Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Handle Leak explorer.exe and memory leak firefox.exe


  • This topic is locked This topic is locked
6 replies to this topic

#1 Egyoung1

Egyoung1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 24 January 2016 - 06:04 PM

I have no idea what may be causing a Handle leak or memory leak or what causes them.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-01-2016
Ran by eric (administrator) on ERIC (24-01-2016 19:53:18)
Running from C:\Users\eric\Downloads
Loaded Profiles: eric (Available Profiles: eric)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(DoD PKE Engineering) C:\Program Files\DoD-PKE\InstallRoot\InstallRootService.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15731.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.25.22.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-09] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-22] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179040 2013-10-15] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-08-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-27] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-03-01] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-03-01] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [840768 2015-12-29] (Webroot)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Run: [GoogleChromeAutoLaunch_6D4382F268C09BA9241DE79E98DCE3EC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748360 2016-01-12] (Google Inc.)
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2015-01-28] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\eric\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\eric\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\eric\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\eric\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\eric\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\eric\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-15] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-12-18]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-12-18]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2015-12-10]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2015-12-10]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-09-27]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 77.244.98.19 77.244.99.19
Tcpip\..\Interfaces\{2dec3e2e-ee6c-4ab7-8af6-f5a7bb2045a4}: [DhcpNameServer] 77.244.98.19 77.244.99.19
Tcpip\..\Interfaces\{cd4d1f10-fedb-4ad0-9a30-1076067c38af}: [DhcpNameServer] 77.244.98.19 77.244.99.19

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-4203953536-1566099970-3647134959-1001 -> DefaultScope {DC04703F-CF46-447B-B34C-C89ABA216644} URL =
SearchScopes: HKU\S-1-5-21-4203953536-1566099970-3647134959-1001 -> {DC04703F-CF46-447B-B34C-C89ABA216644} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-18] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-12-18] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-01] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-18] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-12-18] (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-01] (Oracle Corporation)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-18] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-18] (Webroot)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\eric\AppData\Roaming\Mozilla\Firefox\Profiles\8sr1tste.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin64.dll [2014-07-24] (Skype)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-09] (Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll [2014-07-24] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2013-08-06] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-12-18]
FF Extension: Webroot Password Manager - C:\Users\eric\AppData\Roaming\Mozilla\Firefox\Profiles\8sr1tste.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2015-12-18]
FF Extension: Webroot Password Manager - C:\Users\eric\AppData\Roaming\Mozilla\Firefox\Profiles\8sr1tste.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}.xpi [2015-08-21]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer

Chrome:
=======
CHR HomePage: Default -> hxxp://grantland.com/
CHR StartupUrls: Default -> "hxxp://www.grantland.com/"
CHR DefaultSearchURL: Default -> hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,202,0_0,Search,20140623,20034,0,31,0
CHR DefaultSearchKeyword: Default -> yahoo
CHR DefaultSuggestURL: Default -> hxxp://ff.search.yahoo.com/gossip?output=fxjson&amp;command={searchTerms}
CHR Profile: C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04]
CHR Extension: (Covenant Eyes for Google Chrome™) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegkegffcbgpfmemahhkgnbkocmbain [2015-04-22]
CHR Extension: (YouTube) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]
CHR Extension: (Google Search) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-29]
CHR Extension: (Google Play Music) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-05-14]
CHR Extension: (Bookmark Manager) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-09]
CHR Extension: (Crackle) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-05-24]
CHR Extension: (Webroot Filtering Extension) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-02-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Skype Click to Call) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-11]
CHR Extension: (Google Wallet) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-14]
CHR Extension: (Webroot Password Manager) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2014-09-22]
CHR Extension: (Gmail) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-09-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-15] (ABBYY)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-06-15] (WildTangent)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330144 2015-09-27] (Intel Corporation)
R2 InstallRoot; C:\Program Files\DoD-PKE\InstallRoot\InstallRootService.exe [755320 2015-02-13] (DoD PKE Engineering)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2015-03-17] (The OpenVPN Project)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-21] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [840768 2015-12-29] (Webroot)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-04-01] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-04-01] (Symantec Corporation) [File not signed]
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [3445248 2015-10-30] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-15] (Webroot)
R3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [45104 2015-12-18] (Webroot)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-24 19:53 - 2016-01-24 19:54 - 00029551 _____ C:\Users\eric\Downloads\FRST.txt
2016-01-24 19:53 - 2016-01-24 19:53 - 00000000 ____D C:\FRST
2016-01-24 19:45 - 2016-01-24 19:52 - 02370560 _____ (Farbar) C:\Users\eric\Downloads\FRST64.exe
2016-01-21 21:26 - 2016-01-21 21:26 - 04499648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-01-16 22:15 - 2016-01-16 22:15 - 00000695 _____ C:\Users\eric\Downloads\sync
2016-01-13 22:58 - 2016-01-05 03:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 22:58 - 2016-01-05 03:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-13 22:58 - 2016-01-05 03:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-13 22:58 - 2016-01-05 03:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 22:58 - 2016-01-05 03:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 22:58 - 2016-01-05 03:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 22:58 - 2016-01-05 03:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-13 22:58 - 2016-01-05 03:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 22:58 - 2016-01-05 03:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 22:58 - 2016-01-05 03:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 22:58 - 2016-01-05 03:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-13 22:58 - 2016-01-05 03:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 22:58 - 2016-01-05 02:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-13 22:58 - 2016-01-05 02:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-13 22:58 - 2016-01-05 02:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-13 22:58 - 2016-01-05 02:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 22:58 - 2016-01-05 02:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-13 22:58 - 2016-01-05 02:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-13 22:58 - 2016-01-05 02:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-13 22:58 - 2016-01-05 02:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 22:58 - 2016-01-05 02:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-13 22:58 - 2016-01-05 02:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-13 22:58 - 2016-01-05 02:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-13 22:58 - 2016-01-05 02:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-13 22:58 - 2016-01-05 02:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-13 22:57 - 2016-01-05 03:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-13 22:57 - 2016-01-05 03:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-13 22:57 - 2016-01-05 03:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-13 22:57 - 2016-01-05 03:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-13 22:57 - 2016-01-05 03:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 22:57 - 2016-01-05 03:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-13 22:57 - 2016-01-05 03:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 22:57 - 2016-01-05 03:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 22:57 - 2016-01-05 03:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-13 22:57 - 2016-01-05 03:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-13 22:57 - 2016-01-05 03:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-13 22:57 - 2016-01-05 03:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-13 22:57 - 2016-01-05 03:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 22:57 - 2016-01-05 03:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-13 22:57 - 2016-01-05 03:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-13 22:57 - 2016-01-05 03:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 22:57 - 2016-01-05 03:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 22:57 - 2016-01-05 03:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-13 22:57 - 2016-01-05 03:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 22:57 - 2016-01-05 03:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 22:57 - 2016-01-05 03:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 22:57 - 2016-01-05 03:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 22:57 - 2016-01-05 03:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 22:57 - 2016-01-05 02:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-13 22:57 - 2016-01-05 02:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-13 22:57 - 2016-01-05 02:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-13 22:57 - 2016-01-05 02:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-13 22:57 - 2016-01-05 02:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-13 