EDF45} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-02-05] (McAfee, Inc.)
Task: {C29DFCD4-D868-4381-9F03-923E109DD366} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {C5A7A9D5-FA93-4E84-8A83-B5757C5DC90D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-03-03] (Microsoft Corporation)
Task: {C9F1D663-F7BD-431A-A771-60275393D234} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {CF190811-40A5-4F8E-A8CB-A4ED273382A0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-31] (Dropbox, Inc.)
Task: {D0F3198F-3A0C-4CC3-81C5-5EB3861D957D} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {D6B4EDF5-52F1-4D27-B7BF-24F48EC00ADF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-02] (Microsoft Corporation)
Task: {EFB631C6-83BD-4DEC-B969-5DC6B92CB386} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-F5CM8M5-Kylie McFarland => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {FD9F2C5B-B310-4D31-B90B-9050B2518B3F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-03-03] (Microsoft Corporation)
Task: {FEB36D7A-1300-49CD-81D5-7CF7451ED836} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2015-06-12] (TOSHIBA Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 14:51 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2013-03-27 14:53 - 2013-03-27 14:53 - 00163168 _____ () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
2017-02-28 15:19 - 2017-02-28 15:19 - 00102064 _____ () C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
2017-02-28 15:20 - 2017-02-28 15:20 - 00141488 _____ () C:\Program Files (x86)\Amazon\Amazon Assistant\aaLoader64.dll
2015-10-26 19:16 - 2015-10-26 19:16 - 00240432 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\TOSTABSYSSVC.exe
2016-08-25 21:37 - 2005-04-21 23:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2016-03-25 06:11 - 2014-04-14 20:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-12-14 14:51 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-05-22 18:33 - 2016-05-22 18:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-08-22 19:33 - 2017-02-26 14:32 - 08930496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-26 00:08 - 2016-09-26 00:08 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-15 13:06 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-15 13:05 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-15 13:05 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-15 13:05 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-15 13:05 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-15 13:05 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-15 13:05 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-07-18 20:38 - 2012-07-18 20:38 - 00020904 _____ () C:\Program Files\TOSHIBA\System Setting\SmoothView.dll
2013-08-01 16:24 - 2013-08-01 16:24 - 00438112 _____ () C:\Program Files\TOSHIBA\System Setting\Hotkey\TcrdKBB.exe
2015-05-27 14:46 - 2015-05-27 14:46 - 00019960 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2016-05-22 18:32 - 2016-05-22 18:32 - 31680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-02-06 17:30 - 2017-02-01 04:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 17:30 - 2017-02-01 04:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-02-22 20:23 - 2017-02-22 20:23 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 20:23 - 2017-02-22 20:23 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 20:23 - 2017-02-22 20:23 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 22:12 - 2017-02-06 22:13 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2017-03-08 17:58 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-08 17:58 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-08-15 17:12 - 2016-08-15 17:12 - 00012288 _____ () C:\Program Files\Avid\Application Manager\QtWebEngineProcess.exe
2015-08-12 16:15 - 2015-08-12 16:15 - 07803392 _____ () c:\program files\avid\application manager\jre\bin\server\jvm.dll
2016-08-24 12:20 - 2017-02-21 21:16 - 51777648 _____ () C:\Users\Kylie McFarland\AppData\Roaming\Spotify\libcef.dll
2016-11-03 08:08 - 2017-02-21 21:16 - 00110192 _____ () C:\Users\Kylie McFarland\AppData\Roaming\Spotify\SpotifyWinRT.dll
2016-11-17 01:29 - 2016-11-17 01:29 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-11-17 01:29 - 2016-11-17 01:29 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-08-25 21:37 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-08-24 07:45 - 2016-08-24 07:45 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-08-24 12:20 - 2017-02-21 21:16 - 01803888 _____ () C:\Users\Kylie McFarland\AppData\Roaming\Spotify\libglesv2.dll
2016-08-24 12:20 - 2017-02-21 21:16 - 00086128 _____ () C:\Users\Kylie McFarland\AppData\Roaming\Spotify\libegl.dll
2016-06-07 23:10 - 2016-06-07 23:10 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-06-07 23:10 - 2016-06-07 23:10 - 00205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-06-07 23:10 - 2016-06-07 23:10 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-06-07 23:10 - 2016-06-07 23:10 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-08-24 07:24 - 2016-08-24 07:24 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-06-07 23:10 - 2016-06-07 23:10 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-08-22 19:19 - 2017-03-02 16:27 - 00252608 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\IEAWSDC.DLL
