Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

InfoStealer & PUA Programs


  • This topic is locked This topic is locked
9 replies to this topic

#1 TreB5870

TreB5870

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 22 July 2015 - 10:24 PM

ello and thank you in advanced to those willing to help me with my issue, I own an Asus X75A 
Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz 2.60GHz
System type: 64-bit Operating System(link is external), x64-based processor
Windows 8.1
8.00 GB RAM

And have security issues with the programs: PUA.SearchProtect, PUA.Downloader Trojan.Zbot and a couponsupport.exe, Oh! and a Keygen :(

And Norton only has them as quarantined, or even exluded, it won't allow me to remove them and if I do (which i have with a few) I end up just seeing them again 

what should I do?

 

Attached File  DEsktop.jpg   82.52KB   0 downloads



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,268 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:22 AM

Posted 24 July 2015 - 10:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running now?
Wait for further instructions.

Edited by nasdaq, 24 July 2015 - 10:04 AM.


#3 TreB5870

TreB5870
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 24 July 2015 - 01:22 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

 

 
Below is the MBAM Log
 
I will post the other logs once everything is completed
 
 
 
 
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/07/24 12:54:15 -0400</date>
<logfile>mbam-log-2015-07-24 (12-54-14).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.1.8.1057</version>
<malware-database>v2015.07.24.06</malware-database>
<rootkit-database>v2015.07.22.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>Tremain</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>403803</objects>
<time>4056</time>
<processes>0</processes>
<modules>0</modules>
<keys>19</keys>
<values>7</values>
<datas>1</datas>
<folders>9</folders>
<files>24</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{d640ce67-58e4-43c2-9adc-6bb959d7c606}</path><vendor>PUP.Optional.DragonBranch.A</vendor><action>success</action><hash>8016c2235a30a3932cf8a4e2966ce11f</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{78f6156c-0e9d-4756-8ab7-4b7c3dc05e75}</path><vendor>PUP.Optional.DragonBranch.A</vendor><action>success</action><hash>8016c2235a30a3932cf8a4e2966ce11f</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{6575033D-9E87-4BD2-B7E9-75487367CBC4}</path><vendor>PUP.Optional.DragonBranch.A</vendor><action>success</action><hash>8016c2235a30a3932cf8a4e2966ce11f</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6575033D-9E87-4BD2-B7E9-75487367CBC4}</path><vendor>PUP.Optional.DragonBranch.A</vendor><action>success</action><hash>8016c2235a30a3932cf8a4e2966ce11f</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6575033D-9E87-4BD2-B7E9-75487367CBC4}</path><vendor>PUP.Optional.DragonBranch.A</vendor><action>success</action><hash>8016c2235a30a3932cf8a4e2966ce11f</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{78f6156c-0e9d-4756-8ab7-4b7c3dc05e75}</path><vendor>PUP.Optional.DragonBranch.A</vendor><action>success</action><hash>8016c2235a30a3932cf8a4e2966ce11f</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{78f6156c-0e9d-4756-8ab7-4b7c3dc05e75}</path><vendor>PUP.Optional.DragonBranch.A</vendor><action>success</action><hash>8016c2235a30a3932cf8a4e2966ce11f</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D640CE67-58E4-43C2-9ADC-6BB959D7C606}</path><vendor>PUP.Optional.DragonBranch.A</vendor><action>success</action><hash>8016c2235a30a3932cf8a4e2966ce11f</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D640CE67-58E4-43C2-9ADC-6BB959D7C606}</path><vendor>PUP.Optional.DragonBranch.A</vendor><action>success</action><hash>8016c2235a30a3932cf8a4e2966ce11f</hash></key>
<key><path>HKU\S-1-5-21-157683001-3954353896-3537870803-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D640CE67-58E4-43C2-9ADC-6BB959D7C606}</path><vendor>PUP.Optional.DragonBranch.A</vendor><action>success</action><hash>8016c2235a30a3932cf8a4e2966ce11f</hash></key>
<key><path>HKU\S-1-5-21-157683001-3954353896-3537870803-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D640CE67-58E4-43C2-9ADC-6BB959D7C606}</path><vendor>PUP.Optional.DragonBranch.A</vendor><action>success</action><hash>8016c2235a30a3932cf8a4e2966ce11f</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32LDR</path><vendor>PUP.Optional.Trovi.A</vendor><action>success</action><hash>2175bc294c3ec0761abc1e7a1be959a7</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\istart123Software</path><vendor>PUP.Optional.IStart123.ShrtCln</vendor><action>success</action><hash>7b1b25c01d6da690eefa230d38cbf20e</hash></key>
<key><path>HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\The weDownload Manager</path><vendor>PUP.Optional.weDownload.A</vendor><action>success</action><hash>6036cc19414951e526b52425c93a9f61</hash></key>
<key><path>HKU\S-1-5-21-157683001-3954353896-3537870803-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1F420319-CFAC-4443-A25A-20E3E1D9E2F4}</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>078f677e1872d85e415aaee7867ecd33</hash></key>
<key><path>HKU\S-1-5-21-157683001-3954353896-3537870803-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{687BAD38-676D-4E8C-A22E-B8E81FF522DE}</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>25713aabf1990e28cfcb2c69848044bc</hash></key>
<key><path>HKU\S-1-5-21-157683001-3954353896-3537870803-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9E141B0C-3949-453B-954C-97DBC8AA13A3}</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dcbace17b9d16acc7e1d6a2ba06413ed</hash></key>
<key><path>HKU\S-1-5-21-157683001-3954353896-3537870803-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DB34C847-4746-4694-9634-6E2E8510423B}</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>eaacb1344545e1550c8eefa611f316ea</hash></key>
<key><path>HKU\S-1-5-21-157683001-3954353896-3537870803-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0B86DCF8-F9A8-4F42-A79A-D5907EA8490D}</path><vendor>PUP.Optional.Spigot.A</vendor><action>success</action><hash>8a0c18cd2466a294def19975778c3cc4</hash></key>
<value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.exe</path><valuename>{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb</valuename><vendor>PUP.Optional.Trovi.A</vendor><action>success</action><valuedata>130538905434000711</valuedata><hash>2e68c52005853df9b61fa1f7f70dd030</hash></value>
<value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32Ldr</path><valuename>{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb</valuename><vendor>PUP.Optional.Trovi.A</vendor><action>success</action><valuedata>130538905434000711</valuedata><hash>2175bc294c3ec0761abc1e7a1be959a7</hash></value>
<value><path>HKU\S-1-5-21-157683001-3954353896-3537870803-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1F420319-CFAC-4443-A25A-20E3E1D9E2F4}</path><valuename>AppName</valuename><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><valuedata>a4217ec8-d449-479b-989e-daa799215133-2.exe-codedownloader.exe</valuedata><hash>078f677e1872d85e415aaee7867ecd33</hash></value>
<value><path>HKU\S-1-5-21-157683001-3954353896-3537870803-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{687BAD38-676D-4E8C-A22E-B8E81FF522DE}</path><valuename>AppName</valuename><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><valuedata>a4217ec8-d449-479b-989e-daa799215133-2.exe-buttonutil.exe</valuedata><hash>25713aabf1990e28cfcb2c69848044bc</hash></value>
<value><path>HKU\S-1-5-21-157683001-3954353896-3537870803-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9E141B0C-3949-453B-954C-97DBC8AA13A3}</path><valuename>AppName</valuename><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><valuedata>a4217ec8-d449-479b-989e-daa799215133-2.exe-codedownloader.exe</valuedata><hash>dcbace17b9d16acc7e1d6a2ba06413ed</hash></value>
<value><path>HKU\S-1-5-21-157683001-3954353896-3537870803-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DB34C847-4746-4694-9634-6E2E8510423B}</path><valuename>AppName</valuename><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><valuedata>a4217ec8-d449-479b-989e-daa799215133-2.exe-buttonutil.exe</valuedata><hash>eaacb1344545e1550c8eefa611f316ea</hash></value>
<value><path>HKU\S-1-5-21-157683001-3954353896-3537870803-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0B86DCF8-F9A8-4F42-A79A-D5907EA8490D}</path><valuename>URL</valuename><vendor>PUP.Optional.Spigot.A</vendor><action>success</action><valuedata>http://search.yahoo.com/search?fr=chr-greentree_ie&amp;ei=utf-8&amp;ilc=12&amp;type=714647&amp;p={searchTerms}</valuedata><hash>8a0c18cd2466a294def19975778c3cc4</hash></value>
<data><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3A159D03-2F9E-4220-907D-883FF6B3E8CE}</path><valuename>NameServer</valuename><vendor>Trojan.DNSChanger</vendor><action>replaced</action><valuedata>208.69.150.252,208.69.150.250</valuedata><baddata>208.69.150.252,208.69.150.250</baddata><gooddata></gooddata><hash>3a5c479e3e4cd95d0829b38a0401e11f</hash></data>
<folder><path>C:\Users\Tremain\AppData\Roaming\OpenCandy</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>acea6d78008a181e4b524e895fa34fb1</hash></folder>
<folder><path>C:\Users\Tremain\AppData\Roaming\OpenCandy\43F351DFCA4A4EC8B759330B4DD9811C</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>acea6d78008a181e4b524e895fa34fb1</hash></folder>
<folder><path>C:\Users\Tremain\AppData\Roaming\OpenCandy\BBF81496F20B4D0D865BAE90C40869EC</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>acea6d78008a181e4b524e895fa34fb1</hash></folder>
<folder><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></folder>
<folder><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></folder>
<folder><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome\content</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></folder>
<folder><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome\content\mz</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></folder>
<folder><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome\skin</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></folder>
<folder><path>C:\Program Files (x86)\LookSafe Utility</path><vendor>PUP.Optional.LookSafeUtility.F</vendor><action>success</action><hash>b0e66a7bf59547ef2f74e424fd063fc1</hash></folder>
<file><path>C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf</path><vendor>PUP.Optional.WebInstr.A</vendor><action>delete-on-reboot</action><hash></hash></file>
<file><path>C:\Windows\System32\Tasks\GPUP</path><vendor>PUP.Optional.GetPrivateVPN</vendor><action>success</action><hash>aaec35b0c0ca73c34d70bf6a3ac9c13f</hash></file>
<file><path>C:\Users\Tremain\AppData\Roaming\OpenCandy\BBF81496F20B4D0D865BAE90C40869EC\pcmechanicpmUS_p1v2.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>acea6d78008a181e4b524e895fa34fb1</hash></file>
<file><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome.manifest</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></file>
<file><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\install.rdf</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></file>
<file><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome\content\background.html</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></file>
<file><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome\content\button.xml</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></file>
<file><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome\content\config.js</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></file>
<file><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome\content\content.js</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></file>
<file><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome\content\framework.js</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></file>
<file><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome\content\framework.png</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></file>
<file><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome\content\framework.xul</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></file>
<file><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome\content\i128.png</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></file>
<file><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome\content\i16.png</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></file>
<file><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome\content\i32.png</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></file>
<file><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome\content\i48.png</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></file>
<file><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome\content\jquery-1.9.1.min.js</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></file>
<file><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome\content\options.xul</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></file>
<file><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome\content\seesimilar.rdf</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></file>
<file><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome\content\settings.json</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></file>
<file><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome\content\mz\background.js</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></file>
<file><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome\content\mz\content.js</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></file>
<file><path>C:\Users\Tremain\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com\chrome\skin\framework.css</path><vendor>PUP.Optional.SeeSimilar</vendor><action>success</action><hash>55416b7aeb9fd75f49db12dacb3718e8</hash></file>
<file><path>C:\Program Files (x86)\LookSafe Utility\uninstall.exe</path><vendor>PUP.Optional.LookSafeUtility.F</vendor><action>success</action><hash>b0e66a7bf59547ef2f74e424fd063fc1</hash></file>
</items>
</mbam-log>


