Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirecting to ads


  • This topic is locked This topic is locked
32 replies to this topic

#1 Flyingsushi

Flyingsushi

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 14 June 2016 - 05:52 PM

Ran by rachel (2016-06-14 18:36:11)
Running from C:\Users\rachel\Downloads
Windows 8.1 (Update) (X64) (2014-12-28 23:57:10)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3828471679-650921150-1557953286-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3828471679-650921150-1557953286-501 - Limited - Enabled) => C:\Users\Guest
rachel (S-1-5-21-3828471679-650921150-1557953286-1001 - Administrator - Enabled) => C:\Users\rachel

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C4152B0B-1B9B-51E7-068A-800FCE6D792D}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CWA Reminder by We-Care.com v4.1.22.3 (HKLM-x32\...\{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}) (Version: 4.1.22.3 - We-Care.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Chrome (HKLM-x32\...\Google Chrome_is1) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Internet Explorer 11 (HKLM-x32\...\{66732EEE-ECBC-4CA6-A474-1122}_is1) (Version:  - Microsoft Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3828471679-650921150-1557953286-1001\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6414 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0013 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07AF4D0C-842E-4462-9001-7A1B04D2FC7E} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe <==== ATTENTION
Task: {080688EF-C83B-43A7-8464-9CE978336C5A} - System32\Tasks\HDNINSTSCHD => C:\WINDOWS\PCBHDNW\hdnInstaller.exe <==== ATTENTION
Task: {0C1A956B-64CB-4E24-8B6B-A45710B4BE74} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {11313118-646B-4707-8665-DD28ADEC09ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {262AF14C-F11C-4098-A427-2286A52F48CB} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3828471679-650921150-1557953286-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {269D2528-9B11-4233-B093-6C0F2F817E8C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3828471679-650921150-1557953286-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {35AECD36-ED25-4B7C-9E5F-0F3EDDCFBDAC} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe <==== ATTENTION
Task: {3B6EA84C-7722-41BD-80B5-D6AFCF2B7D76} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-15] (Adobe Systems Incorporated)
Task: {3BE46402-ACD9-4184-9F4C-4DF31AD12D6D} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\HomeTab\WBrokerHandler.exe <==== ATTENTION
Task: {4C1BAA9F-D246-4C15-831D-30E6FD9FC222} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {4E5D0CA4-4BC9-4706-AC1F-0A63DA38E4DB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {51DEA08D-E6B3-44BF-BB2A-346C85070AF2} - System32\Tasks\RNUpgradeHelperLogonPrompt_rachel => C:\Users\rachel\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.03\agent\rnupgagent.exe [2016-06-14] (RealNetworks, Inc.)
Task: {5B112812-BDCF-4F6B-93C0-E461D0CF9899} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-18] (Microsoft Corporation)