2017-03-09 16:33 - 2017-03-06 15:59 - 00807232 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-01-15 11:28 - 2017-02-08 21:19 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-01-15 11:28 - 2017-02-08 21:19 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-01-15 11:28 - 2017-02-08 21:19 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-01-15 11:28 - 2017-03-06 16:01 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-01-15 11:28 - 2017-02-08 21:19 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-01-15 11:28 - 2017-02-08 21:20 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-03-09 16:33 - 2017-02-08 21:19 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-03-09 16:33 - 2017-02-08 21:20 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-03-09 16:33 - 2017-02-08 21:19 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-01-15 11:28 - 2017-02-08 21:22 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-01-15 11:28 - 2017-03-06 16:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-03-09 16:33 - 2017-02-08 21:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-03-09 16:33 - 2017-02-08 21:22 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-01-15 11:28 - 2017-03-06 16:01 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-01-15 11:28 - 2017-03-06 16:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-01-15 11:28 - 2017-02-08 21:21 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-01-15 11:28 - 2017-03-06 16:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-01-15 11:28 - 2017-02-08 21:20 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-02-27 19:56 - 2017-03-06 16:01 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-24 00:05 - 2017-03-06 16:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-01-15 11:28 - 2017-03-06 16:01 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-01-24 00:05 - 2017-03-06 16:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-24 00:05 - 2017-03-06 16:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-24 00:05 - 2017-03-06 16:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-01-15 11:28 - 2017-03-06 16:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-03-09 16:33 - 2017-02-08 21:17 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-03-09 16:33 - 2017-03-06 16:01 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-03-09 16:33 - 2016-12-02 16:44 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-03-09 16:33 - 2017-03-06 16:01 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-03-09 16:33 - 2017-02-08 21:27 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-03-09 16:33 - 2017-02-08 21:27 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-03-09 16:33 - 2017-03-06 16:01 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-01-15 11:28 - 2017-02-08 21:22 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-01-15 11:28 - 2017-03-06 16:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-03-09 16:33 - 2017-03-06 16:01 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Kylie McFarland\Desktop\Screenshot 2017-02-27 15.51.14 - Copy.png:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Kylie McFarland\Desktop\Screenshot 2017-02-27 15.51.14.png:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Kylie McFarland\Desktop\Screenshot 2017-02-27 15.51.24 - Copy.png:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Kylie McFarland\Desktop\Screenshot 2017-02-27 15.51.24.png:com.dropbox.attributes [168]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1176222283-3520375575-650995412-1001\...\sharepoint.com -> hxxps://stluciepublicschools-files.sharepoint.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 02:24 - 2015-10-30 02:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1176222283-3520375575-650995412-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kylie McFarland\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.114.81.1 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6364823B-ED6F-48C4-A328-402CB4319088}] => (Allow) LPort=54925
FirewallRules: [{A61E6C9D-0A70-41DC-91D8-656C8B6692F0}] => (Allow) C:\Program Files (x86)\Brother\Brmfl14e\FAXRX.EXE
FirewallRules: [{3C373903-F33F-4DFA-8F1C-3816DE55DFAC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{FE57F1E4-C775-4E8C-902A-2AB3945593EE}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{48061787-4B09-4003-B785-57170B88BABF}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{7829E694-0C8D-455A-B45B-A6E4FF3B7F30}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyCrashService.exe
FirewallRules: [{2E85C9D8-0042-4603-B2F0-B34CC825210E}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyCrashService.exe
FirewallRules: [{85460138-C931-4171-A331-257D93CD66BB}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyWebHelper.exe
FirewallRules: [{BB4F3BDC-A109-483E-9E6B-176E94DD1059}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyWebHelper.exe
FirewallRules: [{F404A27D-7C4B-4D73-BED9-1C3E8323F33C}] => (Allow) C:\Program Files (x86)\Spotify\Spotify.exe
FirewallRules: [{25DE307E-A33D-4993-8AFD-8D3C2CC8816E}] => (Allow) C:\Program Files (x86)\Spotify\Spotify.exe