#4 TreB5870

TreB5870
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 24 July 2015 - 05:09 PM

# AdwCleaner v4.208 - Logfile created 24/07/2015 at 18:06:04
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Tremain - TRELAPTOP
# Running from : C:\Users\Tremain\Downloads\adwcleaner_4.208.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\d775806c017ee32e
 
***** [ Scheduled tasks ] *****
 
Task Deleted : GPUP
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\pc-mechanic
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\foxydeal
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\LookSafe
Key Deleted : HKLM\SOFTWARE\couponsupport
Key Deleted : HKU\.DEFAULT\Software\IBUpdaterService
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v44.0.2403.89
 
 
-\\ Comodo Dragon v
 
 
-\\ Chrome Canary v
 
 
*************************
 
AdwCleaner[R1].txt - [1797 bytes] - [24/07/2015 14:24:39]
AdwCleaner[S1].txt - [1476 bytes] - [24/07/2015 18:06:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1535  bytes] ##########


#5 TreB5870

TreB5870
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 24 July 2015 - 06:23 PM

here is the Addition.txt 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Tremain at 2015-07-24 18:12:42
Running from C:\Users\Tremain\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
9A2235D3F9C9403EA7FB (S-1-5-21-157683001-3954353896-3537870803-1003 - Limited - Enabled)
Administrator (S-1-5-21-157683001-3954353896-3537870803-500 - Administrator - Disabled)
E37AD8FB33BE4AF9A7D7 (S-1-5-21-157683001-3954353896-3537870803-1006 - Limited - Enabled)
E8C119F66F9D4E2D8FB2 (S-1-5-21-157683001-3954353896-3537870803-1008 - Limited - Enabled)
Guest (S-1-5-21-157683001-3954353896-3537870803-501 - Limited - Disabled)
Tremain (S-1-5-21-157683001-3954353896-3537870803-1001 - Administrator - Enabled) => C:\Users\Tremain
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-157683001-3954353896-3537870803-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-157683001-3954353896-3537870803-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden
Antares Autotune VST RTAS TDM v5.08 (HKLM-x32\...\Antares Autotune VST RTAS TDM_is1) (Version:  - Team AiR 2007)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.36 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
AudioBox version 1.3 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.3 - PreSonus)
Avid Mbox Driver 1.1.9 (x64) (HKLM\...\{1F0E3221-8B58-4CD8-ABD9-D2730671E2E9}) (Version: 1.1.9 - Avid)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-157683001-3954353896-3537870803-1001\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GEAR driver installer for x64 WinXP (HKLM\...\{89264031-7A83-4DB5-AECB-22BC115BB886}) (Version: 5.005.3 - GEAR Software, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.89 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Juice Pack (HKLM-x32\...\IL Juice Pack) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.1.1.1524 - PACE Anti-Piracy, Inc.)
License Support (Version: 1.1.1.1524 - PACE Anti-Piracy, Inc.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version:  - Nadeo)
Master Your CDC 5.0 (HKLM-x32\...\com.mcmguides.CDC) (Version: 5.0.36 - McMillan Study Guides, Inc.)
Master Your CDC 5.0 (x32 Version: 5.0.36 - McMillan Study Guides, Inc.) Hidden
MeldaProduction MFreeEffectsBundle64 8 (HKLM-x32\...\MeldaProduction MFreeEffectsBundle64 8) (Version:  - MeldaProduction)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-157683001-3954353896-3537870803-1001\...\OneDriveSetup.exe) (Version: 17.3.1165.0612 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mixxx 1.11.0 (HKU\S-1-5-21-157683001-3954353896-3537870803-1001\...\Mixxx (1.11.0)) (Version: 1.11.0 - The Mixxx Development Team)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Norton Security (HKLM-x32\...\NS) (Version: 22.5.2.15 - Symantec Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{ED818A3C-3DF5-CDCF-3DB2-A646D7B31A16}) (Version: 9.0.717.0 - Ralink Corporation)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TweetDeck (HKLM-x32\...\{85D70219-700E-4728-A80D-C394DEF6247E}) (Version: 3.0.2 - Twitter, Inc.)
Unity Web Player (HKU\S-1-5-21-157683001-3954353896-3537870803-1001\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VirtualDJ 8 (HKLM-x32\...\{F33070AA-1979-4192-9B75-C018C2F423FF}) (Version: 8.0.2162.0 - Atomix Productions)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Waves Complete V9r15 (HKLM-x32\...\{91000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.1.15 - Waves)
Windows Driver Package - ASUS (ATP) Mouse  (11/09/2012 1.0.0.153) (HKLM\...\5AB9160B769DD2E134ADCB8010377DECA2479378) (Version: 11/09/2012 1.0.0.153 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xirrus Wi-Fi Inspector (HKLM-x32\...\{BBB21AB1-2C45-435D-A05A-B563072E7B9B}) (Version: 1.2.1.4 - Xirrus)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-157683001-3954353896-3537870803-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tremain\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-157683001-3954353896-3537870803-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tremain\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-157683001-3954353896-3537870803-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tremain\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-157683001-3954353896-3537870803-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Tremain\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-157683001-3954353896-3537870803-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tremain\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points =========================
 