22:57 - 2016-01-05 02:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 22:57 - 2016-01-05 02:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-13 22:57 - 2016-01-05 02:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-13 22:57 - 2016-01-05 02:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-13 22:57 - 2016-01-05 02:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-13 22:57 - 2016-01-05 02:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-13 22:57 - 2016-01-05 02:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-13 22:57 - 2016-01-05 02:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 22:57 - 2016-01-05 02:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-13 22:57 - 2016-01-05 02:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-13 22:57 - 2016-01-05 02:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-13 22:57 - 2016-01-05 02:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 22:57 - 2016-01-05 02:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-13 22:57 - 2016-01-05 02:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-13 22:57 - 2016-01-05 02:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 22:57 - 2016-01-05 02:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 22:57 - 2016-01-05 02:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 22:57 - 2016-01-05 02:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-13 22:57 - 2016-01-05 02:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-13 22:57 - 2016-01-05 02:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 22:57 - 2016-01-05 02:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-13 22:57 - 2016-01-05 02:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-13 22:57 - 2016-01-05 02:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 22:57 - 2016-01-05 02:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-13 22:57 - 2016-01-05 02:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 22:57 - 2016-01-05 02:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-13 22:57 - 2016-01-05 02:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-13 22:57 - 2016-01-05 02:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 22:57 - 2016-01-05 02:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 22:57 - 2016-01-05 02:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 22:57 - 2016-01-05 02:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-13 22:57 - 2016-01-05 02:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-13 22:57 - 2016-01-05 02:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-13 22:57 - 2016-01-05 02:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-07 10:27 - 2016-01-10 09:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-06 12:11 - 2016-01-06 12:11 - 00000000 ____D C:\Users\eric\Desktop\bgy7
2015-12-31 16:27 - 2015-12-31 19:26 - 00000000 ____D C:\Users\eric\Documents\MovieStudioBossTheSequel
2015-12-30 15:37 - 2015-12-31 16:07 - 00000000 ____D C:\Users\eric\AppData\Roaming\Omerta
2015-12-30 15:34 - 2016-01-01 10:30 - 00000000 ____D C:\Users\eric\AppData\Roaming\Kalypso Media
2015-12-29 17:18 - 2015-12-29 17:18 - 00165040 _____ C:\Users\eric\Desktop\loan.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-24 19:54 - 2014-02-20 09:09 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-24 19:53 - 2015-10-30 07:28 - 00000000 ____D C:\Windows
2016-01-24 19:41 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-24 19:28 - 2014-09-22 08:57 - 00000000 ____D C:\ProgramData\WRData
2016-01-24 19:26 - 2014-09-22 17:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-24 18:02 - 2014-04-01 20:49 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F66E3669-1BB9-44D6-A0D7-D5E6A803B97E}
2016-01-24 16:06 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-24 16:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-23 03:54 - 2014-02-20 09:09 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-22 07:34 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-22 07:31 - 2014-04-03 16:56 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-21 04:40 - 2015-08-21 13:15 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-20 22:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-20 11:23 - 2014-09-19 16:48 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-20 08:38 - 2013-12-03 13:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-20 08:27 - 2014-04-01 21:56 - 00000000 ___RD C:\Users\eric\Google Drive
2016-01-20 07:50 - 2015-08-21 13:52 - 00000000 __SHD C:\Users\eric\IntelGraphicsProfiles
2016-01-20 07:49 - 2015-12-02 19:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-20 07:49 - 2015-12-02 18:13 - 00000000 ____D C:\Users\eric
2016-01-20 07:49 - 2015-10-30 07:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-01-20 07:42 - 2015-02-27 19:05 - 00000000 ____D C:\Users\eric\AppData\Local\Steam
2016-01-18 01:27 - 2015-01-23 18:17 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-17 19:41 - 2014-05-19 14:28 - 00000000 ____D C:\Users\eric\AppData\LocalLow\Temp
2016-01-15 10:03 - 2014-09-25 20:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-15 10:03 - 2014-09-25 20:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-15 10:01 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-13 23:20 - 2014-09-25 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 23:18 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-13 23:17 - 2014-04-09 19:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 23:08 - 2014-04-09 19:02 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-13 14:13 - 2014-12-29 03:36 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-10 09:38 - 2014-09-16 13:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-09 21:30 - 2014-04-01 20:40 - 00000000 ____D C:\Users\eric\AppData\Local\VirtualStore
2016-01-08 21:11 - 2014-11-09 13:43 - 00000000 ____D C:\Users\eric\AppData\Roaming\Tropico 3
2016-01-03 02:40 - 2015-10-30 08:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-03 02:40 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-01 10:30 - 2014-08-29 11:50 - 00000000 ____D C:\Users\eric\Documents\My Games
2015-12-29 21:56 - 2014-09-22 08:57 - 00170760 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2015-12-29 21:56 - 2014-09-22 08:57 - 00105888 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2015-12-29 17:20 - 2014-04-01 20:40 - 00000000 ____D C:\Users\eric\AppData\Local\Packages
2015-12-27 20:31 - 2014-04-03 01:11 - 00000000 ____D C:\Users\eric\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2014-09-22 08:58 - 2015-12-18 12:06 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2014-04-02 00:19 - 2014-04-02 00:19 - 0000017 _____ () C:\Users\eric\AppData\Local\resmon.resmoncfg
2015-12-02 18:08 - 2015-12-02 18:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-10-29 11:06 - 2015-10-29 11:06 - 0011508 _____ () C:\ProgramData\wbmTycoon_WBMBarGraph_2
2015-10-29 11:06 - 2015-10-29 11:06 - 0006200 _____ () C:\ProgramData\wbmTycoon_WBMLineGraph_1
2015-10-29 11:06 - 2015-10-29 11:06 - 0006075 _____ () C:\ProgramData\wbmTycoon_WBMLineGraph_2