Task: {613C8501-AE8A-4ACC-B19B-75B7A9C5681F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {623C68ED-3DBC-4374-B863-A9B8735085D1} - System32\Tasks\IEError => C:\Program Files (x86)\Tuneup computer\Popialert.exe
Task: {62B0BB6D-F8A9-420C-8DE1-FE6CB9B1E4B8} - System32\Tasks\ReclaimerUpdateXML_rachel => C:\Users\rachel\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.03\agent\rnupgagent.exe [2016-06-14] (RealNetworks, Inc.)
Task: {6420830C-6EDB-49B4-AC2C-88813C4F1D3F} - System32\Tasks\boosterpop => C:\Program Files (x86)\Tuneup computer\Probsalert.exe
Task: {66C08AB2-2C52-4EE0-B476-8B8DF0A87A32} - System32\Tasks\avaxvavya => C:\Users\rachel\AppData\Local\avaxvavya\avaxvavya.exe <==== ATTENTION
Task: {6AEF86F1-6ADB-4F3F-AE6A-4EBA6A51638C} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Tuneup computer\updater.exe
Task: {6ED9E5A5-74EC-40CA-B689-96408E9E0E38} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3828471679-650921150-1557953286-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {762B9C17-E704-43C1-ABDB-96E199CB59FF} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {80882261-0711-4CFF-A3F7-9A1F90C39442} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {91C02209-6572-4510-9277-24C3B8C9CDD3} - System32\Tasks\RNUpgradeHelperResumePrompt_rachel => C:\Users\rachel\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.03\agent\rnupgagent.exe [2016-06-14] (RealNetworks, Inc.)
Task: {A4B586A5-0EB9-46AD-8B57-5A26585F0040} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {B73F8521-7ED9-4946-8B87-644068CC264D} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\WSearchProtect.exe <==== ATTENTION
Task: {BBD69363-BBAD-49B4-AF8D-A9FDC45CB472} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3828471679-650921150-1557953286-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {BCE5C4A0-0BF2-4B9E-8944-4EE5EE1397D6} - \Browser Updater\Browser Updater -> No File <==== ATTENTION
Task: {BD02BBC7-0CCD-43C7-B5A9-121B40CED1C8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {C26114AD-EBAC-4AEE-BE1C-9A65303EC027} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {C2F704A9-DE66-4A48-89D1-A6DF006D886F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3828471679-650921150-1557953286-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CF4B52B9-626F-4D99-ADDC-D33596A812A9} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {D4FC49CB-4107-454B-A4A7-28EFA3B41B27} - System32\Tasks\ReclaimerUpdateFiles_rachel => C:\Users\rachel\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.03\agent\rnupgagent.exe [2016-06-14] (RealNetworks, Inc.)
Task: {D7E0E658-C953-4CA7-A84C-EC139B1B4A9A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {D9378434-CC7F-47DB-A36A-DB45B0546BC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {DADF5695-5141-4220-A062-2DD8FA575B9B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\rachel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Users\rachel\AppData\Local\Google\Chrome\Application\46.10.2479.1\chromer.exe (Google Inc.) ->  --load-extension="C:\ProgramData\Google\Extensions\ytd"
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\ProgramData\Google\Extensions\ytd"