20-07-2015 21:18:10 Installed iTunes
21-07-2015 21:36:35 Removed Adobe Flash Media Live Encoder 3.1.
23-07-2015 07:59:00 Removed Avid Effects.
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 11:48 - 2015-07-21 15:31 - 00000000 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03DD28FC-2616-4D75-86EE-7EF08E0504D7} - System32\Tasks\Microsoft Office 15 Sync Maintenance for TURNUP-Tremain TurnUp => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-04-14] (Microsoft Corporation)
Task: {0A20DDDB-9587-4AAD-96B4-69344DF46B65} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {118B7E21-780D-4B69-BBB7-37AD2B9EBE66} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {1D58620A-94D4-4199-B93B-0BBBCFFB1CEF} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-157683001-3954353896-3537870803-1001
Task: {2118CB98-A847-453E-8355-ACAE10C5B2FF} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {28908BC2-4671-41EE-B210-A7B8E1254948} - System32\Tasks\{C4A07759-D7F7-4E61-8C2E-B697CDE5273D} => pcalua.exe -a C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -c -uninstall
Task: {3179DD00-84C2-4615-A19F-EDADDE109071} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {39849D1E-AEE0-499B-AA8F-5C18B5679E5C} - System32\Tasks\ASUS Patch for VIA Audio => C:\Windows\system32\AsPatchViaAudio.exe [2012-11-07] (ASUSTek Computer INC.)
Task: {3B4B0ACE-FAEF-4BCA-8CDF-12AF981F9710} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5C23F802-7C97-4CDB-8690-9E284021A91C} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-09-24] (ASUS)
Task: {6AFDDBC7-97CC-47C0-AECA-286F12ADBC95} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {73339F80-59B5-45F4-A2B8-7C982C8930D9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {7431D500-F501-4CA4-A27B-3DA676C94DE6} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {96F8D6E6-DFEA-4308-8494-205EFF99834A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {99CD7E12-9AE1-4E47-AC05-7A586DA34286} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {9B96C891-298C-4E11-B626-AB32C57CA69F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {A23EB16D-698F-4949-92C9-497E04178E48} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-157683001-3954353896-3537870803-1001UA => C:\Users\Tremain\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {BBBAF162-E082-4FA6-9242-14E1295BAAC0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-157683001-3954353896-3537870803-1001Core => C:\Users\Tremain\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {C7984AC5-3858-4CDC-922E-4A92F79623C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-20] (Google Inc.)
Task: {CBEB5EA8-BD45-47AE-8E0C-8BA21CB4FEE3} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-157683001-3954353896-3537870803-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {CF180105-A708-40C3-8717-6D7B37BDFBE9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-20] (Google Inc.)
Task: {E0AEBD50-99D4-4B85-AFBB-0B72AFFD6243} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {EED2C7F5-5521-43F9-9EDB-820999927972} - System32\Tasks\Microsoft Office 15 Sync Maintenance for TRELAPTOP-Tremain TreLaptop => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-04-14] (Microsoft Corporation)
Task: {FEE16009-2E37-4410-B75C-B0872E96949D} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-11-20] (AsusTek)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-157683001-3954353896-3537870803-1001Core.job => C:\Users\Tremain\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-157683001-3954353896-3537870803-1001UA.job => C:\Users\Tremain\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-13 18:30 - 2015-05-13 18:30 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-08-24 21:26 - 2012-08-24 21:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-08-14 18:13 - 2012-08-14 18:13 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2013-01-15 04:41 - 2012-08-15 13:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-01-21 02:30 - 2014-07-16 17:54 - 07593984 _____ () C:\Program Files\PreSonus\AudioBox\AudioBox.exe
2013-01-26 21:32 - 2012-08-16 06:04 - 00078480 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-01-26 21:32 - 2012-08-16 06:04 - 00386192 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-02-12 22:37 - 2013-02-12 22:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2012-08-14 18:11 - 2012-08-14 18:11 - 00022528 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2012-08-14 14:24 - 2012-08-14 14:24 - 00323648 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2012-05-02 21:28 - 2012-05-02 21:28 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2012-08-14 18:13 - 2012-08-14 18:13 - 00009728 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-08-14 18:13 - 2012-08-14 18:13 - 00052736 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2012-08-14 18:11 - 2012-08-14 18:11 - 00022528 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2012-09-11 18:01 - 2012-09-11 18:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2015-01-21 02:30 - 2014-04-16 12:22 - 00192512 _____ () C:\Program Files\PreSonus\AudioBox\paeusbaudioapi.dll
2012-08-14 18:16 - 2012-08-14 18:16 - 00072192 _____ () C:\WINDOWS\SYSTEM32\BsProfilefunc.dll
2012-08-15 21:20 - 2012-08-15 21:20 - 00356352 _____ () C:\WINDOWS\SYSTEM32\BsExtendFunc.dll
2013-02-12 22:38 - 2013-02-12 22:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-07-21 22:29 - 2015-07-14 01:55 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.89\libglesv2.dll
2015-07-21 22:29 - 2015-07-14 01:55 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.89\libegl.dll
2013-01-26 21:30 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C
AlternateDataStreams: C:\ProgramData\Microsoft:2Ifhy6gSKhKA0jnERY
AlternateDataStreams: C:\ProgramData\Microsoft:ab8IBxCUqtLlNrgkGOG
AlternateDataStreams: C:\ProgramData\Microsoft:evBIV9R2qwTLvvkn07Yj
AlternateDataStreams: C:\ProgramData\Microsoft:TcKvlPaOk8NBAXOa0XB
AlternateDataStreams: C:\Users\Tremain\Local Settings:gnv0ttB1QpMbYyIvcGDQGox
AlternateDataStreams: C:\Users\Tremain\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Tremain\AppData\Local:gnv0ttB1QpMbYyIvcGDQGox
AlternateDataStreams: C:\Users\Tremain\AppData\Local\Application Data:gnv0ttB1QpMbYyIvcGDQGox
AlternateDataStreams: C:\Users\Tremain\AppData\Local\Temp:D2Zp538O2NQkc7xaVuiZ4
AlternateDataStreams: C:\Users\Tremain\AppData\Local\Temp:MxC4ORLO2Ey3nvVNvx71Z0ch
AlternateDataStreams: C:\Users\Tremain\AppData\Local\Temporary Internet Files:zVFQQ557VjMcYWnOu662dTET8O0Zbz
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-157683001-3954353896-3537870803-1001\...\evolvondemand.net -> hxxps://sutherland.evolvondemand.net
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-157683001-3954353896-3537870803-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tremain\Downloads\black_cubes_3-wallpaper-1600x900.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{D03D3475-9433-440D-9497-AFA7EABA8C98}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{42557EAC-BF33-4F9B-910F-C5C0D1DB571E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{19B3CFAD-D931-45BE-9461-D8B0CE4AF413}] => (Allow) C:\Users\Tremain\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CD65FE1C-23A1-465C-90E1-1B06D9505F16}] => (Allow) C:\Users\Tremain\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{67297032-0674-4D58-9FC5-CBB02EDDFDDD}] => (Allow) C:\Users\Tremain\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{FFB8EDF1-0B4F-4964-85D1-34DE4580D058}] => (Allow) C:\Users\Tremain\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{CDBC5A0D-82A6-4B25-9E6E-01A711A3ACB3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3E4515D5-FE22-4259-92F2-DA26D587C919}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{67A208EA-72EF-4B00-A7AB-ACFEBFC6C81C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{31BE06D4-C2C8-4CF0-A254-364F2D7221AF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B9723791-4CF8-4A65-965E-54BBF5DDA55A}] => (Allow) LPort=37675
FirewallRules: [{01E672F5-51B1-479D-9F99-D1F7A8779748}] => (Allow) LPort=37674
FirewallRules: [{9D4CEDED-8574-4D25-A777-A81063A2956D}] => (Allow) LPort=37674
FirewallRules: [{F68A5748-FE6D-49F9-BAFE-C64B8382BC38}] => (Allow) LPort=443
FirewallRules: [{9DC66E2D-C4FA-44E0-A9D0-2CCA5CD81A05}] => (Allow) LPort=443
FirewallRules: [{45AF7EE3-05DD-4ECC-AF9A-4E8DE6ED17EA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{EE994F90-7828-4A9A-A0C4-508C433A4AA6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{F351BBE4-0599-4806-84DA-1B795F37411D}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{A5509C20-67F4-4587-9DB1-8051EB019FC6}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{89A8808F-8A4A-4CD6-8FFD-B8643FC13ABF}] => (Allow) LPort=1900
FirewallRules: [{963C85A6-046F-40AB-92E5-424F10D98037}] => (Allow) LPort=2869
FirewallRules: [{B817702A-CB1E-4ABB-8461-53568BAEC851}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{AFD6EB0A-1F28-4A48-855A-7CEDB418FAD7}C:\users\tremain\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\tremain\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{FC124E9D-A94B-4D53-AB0E-127FC7034E54}C:\users\tremain\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\tremain\appdata\local\akamai\netsession_win.exe
FirewallRules: [{5F207E02-F1BD-4F29-822C-5EFB8DFCB93A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{5F7CE877-5CA7-4AD4-A10E-4C73734FA606}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{CA4834AC-73A9-49A4-961A-5E6BB6F3A7EB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{7FB9ADCD-BEC8-417F-A491-EE0DA5E2C77B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{83502A71-9DDA-4308-A4D8-53E8A22EA0B3}C:\users\tremain\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tremain\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E2F091CD-5F9E-4257-9E6B-7CC9B399D5EB}C:\users\tremain\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tremain\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6CE6FA6B-2FAA-4D20-ABB6-18CE494CE955}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{278C7E85-32B9-4BC4-B39D-F28FCEB8B63B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{FED109D6-F6A8-40F5-9EF5-9E7F6E274167}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{69B9F5A8-9A22-41A1-9947-F94B6B118396}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{25A39C00-5380-44AD-89D0-A8BA9A88C96D}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{89F9FF27-3E2F-4BFF-AA88-B8F7172719FA}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{899A81B2-CEFD-48A5-A428-9F802BFC8BB9}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{683DF603-D828-48F7-876C-FB2AF9A02EFF}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [TCP Query User{5DBDBEBC-8678-4FC4-9E21-92405F76E328}C:\users\tremain\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tremain\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2F1E0D7A-E7A0-426F-893D-8B930D5462A0}C:\users\tremain\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tremain\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FA2AFC5B-5FCF-42CF-91E3-85EBD2370A4F}] => (Allow) C:\Program Files (x86)\Image-Line\FL Studio 11\FL.exe
FirewallRules: [{7E48C377-ACC3-40DD-8C3B-5BD2FC9B442E}] => (Allow) C:\Program Files (x86)\Image-Line\FL Studio 11\FL.exe
FirewallRules: [TCP Query User{E46AAE62-4895-4775-977A-C466E6FA99FC}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [UDP Query User{C77FA9BB-8D2E-4E2A-8E29-EAC0CD749DFE}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [TCP Query User{C48A80A5-C7B0-4234-BA96-44448BF52D96}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [UDP Query User{097A1415-8A1F-4C8D-B405-6F575093A1F0}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [TCP Query User{4538A1CD-77B4-4CA2-8AAD-D973A738B58B}C:\program files (x86)\virtualdj\virtualdj8.exe] => (Allow) C:\program files (x86)\virtualdj\virtualdj8.exe
FirewallRules: [UDP Query User{9D380995-D037-4499-918A-95AEBB3367CC}C:\program files (x86)\virtualdj\virtualdj8.exe] => (Allow) C:\program files (x86)\virtualdj\virtualdj8.exe
FirewallRules: [{E7B24E48-540F-46E5-B506-612EC9988545}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{FC7E4B03-7394-4FC1-AF9E-D739C0458AAD}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D36EDB71-BB09-4314-BA50-C42E0E58B44A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{20A2F9CD-09DA-4855-AD58-4648970CAFE8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7E97DAA0-C88B-47DF-82B7-8EDFA56A547E}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{8631CF86-1C93-443D-86E8-73C171F430ED}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{319CD336-61F1-4BC0-9D05-6F6BE559C69D}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{0A58A751-442F-4D47-804B-4CE6024A19B2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [TCP Query User{89D458B1-62A9-4635-A401-68404C9F4255}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{8EEEF169-7242-4C12-B99C-47DD807ED400}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{1B6B14A4-393E-41A4-802C-9A29EC4E4DB4}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{A2D0424D-85C3-44F0-9E69-A388D4CB3EC4}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [{C3FA72A8-B181-4B0E-9E45-06E689C6892F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F2AAD238-197B-43C8-BC9B-4EF7C171F7BD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/24/2015 06:13:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a8c
 