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-18 18:05

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-01-2016
Ran by eric (2016-01-24 19:55:25)
Running from C:\Users\eric\Downloads
Windows 10 Home (X64) (2015-12-02 19:08:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4203953536-1566099970-3647134959-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4203953536-1566099970-3647134959-503 - Limited - Disabled)
eric (S-1-5-21-4203953536-1566099970-3647134959-1001 - Administrator - Enabled) => C:\Users\eric
Guest (S-1-5-21-4203953536-1566099970-3647134959-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4203953536-1566099970-3647134959-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Out of date) {66A6FE14-08CB-F415-3742-517201416109}
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Enabled - Out of date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.15.58233 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.15.58233 - ABBYY) Hidden
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3715.05 - CyberLink Corp.)
Download Navigator (HKLM-x32\...\{3A3A3B34-6EA2-4031-8580-D66D29533E89}) (Version: 3.4.0 - SEIKO EPSON CORPORATION)
DTS Sound (HKLM-x32\...\{793B70D2-41E9-46AB-9DDC-B34C99D07DB5}) (Version: 1.02.4100 - DTS, Inc.)
Elevated Installer (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Encountering the Old Testament 2 (HKLM-x32\...\Encountering the Old Testament 2_is1) (Version: - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-2520 Series Printer Uninstall (HKLM\...\EPSON WF-2520 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Garmin Express (HKLM-x32\...\{714dc1e5-69a4-4ecd-9552-93397e084298}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Grand Ages: Medieval (HKLM-x32\...\Steam App 310470) (Version: - Gaming Minds Studios)
HMA! Pro VPN 2.8.24.0 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.8.24.0 - Privax Ltd)
InstallRoot (HKLM\...\{A765EB7C-8360-49B8-804D-E2FB6D613C1D}) (Version: 4.1 - DoD PKE)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel® Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.)
Medieval Battlefields (x32 Version: 3.0.2.48 - WildTangent) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft Rise Of Nations (HKLM-x32\...\RiseOfNations 1.0) (Version: - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Prison Tycoon - Alcatraz (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Rome: Total War (HKLM-x32\...\Steam App 4760) (Version: - The Creative Assembly)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - Firaxis Games)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{69F300CB-D6BF-41DD-B7CC-983BAFF4EE15}) (Version: 3.1.15602.22612 - Skype Technologies S.A.)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
Synctunes Desktop (HKLM-x32\...\{4503D496-8D6B-4FC2-9A66-1CD6E12CD5DA}) (Version: 1.1.5 - The Bit Studio)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Display Utility (HKLM\...\{0B39C39A-3ECE-4582-9C91-842D22819A24}) (Version: 2.0.1.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.1.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.04.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{2DB90351-FBAA-472B-9F12-6E1EBBB354DE}) (Version: v2.1.0.15 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.0.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.7.46 - Webroot)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.7 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4203953536-1566099970-3647134959-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\eric\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4203953536-1566099970-3647134959-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0466099F-13CC-42CD-A701-3474F037EB76} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {0E0EC068-C8DB-46A1-80EE-EF71DF819B2C} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {0F6C3413-707B-4F2F-9CC0-7A759DE8DF97} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {205D7DAD-D32E-4867-8CA7-F236EDFF2398} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {223213C4-AD2B-41CF-8C14-107921999346} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2015-01-28] ()
Task: {29CAA92A-90D4-4D78-9335-90004DF4075C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {2B070727-E711-4C5D-8D26-DDF03C207554} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {32574149-4F7E-46DF-97A8-3CD747BF6AA9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {343EB2C0-676B-4CB1-8D16-28ADD91C3757} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {37DF0FEA-FDF9-42D2-AD39-2354B1D4D17F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {48DD5DB3-A8F5-489D-91B9-0EEC32EDF13B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {59091047-D05B-4F62-8FAD-56CB380BFDC5} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-08-21] (Synaptics Incorporated)
Task: {5D23E7C1-10C9-464F-9DB9-A08907EB5015} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {65CBA688-50F6-45D9-AF57-582477EB7D86} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2015-05-27] ()
Task: {6EC94B69-37B0-436E-8EB2-6A9E65E313D6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6F1F5640-6234-4279-8F9E-4E7E28216C6B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7097F1AA-40DC-4286-9BE4-A5D847F43ED8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {70E89AEC-83B2-4872-B99B-8CB0F31E5BEA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {769298CA-81EE-4897-8ED8-D9F8C6E337CB} - System32\Tasks\{C645B6AB-3F97-4A62-B415-AC558FCDBE90} => pcalua.exe -a D:\setup.exe -d D:\ -c /autorun
Task: {77B5832B-7A87-42F0-AFBE-0B7AF07384FF} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor)
Task: {7D81F1B9-459B-42B0-A207-1B615A91F331} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7E78221E-A7B2-4C84-BAB9-E95A6C845BE5} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe
Task: {80E21BBC-94DB-43A1-802E-B0221BB24C24} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BFDF4B70-EF96-48FC-84D1-92F490C73B00} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {C1CCE66E-2374-4746-A97A-A92B3E158129} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {CD0BBCFF-DDE9-465D-A999-562CD73D9279} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-21] (Adobe Systems Incorporated)
Task: {DEA5B89E-4340-428E-99A3-12E2E61D6CD3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-13] (Microsoft Corporation)
Task: {E505AB6C-4407-4412-B064-F6A8E3AB5493} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E64C82DE-DC98-4A63-A65C-AAF39AC1B995} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe
Task: {FD89EB38-DCD2-40CB-96E0-B9DD22B03F18} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2007-12-05 15:59 - 2007-12-05 15:59 - 00022016 _____ () C:\WINDOWS\System32\sdu1ml6.dll
2015-05-15 14:26 - 2015-05-15 14:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 14:26 - 2015-05-15 14:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-13 12:45 - 2015-02-13 12:45 - 03716728 _____ () C:\Program Files\DoD-PKE\InstallRoot\IrTampLib_SWIG_vc.DLL