FirewallRules: [{BF49B1FD-29A3-4435-9904-C68548F9887F}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{C9BE4ABE-8486-4F97-A072-65302DD5E6FC}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{0948B83B-9514-4C2B-912C-CDA339A222F6}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{1BC55276-8EC0-41F3-B950-0F0587F094E7}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{062B37BF-3CA4-49F0-A55B-0FB375873097}] => (Allow) C:\Program Files\Avid\Application Manager\jre\bin\java.exe
FirewallRules: [{649BED38-371C-4B28-A9BF-EE0CFCA5DAD9}] => (Allow) C:\Program Files\Avid\Application Manager\AvidApplicationManager.exe
FirewallRules: [{8B35E804-74E4-430A-AB25-98965567B4CE}] => (Allow) C:\Program Files\Avid\Application Manager\AvidAppManHelper.exe
FirewallRules: [TCP Query User{1E82B8E6-DEF8-4B92-9E66-6005CA7BCAB9}C:\users\kylie mcfarland\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kylie mcfarland\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{913A1253-D2D1-4A06-BBBB-A39E68C0DBDB}C:\users\kylie mcfarland\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kylie mcfarland\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E7D735F0-24DD-4FA2-9E8D-F58B17AE4BDD}] => (Block) C:\users\kylie mcfarland\appdata\roaming\spotify\spotify.exe
FirewallRules: [{2D8380A3-08AA-48A8-9B66-64DFCF1830C9}] => (Block) C:\users\kylie mcfarland\appdata\roaming\spotify\spotify.exe
FirewallRules: [{69104ED9-3A30-4C67-B7CE-E2DD71F39FD4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F968E078-A183-4F3D-8EA0-6E48DDDB46F9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{EC1E46C0-028C-4554-AD84-E013F1EFE48A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{666450D2-F7E4-43B3-99D2-791C7BB95E93}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{AD90DCF7-40ED-475E-A3F4-A4AB93925AC6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0F25C50B-D148-4481-B3E6-A69E28BE08B5}] => (Allow) LPort=2869
FirewallRules: [{976BA78B-06C3-48E9-A0D6-C0DDAC83C8F9}] => (Allow) LPort=1900
FirewallRules: [{DE7960BB-CCF3-4DAF-8F3F-4D0365C9C0A6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E26B391C-E3EB-4908-985A-B5B907319634}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{38041E2E-0060-4A6F-9531-ACDB5902206B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{99A6F8BA-F9B8-48A1-82BB-64F594EA7470}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{897919C1-DBC4-44A0-821D-626B6B8340A9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{94E63FF0-0A30-4772-9148-169CA6A36F42}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{87ED128A-53DE-4150-A9B3-68A994D265A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{F1309AC4-4812-46F1-8C63-44AF9FA7B015}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{D393757F-124B-472C-B539-33251CECEB0E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EAFBE697-0CBE-4D6E-82E3-43BDDBB0C5D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A51FB09D-E7EF-431A-83BB-C62EFDC69537}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{18F4F234-9D90-4EFB-8E36-15D57F0EE186}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C69EC54F-0BD8-4ACD-807B-4013247FCB44}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{6E6447CA-F559-4A87-9965-E4DE1C0C0ACF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1BA67908-BB59-4206-AB86-0E46B7B04D33}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/09/2017 07:27:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1250
Error: (03/09/2017 07:27:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1250
Error: (03/09/2017 07:27:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/09/2017 06:02:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2250
Error: (03/09/2017 06:02:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2250
Error: (03/09/2017 06:02:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/09/2017 06:02:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1094
Error: (03/09/2017 06:02:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1094
Error: (03/09/2017 06:02:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/09/2017 04:13:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10063
System errors:
=============
Error: (03/09/2017 07:27:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/09/2017 06:02:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/09/2017 04:13:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/09/2017 03:54:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (03/09/2017 11:26:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/09/2017 10:55:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/08/2017 08:36:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/08/2017 08:03:50 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-F5CM8M5)
Description: The server App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.
Error: (03/08/2017 08:03:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/08/2017 03:04:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
==================== Memory info ===========================
Processor: Intel® Core i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 65%
Total physical RAM: 12147.72 MB
Available physical RAM: 4185.09 MB
Total Virtual: 14003.72 MB
Available Virtual: 3594.98 MB
==================== Drives ================================
Drive c: (TIS0008500E) (Fixed) (Total:930.79 GB) (Free:242.08 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================