Start Time: 01d0c65d2d72c172
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 25794f7d-3251-11e5-bee4-60a44c7433a9
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/24/2015 06:05:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1620
 
Start Time: 01d0c65c1de40831
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 11604ad7-3250-11e5-bee3-60a44c7433a9
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/24/2015 05:35:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 17c8
 
Start Time: 01d0c657ecff6f30
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: e07dfcac-324b-11e5-bee3-60a44c7433a9
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/24/2015 05:05:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1740
 
Start Time: 01d0c653bc18dd36
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: b010eb3e-3247-11e5-bee3-60a44c7433a9
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/24/2015 04:35:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1724
 
Start Time: 01d0c64f8b333e1c
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 7eb3f1ea-3243-11e5-bee3-60a44c7433a9
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/24/2015 04:05:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 668
 
Start Time: 01d0c64b5a4e17d9
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 4dca8b70-323f-11e5-bee3-60a44c7433a9
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/24/2015 03:35:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c38
 
Start Time: 01d0c647296a2430
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 1ceaf91a-323b-11e5-bee3-60a44c7433a9
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/24/2015 03:05:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1704
 
Start Time: 01d0c642f8843ad3
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: ec02ddf5-3236-11e5-bee3-60a44c7433a9
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/24/2015 02:33:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1410
 
Start Time: 01d0c63e915d7549
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 84dd0094-3232-11e5-bee3-60a44c7433a9
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/24/2015 02:30:25 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (07/24/2015 06:07:58 PM) (Source: DCOM) (EventID: 10016) (User: TRELAPTOP)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}TRELAPTOPTremainS-1-5-21-157683001-3954353896-3537870803-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (07/24/2015 06:07:58 PM) (Source: DCOM) (EventID: 10016) (User: TRELAPTOP)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}TRELAPTOPTremainS-1-5-21-157683001-3954353896-3537870803-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (07/24/2015 06:07:58 PM) (Source: DCOM) (EventID: 10016) (User: TRELAPTOP)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}TRELAPTOPTremainS-1-5-21-157683001-3954353896-3537870803-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (07/24/2015 06:07:57 PM) (Source: DCOM) (EventID: 10016) (User: TRELAPTOP)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}TRELAPTOPTremainS-1-5-21-157683001-3954353896-3537870803-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (07/24/2015 06:07:56 PM) (Source: DCOM) (EventID: 10016) (User: TRELAPTOP)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}TRELAPTOPTremainS-1-5-21-157683001-3954353896-3537870803-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (07/24/2015 06:07:56 PM) (Source: DCOM) (EventID: 10016) (User: TRELAPTOP)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}TRELAPTOPTremainS-1-5-21-157683001-3954353896-3537870803-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (07/24/2015 06:07:56 PM) (Source: DCOM) (EventID: 10016) (User: TRELAPTOP)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}TRELAPTOPTremainS-1-5-21-157683001-3954353896-3537870803-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (07/24/2015 06:06:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%3
 
Error: (07/24/2015 06:06:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
%%1062
 
Error: (07/24/2015 06:06:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Microsoft Office:
=========================
Error: (07/24/2015 06:13:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20413a8c01d0c65d2d72c1724294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe25794f7d-3251-11e5-bee4-60a44c7433a9microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/24/2015 06:05:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20413162001d0c65c1de408314294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe11604ad7-3250-11e5-bee3-60a44c7433a9microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/24/2015 05:35:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2041317c801d0c657ecff6f304294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exee07dfcac-324b-11e5-bee3-60a44c7433a9microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/24/2015 05:05:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20413174001d0c653bc18dd364294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exeb010eb3e-3247-11e5-bee3-60a44c7433a9microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/24/2015 04:35:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20413172401d0c64f8b333e1c4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe7eb3f1ea-3243-11e5-bee3-60a44c7433a9microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/24/2015 04:05:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2041366801d0c64b5a4e17d94294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe4dca8b70-323f-11e5-bee3-60a44c7433a9microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/24/2015 03:35:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20413c3801d0c647296a24304294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe1ceaf91a-323b-11e5-bee3-60a44c7433a9microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/24/2015 03:05:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20413170401d0c642f8843ad34294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exeec02ddf5-3236-11e5-bee3-60a44c7433a9microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/24/2015 02:33:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20413141001d0c63e915d75494294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe84dd0094-3232-11e5-bee3-60a44c7433a9microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/24/2015 02:30:25 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0"C:\Program Files (x86)\Waves\Applications\wlc.exeC:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.8.2_Win32_Release\WavesQtLibs_4.8.2_Win32_Release.MANIFEST8
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-07-20 19:19:15.683
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-20 19:19:15.496
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-20 19:19:15.246
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-20 18:43:32.769
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-20 18:43:32.472
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-20 18:35:34.826
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-20 18:35:34.462
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-20 18:18:36.749
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-20 13:47:10.583
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-20 13:47:10.292
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 19%
Total physical RAM: 8077.67 MB
Available physical RAM: 6523.52 MB
Total Virtual: 9357.67 MB
Available Virtual: 7686.95 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:279.01 GB) (Free:81.28 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:397.87 GB) (Free:397.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 04A53D1B)
 
Partition: GPT Partition Type.
 
==================== End of log ============================


#6 TreB5870

TreB5870
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 24 July 2015 - 06:25 PM