2015-12-04 04:16 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-04 04:16 - 2015-11-22 11:47 - 02653816 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-12-04 04:16 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-15 20:12 - 2015-09-01 17:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-01-13 22:58 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-13 22:58 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 22:58 - 2016-01-05 02:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-13 22:58 - 2016-01-05 02:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-05-27 12:46 - 2015-05-27 12:46 - 00019960 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2015-12-18 12:25 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 12:25 - 2015-12-07 05:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-18 12:25 - 2015-12-07 05:00 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-12-10 16:08 - 2015-12-10 16:11 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-10 16:08 - 2015-12-10 16:11 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-20 10:41 - 2015-11-20 10:42 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-01-20 22:37 - 2016-01-20 22:38 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-15 05:54 - 2015-12-15 05:54 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-01-21 23:25 - 2016-01-21 23:25 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2014-04-03 16:56 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-01-24 15:43 - 2016-01-24 16:05 - 09737216 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.25.22.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2016-01-20 07:54 - 2016-01-20 07:54 - 00098816 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\win32api.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00110080 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\pywintypes27.dll
2016-01-20 07:54 - 2016-01-20 07:54 - 00364544 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\pythoncom27.dll
2016-01-20 07:54 - 2016-01-20 07:54 - 00046080 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\_socket.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 01208320 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\_ssl.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00320512 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\win32com.shell.shell.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00776704 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\_hashlib.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 01176576 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\wx._core_.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00806400 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\wx._gdi_.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00816128 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\wx._windows_.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 01067008 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\wx._controls_.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00733184 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\wx._misc_.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00682496 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\pysqlite2._sqlite.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00088064 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\_ctypes.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00119808 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\win32file.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00108544 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\win32security.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00007168 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\hashobjs_ext.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00017920 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\thumbnails_ext.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00079360 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\usb_ext.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00167936 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\win32gui.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00018432 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\win32event.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00128512 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\_elementtree.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00127488 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\pyexpat.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00013824 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\common.time34.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00036864 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\_psutil_windows.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00038912 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\win32inet.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00525640 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\windows._lib_cacheinvalidation.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00011264 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\win32crypt.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00077312 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\wx._html2.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00027136 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\_multiprocessing.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00020480 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\_yappi.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00035840 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\win32process.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00686080 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\unicodedata.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00123392 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\wx._wizard.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00024064 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\win32pipe.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00010240 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\select.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00025600 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\win32pdh.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00017408 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\win32profile.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00022528 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\win32ts.pyd
2016-01-20 07:54 - 2016-01-20 07:54 - 00078848 _____ () C:\Users\eric\AppData\Local\Temp\_MEI51882\wx._animate.pyd
2014-08-20 13:38 - 2015-11-10 20:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 17:43 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-08-28 02:48 - 2015-12-14 21:01 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-20 17:43 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 17:43 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-08-21 09:15 - 2015-09-24 01:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-21 09:15 - 2015-09-24 01:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-21 09:15 - 2015-09-24 01:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-21 09:15 - 2015-09-24 01:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-21 09:15 - 2015-09-24 01:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-08-28 02:48 - 2015-12-14 21:01 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-08-13 16:01 - 2015-11-03 23:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2014-08-20 13:38 - 2015-11-17 01:31 - 47846176 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-01-20 17:43 - 2015-09-25 00:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-01-21 23:25 - 2016-01-21 23:25 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-21 23:25 - 2016-01-21 23:25 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\army.mil -> hxxps://www.us.army.mil
IE trusted site: HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\mail.mil -> hxxps://web.mail.mil