==================== Loaded Modules (Whitelisted) ==============

2014-07-04 22:33 - 2014-07-04 22:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-08-13 22:13 - 2012-08-13 22:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2013-08-22 03:19 - 2013-08-22 02:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd
2016-05-28 18:53 - 2016-05-28 18:53 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\e2e1cd64b91b7395a96ebcde35a63a1c\Windows.Foundation.ni.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-23 19:36 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-23 19:36 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-23 19:36 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-23 19:36 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-23 19:36 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-03-13 22:05 - 2015-04-07 19:18 - 40506936 _____ () C:\Users\rachel\AppData\Roaming\Spotify\libcef.dll
2015-03-13 22:05 - 2015-04-07 19:18 - 01365560 _____ () C:\Users\rachel\AppData\Roaming\Spotify\libglesv2.dll
2015-03-13 22:05 - 2015-04-07 19:18 - 00219192 _____ () C:\Users\rachel\AppData\Roaming\Spotify\libegl.dll
2015-03-13 22:05 - 2015-03-13 22:05 - 09305656 _____ () C:\Users\rachel\AppData\Roaming\Spotify\pdf.dll
2015-03-13 22:05 - 2015-04-07 19:18 - 00990776 _____ () C:\Users\rachel\AppData\Roaming\Spotify\ffmpegsumo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376 [147]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2016-04-13 20:28 - 00000857 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3828471679-650921150-1557953286-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\rachel\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\554887_457385930981499_2040076795_n.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "ospd_us_776"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{D2C40D68-F68D-4ECC-A923-C271ECD200C1}C:\users\rachel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rachel\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{8DB63697-08E4-4DE3-894C-0F07AB8C3068}C:\users\rachel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rachel\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2145F8B0-2A02-490D-BC92-1F7BD106C38E}C:\users\rachel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rachel\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6E988563-22C5-4B38-89FE-EA4B9627D95F}C:\users\rachel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rachel\appdata\roaming\spotify\spotify.exe
FirewallRules: [{12A7EF17-52B1-4433-9630-C893082DE7C2}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A9A27953-B202-4CCD-B7BC-292728E750DA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2FF66B84-6547-49C8-9E92-DC828A46ED79}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9DC3B069-7F92-45A0-8517-B77899A24E04}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F3156856-78D4-40FC-97DE-CBEBD7FC0873}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{140B793F-745E-44FF-99AD-66083BC3523A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{0F7812EE-19D9-4517-ADAB-248F4E6E6FC5}] => (Allow) LPort=1900
FirewallRules: [{6243A023-8B9C-4A2F-A4C1-53569B92F894}] => (Allow) LPort=2869
FirewallRules: [{C1FE97EC-B03D-48FF-94D5-E5FC0E1F9A37}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{E33E9995-A249-4FBD-9571-E8C1F38E937C}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{A8319C30-1C3E-4819-A766-D17734591B32}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{58617B2A-F7C1-4854-A76B-0966CAED7EB2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{630E2636-A7EF-47D7-8D40-D71257F67E1D}] => (Allow) C:\Users\rachel\AppData\Roaming\OAS\oas.exe
FirewallRules: [{D6DA8686-E0EA-44C3-99B1-C9CDE232B548}] => (Allow) C:\Program Files (x86)\Windows FontCache\R1\WmiPrvSD.exe
FirewallRules: [{D1F824F7-2C9D-4FB8-8115-158167A0AA3C}] => (Allow) C:\Program Files (x86)\Windows FontCache\R1\FontCache.exe
FirewallRules: [{DDBB3239-9E26-44D3-A50D-73B4B60101E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{03F05B06-F241-4822-A92C-BBF4EC44A820}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D6F05DA5-0A82-40B1-B050-0EE4EFA6CDB5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF6099CB-F5E7-479D-9460-942362DE99A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

26-05-2016 07:48:43 Scheduled Checkpoint
04-06-2016 14:20:44 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2016 06:00:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2354375

Error: (06/14/2016 06:00:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2354375

Error: (06/14/2016 06:00:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/14/2016 11:51:36 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (06/14/2016 11:50:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RACHELSPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/14/2016 11:50:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: da0

Start Time: 01d1c6546e02abe3

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\wwahost.exe

Report Id: b5d83548-3247-11e6-bf37-008cfa220215

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: Microsoft.WindowsLive.Mail

Error: (06/14/2016 11:50:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: RACHELSPC)
Description: App microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Mail did not launch within its allotted time.

Error: (06/14/2016 11:50:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: RACHELSPC)
Description: Package microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe+ppleae38af2e007f4358a809ac99a64a67c1 was terminated because it took too long to suspend.

Error: (06/14/2016 11:50:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RACHELSPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/14/2016 11:50:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: RACHELSPC)
Description: App microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Mail did not launch within its allotted time.

System errors:
=============
Error: (06/14/2016 11:49:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SuperOptimizer Stats service to connect.

Error: (06/14/2016 11:49:05 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:17:56 PM on ‎6/‎12/‎2016 was unexpected.

Error: (06/11/2016 01:10:22 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Device Association Service service, but this action failed with the following error:
An instance of the service is already running.

Error: (06/11/2016 01:09:27 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Connection Broker service, but this action failed with the following error:
An instance of the service is already running.