And here is the FRS.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Tremain (administrator) on TRELAPTOP on 24-07-2015 18:11:16
Running from C:\Users\Tremain\Downloads
Loaded Profiles: Tremain (Available Profiles: Tremain)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Avid) C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\NS.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\livecomm.exe
(Black Oak Computers, Inc.) C:\Program Files (x86)\StrongVPN\StrongService.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\NS.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\PreSonus\AudioBox\AudioBox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\coNatHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.89\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.89\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x64__8wekyb3d8bbwe\glcnd.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [364032 2012-08-15] (IVT Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [WinampAgent] => "C:\Program Files (x86)\Winamp\winampa.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-157683001-3954353896-3537870803-1001\...\Run: [AudioBox VSL] => C:\Program Files\PreSonus\AudioBox\AudioBox.exe [7593984 2014-07-16] ()
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-157683001-3954353896-3537870803-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.2.15
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.2.15
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.2.15
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.2.15
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-157683001-3954353896-3537870803-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-157683001-3954353896-3537870803-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-157683001-3954353896-3537870803-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=ns&pvid=22.5.2.15
HKU\S-1-5-21-157683001-3954353896-3537870803-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-157683001-3954353896-3537870803-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{55C26C84-45F6-4A22-B0AE-05ECCD7B9579}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll [2014-07-28] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll [2014-07-28] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-157683001-3954353896-3537870803-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Tremain\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)
FF Plugin HKU\S-1-5-21-157683001-3954353896-3537870803-1001: @talk.google.com/O1DPlugin -> C:\Users\Tremain\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-06-06] (Google)
FF Plugin HKU\S-1-5-21-157683001-3954353896-3537870803-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tremain\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-157683001-3954353896-3537870803-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Tremain\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-157683001-3954353896-3537870803-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tremain\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-157683001-3954353896-3537870803-1001: electronicarts.com/GameFacePlugin -> C:\Users\Tremain\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Tremain\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Tremain\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-06-06] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-31]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.2.15\coFFPlgn [2015-07-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR Profile: C:\Users\Tremain\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Tremain\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-20]
CHR Extension: (Google Docs) - C:\Users\Tremain\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-20]
CHR Extension: (Google Drive) - C:\Users\Tremain\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-20]
CHR Extension: (YouTube) - C:\Users\Tremain\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-20]
CHR Extension: (Norton Security Toolbar) - C:\Users\Tremain\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-07-20]
CHR Extension: (Google Search) - C:\Users\Tremain\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-20]
CHR Extension: (Google Sheets) - C:\Users\Tremain\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tremain\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-20]
CHR Extension: (Google Wallet) - C:\Users\Tremain\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-20]
CHR Extension: (Gmail) - C:\Users\Tremain\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-20]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-20]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-20]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1578496 2012-08-14] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-08-14] (IVT Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\NS.exe [282016 2015-07-16] (Symantec Corporation)
R2 StrongVPN Service; C:\Program Files (x86)\StrongVPN\StrongService.exe [75624 2013-08-16] (Black Oak Computers, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S3 digiSPTIService64; "C:\Program Files\Avid\Pro Tools\digisptiservice64.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [62848 2012-11-20] (ASUS Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-07-10] (Symantec Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
U4 BthHFSrv; No ImagePath
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-14] (Ralink Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-06-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-06-16] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\IPSDefs\20150723.001\IDSvia64.sys [692984 2015-07-10] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 MBOX; C:\Windows\system32\DRIVERS\AvidMbox.sys [464616 2014-08-18] (Avid)
S3 MBOXDFU; C:\Windows\System32\drivers\AvidMbox_DFU.sys [31464 2014-08-18] (Avid)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150724.003\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150724.003\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
S3 paeusbaudio; C:\Windows\System32\drivers\paeusbaudio_x64.sys [260096 2014-04-16] ()
S3 paeusbaudiodsp; C:\Windows\System32\drivers\paeusbaudiodsp_x64.sys [62464 2014-07-16] ()
S3 paeusbaudioks; C:\Windows\system32\DRIVERS\paeusbaudioks_x64.sys [46080 2014-04-16] ()
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [695392 2012-08-15] (Ralink Technology, Corp.)
R1 SRTSP; C:\Windows\system32\drivers\NSx64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1605020.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NSx64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 urvpndrv; \SystemRoot\system32\DRIVERS\covpnv64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-24 18:11 - 2015-07-24 18:11 - 00029573 _____ C:\Users\Tremain\Downloads\FRST.txt
2015-07-24 18:11 - 2015-07-24 18:11 - 00000000 ____D C:\FRST
2015-07-24 18:10 - 2015-07-24 18:10 - 02135552 _____ (Farbar) C:\Users\Tremain\Downloads\FRST64.exe
2015-07-24 14:23 - 2015-07-24 18:06 - 00000000 ____D C:\AdwCleaner
2015-07-24 14:23 - 2015-07-24 14:23 - 02248704 _____ C:\Users\Tremain\Downloads\adwcleaner_4.208.exe
2015-07-24 14:14 - 2015-07-24 18:07 - 00011092 _____ C:\WINDOWS\PFRO.log
2015-07-24 14:13 - 2015-07-24 14:13 - 00032900 _____ C:\Users\Tremain\Desktop\mbam-log-2015-07-24 (12-54-14).xml
2015-07-24 12:49 - 2015-07-24 12:54 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-24 12:47 - 2015-07-24 12:47 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-24 12:47 - 2015-07-24 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-24 12:47 - 2015-07-24 12:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-24 12:47 - 2015-07-24 12:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-24 12:47 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-24 12:47 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-24 12:47 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-24 12:46 - 2015-07-24 12:46 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Tremain\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-23 23:46 - 2015-07-23 23:46 - 00001284 _____ C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
2015-07-23 23:46 - 2015-07-23 23:46 - 00000000 ____D C:\Users\Tremain\AppData\Roaming\Xirrus
2015-07-23 23:46 - 2015-07-23 23:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus
2015-07-23 23:46 - 2015-07-23 23:46 - 00000000 ____D C:\Program Files (x86)\Xirrus
2015-07-23 22:08 - 2015-07-23 22:09 - 22224144 _____ (Xirrus) C:\Users\Tremain\Downloads\WiFiInspector-Setup-1.2.1.4.exe
2015-07-23 21:59 - 2015-07-24 12:33 - 00134189 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-23 20:59 - 2015-07-23 21:03 - 00001776 _____ C:\Users\Tremain\0
2015-07-23 20:08 - 2015-07-24 18:07 - 00000924 _____ C:\WINDOWS\setupact.log
2015-07-23 20:08 - 2015-07-23 20:08 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-23 20:07 - 2015-07-23 20:10 - 05189072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-22 07:57 - 2015-07-24 12:21 - 00000000 ____D C:\Users\Tremain\AppData\Local\CrashDumps
2015-07-21 22:46 - 2015-07-21 22:46 - 00000000 ____D C:\Users\Tremain\Documents\Activision
2015-07-21 22:41 - 2015-07-21 22:41 - 00000000 ____D C:\Users\Tremain\AppData\Local\SKIDROW
2015-07-21 22:32 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2015-07-21 22:32 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2015-07-21 21:39 - 2015-07-21 21:40 - 00000000 ____D C:\NPE
2015-07-21 15:26 - 2015-07-21 15:26 - 06046208 _____ C:\Users\Tremain\Downloads\flashmedialiveencoder-v3.1_signed (1).msi
2015-07-21 15:24 - 2015-07-21 15:24 - 00005270 _____ C:\Users\Tremain\Downloads\streamate-recommended-quality-pc.xml
2015-07-21 15:16 - 2015-07-21 15:16 - 06046208 _____ C:\Users\Tremain\Downloads\flashmedialiveencoder-v3.1_signed.msi
2015-07-21 15:07 - 2015-07-21 15:09 - 00000000 _____ C:\WINDOWS\system32\Drivers\etc\hosts.bak
2015-07-21 11:29 - 2015-07-23 15:08 - 00000000 ____D C:\Users\Tremain\AppData\Local\NPE
2015-07-21 07:25 - 2015-07-14 10:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-21 07:25 - 2015-07-14 10:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-21 07:25 - 2015-07-14 10:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-21 07:25 - 2015-07-14 10:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-20 21:21 - 2015-07-20 21:21 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-20 21:21 - 2015-07-20 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-20 21:20 - 2015-07-20 21:20 - 00000000 ____D C:\Program Files\iTunes
2015-07-20 21:20 - 2015-07-20 21:20 - 00000000 ____D C:\Program Files\iPod
2015-07-20 21:20 - 2015-07-20 21:20 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-20 21:09 - 2015-07-20 21:13 - 155875632 _____ (Apple Inc.) C:\Users\Tremain\Downloads\iTunes6464Setup.exe