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-04-01 20:58 - 00014138 ____A C:\WINDOWS\system32\Drivers\etc\hosts

216.239.32.20 www.google.ac # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.ad # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.ae # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.al # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.am # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.as # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.at # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.az # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.ba # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.be # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.bf # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.bg # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.bi # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.bj # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.bs # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.bt # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.by # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.ca # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.cat # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.cc # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.cd # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.cf # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.cg # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.ch # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.ci # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.cl # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.cm # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.cn # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.co.ao # *DO NOT MODIFY/DELETE THIS ENTRY*
216.239.32.20 www.google.co.bw # *DO NOT MODIFY/DELETE THIS ENTRY*

There are 169 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\eric\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\100_1132.jpg
DNS Servers: 77.244.98.19 - 77.244.99.19
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_6D4382F268C09BA9241DE79E98DCE3EC"
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D3277ABF-06E6-489A-9348-0502AF3755A7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9E17E3CC-6742-42A2-AC3F-1964481B935F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF267716-234C-496D-93C0-59314A31A40B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Medieval 1 Gold\launcher\launcher.exe
FirewallRules: [{EFC2DB6F-2F17-4223-95F1-122A1DF12476}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Medieval 1 Gold\launcher\launcher.exe
FirewallRules: [{39A5F6B6-EEFB-4A9C-BB30-02D5F30FC435}] => (Allow) C:\Program Files (x86)\The Bit Studio\Synctunes Desktop\Synctunes.exe
FirewallRules: [{04999683-4BBF-42D8-B06C-A2462F1478B0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E3B1AB07-1636-4800-ADC8-D792D14C5F2E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2D4AFDBC-C298-4708-8A4E-886906C90E16}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3CCAD6AC-D878-4975-82A2-056FB244ACEC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{53096054-D596-475D-87D9-329C528C6103}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{05E55A24-1717-4A54-AD84-BD2E8142817D}] => (Allow) C:\Users\eric\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{6507A5C0-8689-4297-9D79-EEA250E3D1AA}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{F4AFC928-9D53-4B85-A634-DACD51DD9468}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{DD18B198-94BC-4780-8E2C-539A258B43CA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{A5C6EA7D-6527-4B82-B6A3-A18B69342D12}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{0346E431-23DB-4FB4-B90A-561E034DCCD2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{0B4BC63C-8E2D-4CEC-9CFC-F9B63FD43AFE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7C62E208-A315-441F-892D-A4B6A3E96B27}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{46B0ABDD-C7AC-4960-839F-79F732D6E9A3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A96486F2-7B9E-44AD-A3AC-0D3535FA47D2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2026C6CE-319D-4202-8859-C1223D13ADCB}] => (Allow) C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\SkypeWebPlugin.exe
FirewallRules: [{E1CF1FB2-1A0F-4030-B546-5B0B3F811558}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BAA39DE8-373C-4F54-99BA-F549C2E53F7C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{1856E4E3-BFA5-4965-BD10-E30827C98722}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{FA2E01BA-C8CD-4138-862A-79E08AC6FC48}C:\program files (x86)\prompt downloader\promptdownloader.exe] => (Allow) C:\program files (x86)\prompt downloader\promptdownloader.exe
FirewallRules: [UDP Query User{C8F4809E-09E4-4AFF-AE48-C306C6985699}C:\program files (x86)\prompt downloader\promptdownloader.exe] => (Allow) C:\program files (x86)\prompt downloader\promptdownloader.exe
FirewallRules: [TCP Query User{E31ED9DA-2577-43F6-B492-79AFADE767CE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{00F334DE-FDA6-4BDF-8AB0-6961ECDC190A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{A5605FF5-9CCF-42C3-BAEB-D1C59DA2243B}C:\program files (x86)\steam\steamapps\common\dawn of discovery\tools\anno4web.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dawn of discovery\tools\anno4web.exe
FirewallRules: [UDP Query User{7C951184-3091-4138-AFAC-DCF147DBDD2C}C:\program files (x86)\steam\steamapps\common\dawn of discovery\tools\anno4web.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dawn of discovery\tools\anno4web.exe
FirewallRules: [TCP Query User{91C64F35-6EB6-4868-8950-E3EE6B56FBCD}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9A3E430E-C803-4226-9BAA-BA8299CC7DC2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{8DFAF5FF-FB3D-429E-85EB-84D6590EEE67}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{0C1C2E93-4BD3-4B1D-82A8-62481B20B5A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{1686BB05-7041-46DD-9357-ABBFF9BEC8A8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{10326C0E-C6BC-44FC-B44C-80B34CE6E867}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{E8A620C0-ED89-4ED5-82E2-532597312E80}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Shogun 1 Gold\launcher\launcher.exe
FirewallRules: [{3C862E1B-E87F-4C88-91AB-FEB5D5FB63BC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Shogun 1 Gold\launcher\launcher.exe
FirewallRules: [{51A46014-3DA2-4428-8CC3-8027442032DF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Ages Medieval\GrandAgesMedieval.exe
FirewallRules: [{DE4292E3-EF16-4FDD-96D4-25DE1CE8D3E2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Ages Medieval\GrandAgesMedieval.exe
FirewallRules: [{6B5FCD83-6218-42C9-90BB-1ACC81118157}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EA2253C2-3EED-421A-BC3A-0CD4ABA0A8C7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{F7C904ED-2F68-41D5-AA36-E1829C05F9AA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe

==================== Restore Points =========================

18-12-2015 16:24:27 Windows Update
24-12-2015 14:25:28 Installed DirectX
30-12-2015 15:32:57 Installed DirectX
06-01-2016 12:27:09 Windows Update
13-01-2016 23:07:21 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2016 07:16:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2511563

Error: (01/24/2016 07:16:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2511563

Error: (01/24/2016 07:16:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/24/2016 05:59:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ERIC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/24/2016 04:52:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1578

Error: (01/24/2016 04:52:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1578

Error: (01/24/2016 04:52:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/24/2016 02:28:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 48203

Error: (01/24/2016 02:28:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 48203

Error: (01/24/2016 02:28:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (01/24/2016 07:18:46 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (01/24/2016 06:34:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/24/2016 06:01:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (01/24/2016 04:52:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/24/2016 02:44:34 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (01/24/2016 02:27:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/24/2016 10:58:18 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (01/24/2016 10:55:28 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (01/23/2016 09:35:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/23/2016 07:58:52 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}


CodeIntegrity:
===================================
Date: 2016-01-15 10:07:16.332
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-08 19:48:47.900
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-07 10:11:38.263
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-04 06:58:19.233
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-01 15:59:14.027
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-21 16:51:05.331
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-15 05:48:36.979
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-14 21:43:28.163
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-14 03:24:28.562
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-11 07:03:49.299
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU N2820 @ 2.13GHz
Percentage of memory in use: 56%
Total physical RAM: 3979.19 MB
Available physical RAM: 1730.43 MB
Total Virtual: 6469.85 MB
Available Virtual: 3066.8 MB

==================== Drives ================================

Drive c: (TI10686800A) (Fixed) (Total:455.38 GB) (Free:355.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 28 January 2016 - 06:27 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:12 PM

Posted 28 January 2016 - 06:29 PM

Greetings Egyoung1 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Are you or have you been in Germany?

What information are you seeing regarding the leaks?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKU\S-1-5-21-4203953536-1566099970-3647134959-1001 -> DefaultScope {DC04703F-CF46-447B-B34C-C89ABA216644} URL =
SearchScopes: HKU\S-1-5-21-4203953536-1566099970-3647134959-1001 -> {DC04703F-CF46-447B-B34C-C89ABA216644} URL =
Task: {0F6C3413-707B-4F2F-9CC0-7A759DE8DF97} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2B070727-E711-4C5D-8D26-DDF03C207554} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {32574149-4F7E-46DF-97A8-3CD747BF6AA9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {37DF0FEA-FDF9-42D2-AD39-2354B1D4D17F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6EC94B69-37B0-436E-8EB2-6A9E65E313D6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6F1F5640-6234-4279-8F9E-4E7E28216C6B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7097F1AA-40DC-4286-9BE4-A5D847F43ED8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {70E89AEC-83B2-4872-B99B-8CB0F31E5BEA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {769298CA-81EE-4897-8ED8-D9F8C6E337CB} - System32\Tasks\{C645B6AB-3F97-4A62-B415-AC558FCDBE90} => pcalua.exe -a D:\setup.exe -d D:\ -c /autorun
Task: {80E21BBC-94DB-43A1-802E-B0221BB24C24} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E505AB6C-4407-4412-B064-F6A8E3AB5493} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FD89EB38-DCD2-40CB-96E0-B9DD22B03F18} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • Fixlog
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Egyoung1

Egyoung1
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 29 January 2016 - 05:48 AM