Error: (06/11/2016 01:09:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (06/11/2016 01:09:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/11/2016 01:09:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (06/11/2016 01:09:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/11/2016 01:09:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/11/2016 01:09:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Network Connection Broker service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

==================== Memory info ===========================

Processor: AMD E2-1800 APU with Radeon™ HD Graphics
Percentage of memory in use: 41%
Total physical RAM: 3678.26 MB
Available physical RAM: 2161.18 MB
Total Virtual: 5470.26 MB
Available Virtual: 3441.75 MB

==================== Drives ================================

Drive c: (TI10653500D) (Fixed) (Total:455.08 GB) (Free:404.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

I am trying to help a friend with a older computer.  Most of the problems seems to be constantly being redirected to adds.  The other thing I noticed it seems to be mostly when using Chrome web browser.
 
 

Ran by rachel (administrator) on RACHELSPC (14-06-2016 18:34:23)
Running from C:\Users\rachel\Downloads
Loaded Profiles: rachel (Available Profiles: rachel & Administrator & Guest)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(Hefei Hejunzhengce Info Tech Co., Ltd.) C:\Program Files (x86)\Windows FontCache\R1\FontCache.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Spotify Ltd) C:\Users\rachel\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(© 2015 Microsoft Corporation) C:\Users\rachel\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Spotify Ltd) C:\Users\rachel\AppData\Roaming\Spotify\Spotify.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
(Spotify Ltd) C:\Users\rachel\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(@Microsoft Corporation) C:\Program Files (x86)\Windows Network Services\v8\winnetwork.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Spotify Ltd) C:\Users\rachel\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Spotify Ltd) C:\Users\rachel\AppData\Roaming\Spotify\Spotify.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-09-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [ospd_us_776] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3828471679-650921150-1557953286-1001\...\Run: [Spotify Web Helper] => C:\Users\rachel\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-07] (Spotify Ltd)
HKU\S-1-5-21-3828471679-650921150-1557953286-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3828471679-650921150-1557953286-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3828471679-650921150-1557953286-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation)
HKU\S-1-5-21-3828471679-650921150-1557953286-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3828471679-650921150-1557953286-1001\...\Run: [BingSvc] => C:\Users\rachel\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-31] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3828471679-650921150-1557953286-1001\...\Run: [Spotify] => C:\Users\rachel\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-07] (Spotify Ltd)
HKU\S-1-5-21-3828471679-650921150-1557953286-1001\...\Policies\Explorer: [NoInternetIcon] 1
HKU\S-1-5-21-3828471679-650921150-1557953286-1001\...\MountPoints2: {9b35c7d6-c572-11e5-bf1d-008cfa220215} - "E:\HTC_Sync_Manager_PC.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{DE1958E0-EB87-42BC-9680-DB29BEF8D859}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3828471679-650921150-1557953286-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5J&ocid=SL5JDHP&osmkt=en-us
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3828471679-650921150-1557953286-1001 -> {23ACBB71-0018-4987-A555-9D5CB1EDF0DA} URL =
SearchScopes: HKU\S-1-5-21-3828471679-650921150-1557953286-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name -> {8113db48-904f-4584-b70d-29f707690b6a} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: No Name -> {8113db48-904f-4584-b70d-29f707690b6a} -> No File
BHO-x32: No Name -> {9c480543-3190-4476-90b6-97b4a2f6be66} -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-12-20] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-12-20] (Google Inc.)