2015-07-20 20:33 - 2015-07-20 20:33 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2015-07-20 20:32 - 2015-07-20 20:32 - 00111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2015-07-20 20:32 - 2015-07-20 20:32 - 00008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2015-07-20 20:32 - 2015-07-20 20:32 - 00003216 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-07-20 20:32 - 2015-07-20 20:32 - 00002398 _____ C:\Users\Public\Desktop\Norton Security.LNK
2015-07-20 20:32 - 2015-07-20 20:32 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-20 20:31 - 2015-07-20 20:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2015-07-20 20:31 - 2015-07-20 20:31 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2015-07-20 20:31 - 2015-07-20 20:31 - 00000000 ____D C:\Program Files (x86)\Norton Security
2015-07-20 20:27 - 2015-07-21 21:25 - 00000000 ____D C:\ProgramData\Norton
2015-07-20 20:27 - 2015-07-20 20:27 - 01110424 _____ (Symantec Corporation) C:\Users\Tremain\Downloads\NSDownloader.exe
2015-07-20 20:27 - 2015-07-20 20:27 - 00001272 _____ C:\Users\Tremain\Desktop\Norton Installation Files.lnk
2015-07-20 20:27 - 2015-07-20 20:27 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-20 18:02 - 2015-07-20 18:02 - 00045185 _____ C:\Users\Tremain\Downloads\[kat.cr]prototype.2.dlc.activision.new.disc.rus.eng.repack.by.rg.catalyst.torrent
2015-07-20 17:31 - 2015-07-20 17:58 - 00000000 ____D C:\Users\Tremain\Documents\Euro Truck Simulator 2
2015-07-20 16:44 - 2015-07-20 16:44 - 00098437 _____ C:\Users\Tremain\Downloads\[kat.cr]euro.truck.simulator.2.v1.18.0.1s.beta.26.dlc.2015.2.click.run.torrent
2015-07-20 12:08 - 2015-07-23 12:00 - 00000000 ____D C:\Users\Tremain\Documents\ManiaPlanet
2015-07-20 12:05 - 2015-07-21 21:26 - 00000000 ____D C:\ProgramData\ManiaPlanet
2015-07-20 12:05 - 2015-07-20 12:12 - 00000000 ____D C:\Program Files (x86)\ManiaPlanet
2015-07-20 12:05 - 2015-07-20 12:05 - 00001097 _____ C:\Users\Public\Desktop\ManiaPlanet.lnk
2015-07-20 12:05 - 2015-07-20 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManiaPlanet
2015-07-20 11:59 - 2015-07-20 11:59 - 00000000 ____D C:\Users\Tremain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-07-20 11:48 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2015-07-20 11:46 - 2015-07-20 11:47 - 127552424 _____ C:\Users\Tremain\Downloads\ManiaplanetMinimalSetup.exe
2015-07-20 01:20 - 2015-07-20 01:20 - 00931408 _____ (Google Inc.) C:\Users\Tremain\Downloads\ChromeSetup.exe
2015-07-19 16:05 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-19 16:05 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-19 16:05 - 2015-07-01 18:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-19 16:05 - 2015-07-01 17:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-19 16:05 - 2015-06-28 01:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-19 16:05 - 2015-06-28 01:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-19 16:05 - 2015-06-28 01:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-19 16:05 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-19 16:05 - 2015-06-27 12:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-19 16:05 - 2015-06-26 23:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-19 16:05 - 2015-06-26 23:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-19 16:05 - 2015-06-26 23:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-19 16:05 - 2015-06-26 22:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-19 16:05 - 2015-06-26 22:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-19 16:05 - 2015-06-26 22:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-19 16:05 - 2015-06-26 21:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-19 16:05 - 2015-06-26 21:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-19 16:05 - 2015-06-24 22:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-19 16:05 - 2015-06-15 18:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-19 16:05 - 2015-06-15 18:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-19 16:05 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-19 16:05 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-19 16:05 - 2015-06-15 16:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-19 16:05 - 2015-06-15 15:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-19 16:05 - 2015-05-30 17:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-19 16:05 - 2015-05-30 15:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-19 16:05 - 2015-05-30 15:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-19 16:05 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-07-19 16:04 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-19 16:04 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-19 16:04 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-19 16:04 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-19 16:04 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-19 16:04 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-19 16:04 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-19 16:04 - 2015-06-15 18:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-19 16:04 - 2015-06-15 18:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-19 16:04 - 2015-06-15 18:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-19 16:04 - 2015-06-15 18:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-19 16:04 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-19 16:04 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-19 16:04 - 2015-06-15 17:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-19 16:04 - 2015-06-15 17:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-19 16:04 - 2015-06-15 17:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-19 16:04 - 2015-06-15 17:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-19 16:04 - 2015-06-15 17:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-19 16:04 - 2015-06-15 17:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-19 16:04 - 2015-06-15 17:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-19 16:04 - 2015-06-15 17:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-19 16:04 - 2015-06-15 17:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-19 16:04 - 2015-06-15 17:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-19 16:04 - 2015-06-15 17:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-19 16:04 - 2015-06-15 17:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-19 16:04 - 2015-06-15 17:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-19 16:04 - 2015-06-15 16:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-19 16:04 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-19 16:04 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-19 16:04 - 2015-06-15 16:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-19 16:04 - 2015-06-15 16:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-19 16:04 - 2015-06-15 16:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-19 16:04 - 2015-06-15 16:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-19 16:04 - 2015-06-15 16:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-19 16:04 - 2015-06-15 16:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-19 16:04 - 2015-06-15 16:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-19 16:04 - 2015-06-15 16:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-19 16:04 - 2015-06-15 16:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-19 16:04 - 2015-06-15 16:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-19 16:04 - 2015-06-15 16:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-19 16:04 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-19 16:04 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-19 16:03 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-19 16:03 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-19 16:03 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-07-19 16:03 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-07-16 13:51 - 2015-07-16 13:51 - 00013236 _____ C:\Users\Tremain\Downloads\[kat.cr]future.dirty.sprite.2.ds.2.deluxe.2015.l.audio.l.album.track.l.320kbps.l.cbr.l.mp3.l.sn3h1t87.torrent
2015-07-16 03:05 - 2015-07-16 21:17 - 00010290 _____ C:\Program Files (x86)\driftcity.exe.npd
2015-07-16 02:53 - 2015-07-16 19:35 - 00000000 ____D C:\Program Files (x86)\driftcity_Log
2015-07-16 02:52 - 2015-07-16 19:35 - 00000563 _____ C:\Program Files (x86)\pc_spec.txt
2015-07-16 02:52 - 2015-07-16 19:35 - 00000000 _____ C:\Program Files (x86)\memmsg.log
2015-07-16 02:52 - 2015-07-16 02:52 - 00000000 ____D C:\Users\Tremain\AppData\Roaming\NPLUTO Corporation
2015-07-16 02:52 - 2015-07-16 02:52 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2015-07-16 02:51 - 2015-07-19 15:30 - 00000000 ____D C:\Program Files (x86)\GameGuard
2015-07-16 02:39 - 2015-07-16 02:47 - 00000000 ____D C:\Program Files (x86)\Patch
2015-07-16 02:39 - 2015-07-16 02:41 - 00000000 ____D C:\Program Files (x86)\Data_US
2015-07-16 02:38 - 2015-07-19 15:30 - 00000000 ____D C:\Program Files (x86)\Data
2015-07-16 02:38 - 2015-07-16 02:38 - 00000000 ____D C:\Program Files (x86)\BGM
2015-07-16 02:13 - 2015-07-16 02:13 - 00000000 ____D C:\Users\Tremain\AppData\Local\Steam
2015-07-14 19:25 - 2015-07-14 19:25 - 00000274 _____ C:\Users\Tremain\Downloads\debug.log
2015-07-14 15:38 - 2015-07-19 15:28 - 00000000 ____D C:\Users\Tremain\AppData\Local\UserTestingPlugin
2015-07-14 14:46 - 2015-07-14 14:46 - 08913777 _____ C:\Users\Tremain\Downloads\1436899566453.zip
2015-07-13 17:19 - 2015-07-13 17:21 - 66670427 _____ C:\Users\Tremain\Downloads\10_UNTAGGED_BEATS_PROMO_USE_PROD_BY_WALKZ.zip
2015-07-11 16:04 - 2015-07-11 16:04 - 00001776 _____ C:\Users\Tremain\Downloads\[kat.cr]the.7.habits.of.highly.effective.people.stephen.r.covery.pdf.s.b.torrent
2015-07-11 16:03 - 2015-07-11 16:03 - 00002396 _____ C:\Users\Tremain\Downloads\[kat.cr]the.mystery.method.how.to.get.beautiful.women.into.bed.pdf.torrent
2015-07-11 15:25 - 2015-07-11 15:25 - 00000000 ____D C:\Users\Tremain\Desktop\The Art of Seduction by Robert Greene - PDF - WD
2015-07-11 15:24 - 2015-07-11 15:24 - 00004770 _____ C:\Users\Tremain\Downloads\[kat.cr]the.art.of.seduction.by.robert.greene.pdf.wd.torrent
2015-07-10 12:53 - 2015-07-10 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-10 12:53 - 2015-07-10 12:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-09 21:43 - 2015-07-23 21:48 - 00000000 ____D C:\ProgramData\F5 Networks
2015-07-09 21:43 - 2015-07-09 21:43 - 00000000 _____ C:\WINDOWS\f5unistall.INI
2015-07-09 21:41 - 2015-07-09 21:42 - 01795282 _____ C:\Users\Tremain\Downloads\urhostplg.crx
2015-07-08 21:29 - 2015-07-08 21:29 - 00000000 ____D C:\Users\Tremain\Tracing
2015-07-08 21:29 - 2015-07-08 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-06 14:10 - 2015-07-06 15:05 - 00000000 ____D C:\Users\Tremain\AppData\Roaming\Bitcoin
2015-07-06 14:07 - 2015-07-06 14:08 - 12335280 _____ (Bitcoin Core project) C:\Users\Tremain\Downloads\bitcoin-0.10.2-win64-setup.exe