Attached File  Fixlog.txt   8.24KB   1 downloadsI live in Germany.  I am not sure what is causing the leaks, my virus scanner said these two programs had a memory and handle leak.  (I am not sure that that is.)
Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by eric (2016-01-29 11:41:41) Run:1
Running from C:\Users\eric\Desktop
Loaded Profiles: eric (Available Profiles: eric)
Boot Mode: Normal
==============================================

fixlist content:
*****************
SearchScopes: HKU\S-1-5-21-4203953536-1566099970-3647134959-1001 -> DefaultScope {DC04703F-CF46-447B-B34C-C89ABA216644} URL =
SearchScopes: HKU\S-1-5-21-4203953536-1566099970-3647134959-1001 -> {DC04703F-CF46-447B-B34C-C89ABA216644} URL =
Task: {0F6C3413-707B-4F2F-9CC0-7A759DE8DF97} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2B070727-E711-4C5D-8D26-DDF03C207554} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {32574149-4F7E-46DF-97A8-3CD747BF6AA9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {37DF0FEA-FDF9-42D2-AD39-2354B1D4D17F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6EC94B69-37B0-436E-8EB2-6A9E65E313D6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6F1F5640-6234-4279-8F9E-4E7E28216C6B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7097F1AA-40DC-4286-9BE4-A5D847F43ED8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {70E89AEC-83B2-4872-B99B-8CB0F31E5BEA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {769298CA-81EE-4897-8ED8-D9F8C6E337CB} - System32\Tasks\{C645B6AB-3F97-4A62-B415-AC558FCDBE90} => pcalua.exe -a D:\setup.exe -d D:\ -c /autorun
Task: {80E21BBC-94DB-43A1-802E-B0221BB24C24} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E505AB6C-4407-4412-B064-F6A8E3AB5493} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FD89EB38-DCD2-40CB-96E0-B9DD22B03F18} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
*****************

HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC04703F-CF46-447B-B34C-C89ABA216644}" => key removed successfully
HKCR\CLSID\{DC04703F-CF46-447B-B34C-C89ABA216644} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F6C3413-707B-4F2F-9CC0-7A759DE8DF97}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F6C3413-707B-4F2F-9CC0-7A759DE8DF97}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B070727-E711-4C5D-8D26-DDF03C207554}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B070727-E711-4C5D-8D26-DDF03C207554}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32574149-4F7E-46DF-97A8-3CD747BF6AA9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32574149-4F7E-46DF-97A8-3CD747BF6AA9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37DF0FEA-FDF9-42D2-AD39-2354B1D4D17F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37DF0FEA-FDF9-42D2-AD39-2354B1D4D17F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EC94B69-37B0-436E-8EB2-6A9E65E313D6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EC94B69-37B0-436E-8EB2-6A9E65E313D6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F1F5640-6234-4279-8F9E-4E7E28216C6B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F1F5640-6234-4279-8F9E-4E7E28216C6B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7097F1AA-40DC-4286-9BE4-A5D847F43ED8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7097F1AA-40DC-4286-9BE4-A5D847F43ED8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70E89AEC-83B2-4872-B99B-8CB0F31E5BEA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70E89AEC-83B2-4872-B99B-8CB0F31E5BEA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{769298CA-81EE-4897-8ED8-D9F8C6E337CB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{769298CA-81EE-4897-8ED8-D9F8C6E337CB}" => key removed successfully
C:\WINDOWS\System32\Tasks\{C645B6AB-3F97-4A62-B415-AC558FCDBE90} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C645B6AB-3F97-4A62-B415-AC558FCDBE90}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80E21BBC-94DB-43A1-802E-B0221BB24C24}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80E21BBC-94DB-43A1-802E-B0221BB24C24}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E505AB6C-4407-4412-B064-F6A8E3AB5493}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E505AB6C-4407-4412-B064-F6A8E3AB5493}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FD89EB38-DCD2-40CB-96E0-B9DD22B03F18}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD89EB38-DCD2-40CB-96E0-B9DD22B03F18}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\Software\Classes\exefile => key not found.

==== End of Fixlog 11:41:58 ====

Edited by Oh My!, 29 January 2016 - 10:01 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:12 PM

Posted 29 January 2016 - 10:04 AM

Thank you, please attach the System Summary report. The steps are contained in Post #2.

 

Are you able to provide the exact information from your Antivirus program?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:12 PM

Posted 01 February 2016 - 11:07 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:12 PM

Posted 03 February 2016 - 03:27 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:12 PM

Posted 03 February 2016 - 03:27 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users