2015-07-05 17:21 - 2015-07-10 13:24 - 00004970 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for TRELAPTOP-Tremain TreLaptop
2015-07-04 16:04 - 2015-07-23 15:40 - 00000000 ____D C:\Users\Tremain\Desktop\New folder
2015-07-04 16:03 - 2015-07-04 16:03 - 08774904 _____ C:\Users\Tremain\Downloads\PM.zip
2015-07-04 14:15 - 2015-07-04 14:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 20:01 - 2015-07-03 20:01 - 00534106 _____ C:\Users\Tremain\Downloads\Tremain SS.tif
2015-07-03 20:00 - 2015-07-03 20:00 - 00558420 _____ C:\Users\Tremain\Downloads\Front Tremain License.tif
2015-07-03 20:00 - 2015-07-03 20:00 - 00558420 _____ C:\Users\Tremain\Downloads\Front Tremain License (1).tif
2015-07-03 12:48 - 2015-07-04 14:28 - 00004958 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for TURNUP-Tremain TurnUp
2015-07-03 04:47 - 2015-07-03 04:47 - 00009998 _____ C:\Users\Tremain\Downloads\[kat.cr]the.butler.2013.720p.brrip.x264.yify.torrent
2015-07-03 03:38 - 2015-07-03 03:38 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2015-07-03 03:38 - 2015-07-03 03:38 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll
2015-07-02 13:37 - 2015-07-20 02:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-02 13:37 - 2015-07-02 13:37 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-07-02 13:36 - 2015-07-02 13:36 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-07-02 13:34 - 2015-07-02 13:36 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-07-02 13:34 - 2015-07-02 13:34 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-07-02 13:30 - 2015-07-19 15:05 - 00000000 ____D C:\Program Files\Microsoft Office
2015-07-02 13:30 - 2015-07-02 13:30 - 00000000 __RHD C:\MSOCache
2015-07-02 13:30 - 2015-07-02 13:30 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2015-07-02 13:30 - 2015-07-02 13:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-07-02 13:26 - 2015-07-02 13:28 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2015-07-02 13:26 - 2015-07-02 13:26 - 00000085 ___SH C:\ProgramData\.zreglib
2015-07-02 12:58 - 2015-07-02 12:58 - 00674600 _____ C:\Users\Tremain\Documents\isomount_setup [1].exe
2015-07-02 12:47 - 2015-07-02 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2015-07-01 18:21 - 2015-07-03 04:11 - 49252311 _____ C:\Users\Tremain\Desktop\Pharoah Musik.zip
2015-06-27 12:50 - 2015-06-27 12:50 - 00000000 ____D C:\Users\Tremain\Documents\Electronic Arts
2015-06-27 12:33 - 2014-10-19 15:54 - 00447752 _____ (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-24 18:10 - 2012-08-15 21:46 - 00000739 _____ C:\WINDOWS\SysWOW64\bscs.ini
2015-07-24 18:08 - 2014-06-25 09:41 - 00000000 __RDO C:\Users\Tremain\OneDrive
2015-07-24 18:08 - 2013-04-24 14:26 - 00000416 _____ C:\Users\Tremain\AppData\Roaming\sp_data.sys
2015-07-24 18:08 - 2013-01-26 21:36 - 00004268 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2015-07-24 18:07 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-24 18:07 - 2013-01-26 21:36 - 00000043 _____ C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2015-07-24 18:06 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-07-24 18:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-24 17:55 - 2013-07-02 14:08 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-157683001-3954353896-3537870803-1001UA.job
2015-07-24 17:25 - 2013-04-24 14:31 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-24 16:44 - 2013-05-25 08:04 - 00000000 ____D C:\Program Files (x86)\StrongVPN
2015-07-24 14:28 - 2013-04-24 14:33 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-157683001-3954353896-3537870803-1001
2015-07-24 14:23 - 2014-08-27 12:54 - 00000000 ____D C:\Program Files (x86)\VST
2015-07-24 14:14 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\IME
2015-07-24 14:10 - 2013-04-24 14:31 - 00002277 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-24 12:32 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-24 12:19 - 2015-05-23 12:01 - 00003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-07-24 12:19 - 2015-05-23 12:01 - 00003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-07-23 21:54 - 2014-06-25 03:40 - 00000000 ____D C:\Users\Tremain
2015-07-23 19:09 - 2013-04-25 02:17 - 00000000 ____D C:\Users\Tremain\AppData\Roaming\uTorrent
2015-07-23 19:08 - 2015-05-19 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
2015-07-23 19:08 - 2015-04-03 11:01 - 00000000 ____D C:\Users\Tremain\Desktop\Studio Sessions
2015-07-23 19:08 - 2015-03-15 23:38 - 00000000 ____D C:\Users\Tremain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mixxx
2015-07-23 19:08 - 2013-06-01 08:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sevas-S
2015-07-23 15:38 - 2013-04-25 02:21 - 00000000 ____D C:\Users\Tremain\Desktop\Movies
2015-07-23 08:01 - 2014-12-13 20:13 - 00000000 ____D C:\Program Files\Avid
2015-07-23 07:57 - 2014-08-27 12:54 - 00000000 ____D C:\Program Files (x86)\Acoustica Mixcraft 6
2015-07-23 01:55 - 2013-07-02 14:08 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-157683001-3954353896-3537870803-1001Core.job
2015-07-21 16:02 - 2013-06-20 17:02 - 00000000 ____D C:\Users\Tremain\AppData\Roaming\Skype
2015-07-21 15:18 - 2013-04-24 14:24 - 00000000 ____D C:\Users\Tremain\AppData\Roaming\Adobe
2015-07-21 15:17 - 2012-11-27 14:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-21 13:06 - 2014-03-18 06:03 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-21 11:55 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\tracing
2015-07-21 10:31 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-20 21:22 - 2014-06-25 21:07 - 00000000 ____D C:\Users\Tremain\AppData\Local\Akamai
2015-07-20 21:20 - 2013-04-25 02:06 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-20 20:32 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-20 20:32 - 2012-07-26 04:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-07-20 20:18 - 2015-04-19 18:07 - 00000000 ____D C:\Program Files (x86)\Winamp
2015-07-20 20:13 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-20 11:48 - 2015-04-25 18:29 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2015-07-20 11:48 - 2015-04-25 18:29 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2015-07-20 11:48 - 2015-04-25 18:21 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2015-07-20 11:48 - 2015-04-25 18:20 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2015-07-20 11:48 - 2013-08-22 07:22 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2015-07-20 11:48 - 2013-08-22 07:22 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2015-07-20 11:48 - 2013-08-22 07:17 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2015-07-20 11:48 - 2013-08-22 07:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2015-07-20 11:48 - 2013-08-22 07:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2015-07-20 11:48 - 2013-08-21 23:56 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2015-07-20 11:48 - 2013-08-21 23:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2015-07-20 11:48 - 2013-08-21 23:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2015-07-20 11:48 - 2013-08-21 23:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2015-07-20 11:48 - 2013-08-21 23:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2015-07-20 08:10 - 2013-04-29 13:57 - 00000423 _____ C:\WINDOWS\SysWOW64\REMOTEDEVICE.INI
2015-07-20 02:53 - 2014-06-25 22:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-20 02:47 - 2012-07-26 01:26 - 00000199 _____ C:\WINDOWS\win.ini
2015-07-20 02:46 - 2013-09-09 13:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-20 01:20 - 2013-04-24 14:31 - 00003892 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-20 01:20 - 2013-04-24 14:31 - 00003656 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-20 01:20 - 2013-04-24 14:31 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-20 01:20 - 2013-04-24 14:31 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-19 15:34 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-07-19 15:32 - 2013-08-22 11:36 - 00000000 __RSD C:\WINDOWS\Media
2015-07-19 15:32 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2015-07-19 15:32 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-07-19 15:31 - 2015-05-09 09:00 - 00000000 ____D C:\Users\Tremain\Documents\UserTesting
2015-07-19 15:31 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-07-19 15:31 - 2013-04-24 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-19 15:31 - 2013-04-24 14:26 - 00000000 ____D C:\Users\Tremain\AppData\Local\bluesoleil
2015-07-19 15:31 - 2013-01-26 21:40 - 00000000 ____D C:\ProgramData\P4G
2015-07-19 15:30 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-07-19 15:28 - 2015-03-24 01:13 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-19 15:10 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\registration
2015-07-19 15:07 - 2013-04-24 14:31 - 00000000 ____D C:\Users\Tremain\AppData\Local\Google
2015-07-14 19:24 - 2014-08-08 12:59 - 00000000 ____D C:\Users\Tremain\AppData\Local\Adobe
2015-07-13 17:10 - 2015-05-17 17:26 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 17:10 - 2015-05-17 17:26 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-10 13:05 - 2015-05-06 12:25 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-09 19:53 - 2014-08-08 00:12 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-07-09 13:04 - 2015-04-18 14:59 - 00000000 ____D C:\Users\Tremain\Desktop\ImDocs
2015-07-08 21:29 - 2014-06-15 07:15 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-07-08 21:29 - 2013-06-20 17:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-08 21:28 - 2013-06-20 17:01 - 00000000 ____D C:\ProgramData\Skype
2015-07-07 12:38 - 2014-06-14 11:48 - 00000000 ____D C:\Users\Tremain\Desktop\Job Search
2015-07-07 04:40 - 2014-06-26 00:07 - 00003102 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-157683001-3954353896-3537870803-1001
2015-07-05 15:03 - 2014-06-25 10:51 - 00003926 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7016DCB8-A5F8-4CAF-BC0F-F50AF27B2E14}
2015-07-05 06:08 - 2014-02-10 12:51 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-04 16:26 - 2015-06-03 12:14 - 00000000 ___RD C:\Users\Tremain\Desktop\Pharoah Musik
2015-07-03 15:48 - 2014-11-27 14:56 - 00000000 __SHD C:\Users\Tremain\AppData\Local\EmieBrowserModeList
2015-07-03 15:48 - 2014-06-25 10:51 - 00000000 __SHD C:\Users\Tremain\AppData\Local\EmieUserList
2015-07-03 15:48 - 2014-06-25 10:51 - 00000000 __SHD C:\Users\Tremain\AppData\Local\EmieSiteList
2015-07-03 12:41 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-03 08:43 - 2013-04-26 12:44 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-03 04:22 - 2014-10-19 23:37 - 00000000 ____D C:\Users\Tremain\Desktop\Cam Pics
2015-07-02 13:37 - 2014-03-18 05:45 - 00000000 ____D C:\WINDOWS\ShellNew
2015-06-27 12:33 - 2015-01-13 12:28 - 00000000 ____D C:\ProgramData\Package Cache
 
==================== Files in the root of some directories =======
 
2014-01-08 11:00 - 2014-01-08 11:00 - 2387968 _____ (Waves Audio Ltd.) C:\Program Files\WaveShell-VST 9.2_x64.dll
2015-06-09 04:37 - 2015-06-09 04:37 - 0077548 _____ () C:\Program Files (x86)\dname.chk
2015-07-16 03:05 - 2015-07-16 21:17 - 0010290 _____ () C:\Program Files (x86)\driftcity.exe.npd
2014-07-28 21:48 - 2014-07-28 21:48 - 0806818 _____ () C:\Program Files (x86)\DriftLauncher.apc
2015-07-16 02:51 - 2015-07-16 21:17 - 0016637 _____ () C:\Program Files (x86)\g3d_log.txt
2015-07-16 02:51 - 2015-07-16 03:05 - 0034934 _____ () C:\Program Files (x86)\GameLog_20150716_025158.txt
2015-07-16 19:32 - 2015-07-16 19:34 - 0006618 _____ () C:\Program Files (x86)\GameLog_20150716_193251.txt
2015-07-16 19:34 - 2015-07-16 21:17 - 0162422 _____ () C:\Program Files (x86)\GameLog_20150716_193454.txt
2015-07-16 02:52 - 2015-07-16 19:35 - 0000000 _____ () C:\Program Files (x86)\memmsg.log
2013-08-20 04:52 - 2013-08-20 04:52 - 0135168 _____ () C:\Program Files (x86)\NiD3DXEffectShaderLibDX920VC71.nl9
2015-07-16 02:52 - 2015-07-16 19:35 - 0000563 _____ () C:\Program Files (x86)\pc_spec.txt
2006-07-20 06:08 - 2006-07-20 06:08 - 0002183 _____ () C:\Program Files (x86)\UserAllocators.NLB
2014-01-08 11:00 - 2014-01-08 11:00 - 1732608 _____ (Waves Audio Ltd.) C:\Program Files (x86)\WaveShell-VST 9.2.dll
2015-05-27 18:03 - 2015-05-27 18:03 - 0000021 _____ () C:\Users\Tremain\AppData\Roaming\my_intel.sys
2013-04-24 14:26 - 2015-07-24 18:08 - 0000416 _____ () C:\Users\Tremain\AppData\Roaming\sp_data.sys
2015-04-19 18:27 - 2015-04-19 18:50 - 0000964 _____ () C:\Users\Tremain\AppData\Local\dsp_edcast_v3.log
2015-04-19 18:27 - 2015-04-19 18:56 - 0000789 _____ () C:\Users\Tremain\AppData\Local\dsp_edcast_v3_0.cfg
2015-04-19 18:28 - 2015-04-19 18:53 - 0001652 _____ () C:\Users\Tremain\AppData\Local\dsp_edcast_v3_1.cfg
2015-04-19 18:28 - 2015-04-19 18:56 - 0079563 _____ () C:\Users\Tremain\AppData\Local\dsp_edcast_v3_1.log
2015-04-19 18:37 - 2015-04-19 18:56 - 0000116 _____ () C:\Users\Tremain\AppData\Local\dsp_edcast_v3_2.log
2015-07-02 13:26 - 2015-07-02 13:26 - 0000085 ___SH () C:\ProgramData\.zreglib
2012-11-27 14:26 - 2012-09-07 07:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2012-11-27 14:26 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-11-27 14:26 - 2012-09-07 07:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.VBS
 
 
Some files in TEMP:
====================
C:\Users\Tremain\AppData\Local\Temp\Quarantine.exe
C:\Users\Tremain\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-24 14:30
 
==================== End of log ============================


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,268 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:22 AM

Posted 25 July 2015 - 06:56 AM


Did you clean everyghint that was identified by MBAM?
If not please run the tool again and clean it.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-157683001-3954353896-3537870803-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin HKU\S-1-5-21-157683001-3954353896-3537870803-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tremain\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-157683001-3954353896-3537870803-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Tremain\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S3 digiSPTIService64; "C:\Program Files\Avid\Pro Tools\digisptiservice64.exe" [X]
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
U4 BthHFSrv; No ImagePath
S3 urvpndrv; \SystemRoot\system32\DRIVERS\covpnv64.sys [X]
AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C
AlternateDataStreams: C:\ProgramData\Microsoft:2Ifhy6gSKhKA0jnERY
AlternateDataStreams: C:\ProgramData\Microsoft:ab8IBxCUqtLlNrgkGOG
AlternateDataStreams: C:\ProgramData\Microsoft:evBIV9R2qwTLvvkn07Yj
AlternateDataStreams: C:\ProgramData\Microsoft:TcKvlPaOk8NBAXOa0XB
AlternateDataStreams: C:\Users\Tremain\Local Settings:gnv0ttB1QpMbYyIvcGDQGox
AlternateDataStreams: C:\Users\Tremain\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Tremain\AppData\Local:gnv0ttB1QpMbYyIvcGDQGox
AlternateDataStreams: C:\Users\Tremain\AppData\Local\Application Data:gnv0ttB1QpMbYyIvcGDQGox
AlternateDataStreams: C:\Users\Tremain\AppData\Local\Temp:D2Zp538O2NQkc7xaVuiZ4
AlternateDataStreams: C:\Users\Tremain\AppData\Local\Temp:MxC4ORLO2Ey3nvVNvx71Z0ch
AlternateDataStreams: C:\Users\Tremain\AppData\Local\Temporary Internet Files:zVFQQ557VjMcYWnOu662dTET8O0Zbz

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#8 TreB5870

TreB5870
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 25 July 2015 - 11:26 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:25-07-2015
Ran by Tremain at 2015-07-25 12:17:33 Run:1
Running from C:\Users\Tremain\Downloads
Loaded Profiles: Tremain (Available Profiles: Tremain)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [
SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-157683001-3954353896-3537870803-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin:
adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin HKU\S-1-5-21-157683001-3954353896-3537870803-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tremain\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-157683001-3954353896-3537870803-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Tremain\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S3 digiSPTIService64; "C:\Program Files\Avid\Pro Tools\digisptiservice64.exe" [X]
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
U4 BthHFSrv; No
ImagePath
S3 urvpndrv; \SystemRoot\system32\DRIVERS\covpnv64.sys [X]
AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C
AlternateDataStreams: C:\ProgramData\Microsoft:2Ifhy6gSKhKA0jnERY
AlternateDataStreams: C:\ProgramData\Microsoft:ab8IBxCUqtLlNrgkGOG
AlternateDataStreams: C:\ProgramData\Microsoft:evBIV9R2qwTLvvkn07Yj
AlternateDataStreams: C:\ProgramData\Microsoft:TcKvlPaOk8NBAXOa0XB
AlternateDataStreams: C:\Users\Tremain\Local Settings:gnv0ttB1QpMbYyIvcGDQGox
AlternateDataStreams: C:\Users\Tremain\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Tremain\AppData\Local:gnv0ttB1QpMbYyIvcGDQGox
AlternateDataStreams: C:\Users\Tremain\AppData\Local\Application Data:gnv0ttB1QpMbYyIvcGDQGox
AlternateDataStreams: C:\Users\Tremain\AppData\Local\Temp:D2Zp538O2NQkc7xaVuiZ4
AlternateDataStreams:
C:\Users\Tremain\AppData\Local\Temp:MxC4ORLO2Ey3nvVNvx71Z0ch
AlternateDataStreams: C:\Users\Tremain\AppData\Local\Temporary Internet Files:zVFQQ557VjMcYWnOu662dTET8O0Zbz
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" => key removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [ => key not found. 
HKCR\CLSID\ShellIconOverlayIdentifiers: [ => key not found. 
SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully.
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-157683001-3954353896-3537870803-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\MozillaPlugins\FF Plugin: => key not found. 
"FF Plugin:" => not found.
adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-157683001-3954353896-3537870803-1001\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Users\Tremain\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll not found.
"HKU\S-1-5-21-157683001-3954353896-3537870803-1001\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Users\Tremain\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
digiSPTIService64 => service removed successfully
BthAvrcpTg => service removed successfully
BthHFEnum => service removed successfully
bthhfhid => service removed successfully
BthHFSrv => service removed successfully
ImagePath => Error: No automatic fix found for this entry.
urvpndrv => service removed successfully
C:\ProgramData => ":482EE99B1E21CE8C" ADS removed successfully.
"C:\Users\All Users" => ":482EE99B1E21CE8C" ADS not found.
"C:\ProgramData\Application Data" => ":482EE99B1E21CE8C" ADS not found.
C:\ProgramData\Microsoft => ":2Ifhy6gSKhKA0jnERY" ADS removed successfully.
C:\ProgramData\Microsoft => ":ab8IBxCUqtLlNrgkGOG" ADS removed successfully.
C:\ProgramData\Microsoft => ":evBIV9R2qwTLvvkn07Yj" ADS removed successfully.
C:\ProgramData\Microsoft => ":TcKvlPaOk8NBAXOa0XB" ADS removed successfully.
"C:\Users\Tremain\Local Settings" => ":gnv0ttB1QpMbYyIvcGDQGox" ADS not found.
"C:\Users\Tremain\OneDrive" => ":ms-properties" ADS not found.
C:\Users\Tremain\AppData\Local => ":gnv0ttB1QpMbYyIvcGDQGox" ADS removed successfully.
"C:\Users\Tremain\AppData\Local\Application Data" => ":gnv0ttB1QpMbYyIvcGDQGox" ADS not found.
C:\Users\Tremain\AppData\Local\Temp => ":D2Zp538O2NQkc7xaVuiZ4" ADS removed successfully.
AlternateDataStreams: => Error: No automatic fix found for this entry.
Could not move "C:\Users\Tremain\AppData\Local\Temp:MxC4ORLO2Ey3nvVNvx71Z0ch" => Scheduled to move on reboot.
"C:\Users\Tremain\AppData\Local\Temporary Internet Files" => ":zVFQQ557VjMcYWnOu662dTET8O0Zbz" ADS not found.
EmptyTemp: => 451.3 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-25 12:21:52)<=
 
"C:\Users\Tremain\AppData\Local\Temp:MxC4ORLO2Ey3nvVNvx71Z0ch" => Could not move
 
==== End of Fixlog 12:21:52 ====
 
 
It Seems to be running a lot smoother now, not too much lag when start-up as it used to be, and now i can connect to my WiFi 


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,268 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:22 AM

Posted 25 July 2015 - 01:35 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,268 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:22 AM

Posted 31 July 2015 - 07:25 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users