Toolbar: HKLM - No Name - {56e32636-e2b8-4b04-9a97-60581dd90f51} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-12-20] (Google Inc.)
Toolbar: HKLM-x32 - No Name - {56e32636-e2b8-4b04-9a97-60581dd90f51} -  No File
Toolbar: HKU\S-1-5-21-3828471679-650921150-1557953286-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-12-20] (Google Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer 11\iexplorer.exe
FireFox:
========
FF ProfilePath: C:\Users\rachel\AppData\Roaming\Mozilla\Firefox\Profiles\8a3gsxba.default
FF DefaultSearchEngine: Yahoo
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com/?pc=SL5J&ocid=SL5JDHP&osmkt=en-us
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SL5JDF&PC=SL5J&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-09-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-09-30] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\rachel\AppData\Roaming\Mozilla\Firefox\Profiles\8a3gsxba.default\searchplugins\bing-.xml [2015-12-31]
FF Extension: ArcadeParlor - C:\Users\rachel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2013-09-30] [not signed]
FF Extension: Bing Search - C:\Users\rachel\AppData\Roaming\Mozilla\Firefox\Profiles\8a3gsxba.default\Extensions\bingsearch.full@microsoft.com.xpi [2015-12-31]
FF Extension: Toshiba Defaults - C:\Users\rachel\AppData\Roaming\Mozilla\Firefox\Profiles\8a3gsxba.default\Extensions\defaults@toshiba.com [2015-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-3828471679-650921150-1557953286-1001\...\Firefox\Extensions: [{AAB8C196-B829-7008-9494-5F4DDFEC16B7}] - C:\Program Files (x86)\ver3BlockAndSurf\187.xpi => not found
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bing) - C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-06-14]
CHR Extension: (RealDownloader) - C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2016-06-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-14]
CHR Extension: (__MSG_extName__) - C:\ProgramData\Google\Extensions\ytd [2016-06-04]
CHR HKU\S-1-5-21-3828471679-650921150-1557953286-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 FontCache_R1; C:\Program Files (x86)\Windows FontCache\R1\FontCache.exe [3751000 2015-04-07] (Hefei Hejunzhengce Info Tech Co., Ltd.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WindowsNTS_R10; C:\Program Files (x86)\Windows Network Services\v8\winnetwork.exe [3400192 2015-10-06] (@Microsoft Corporation) [File not signed]
S2 cae99edb; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S1 ssnfd_1_10_0_5; system32\drivers\ssnfd_1_10_0_5.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-14 18:34 - 2016-06-14 18:35 - 00020248 _____ C:\Users\rachel\Downloads\FRST.txt
2016-06-14 18:34 - 2016-06-14 18:34 - 02385920 _____ (Farbar) C:\Users\rachel\Downloads\FRST64.exe
2016-06-14 18:34 - 2016-06-14 18:34 - 00000000 ____D C:\FRST
2016-06-14 18:33 - 2016-06-14 18:33 - 01736192 _____ (Farbar) C:\Users\rachel\Downloads\FRST (1).exe
2016-06-14 18:19 - 2016-06-14 18:21 - 01736192 _____ (Farbar) C:\Users\rachel\Downloads\FRST.exe
2016-06-14 18:01 - 2016-06-14 18:01 - 00003618 _____ C:\WINDOWS\System32\Tasks\RNUpgradeHelperResumePrompt_rachel
2016-06-14 18:01 - 2016-06-14 18:01 - 00003500 _____ C:\WINDOWS\System32\Tasks\ReclaimerUpdateFiles_rachel
2016-06-14 18:01 - 2016-06-14 18:01 - 00003494 _____ C:\WINDOWS\System32\Tasks\ReclaimerUpdateXML_rachel
2016-06-14 18:01 - 2016-06-14 18:01 - 00003208 _____ C:\WINDOWS\System32\Tasks\RNUpgradeHelperLogonPrompt_rachel
2016-06-14 11:53 - 2016-06-14 11:53 - 00003312 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3828471679-650921150-1557953286-1001
2016-06-14 11:51 - 2016-06-14 11:51 - 00003366 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3828471679-650921150-1557953286-1001
2016-06-06 11:33 - 2016-06-14 12:04 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-06-06 11:32 - 2016-06-14 12:04 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-06 11:32 - 2016-06-06 11:32 - 00001997 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-06-06 11:32 - 2016-06-06 11:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-26 14:06 - 2016-05-26 14:06 - 00987728 _____ (Google Inc.) C:\Users\rachel\Downloads\ChromeSetup (1).exe
2016-05-19 19:59 - 2016-05-11 16:08 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-19 19:59 - 2016-05-11 16:08 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-19 11:17 - 2016-05-19 11:17 - 00116529 _____ C:\Users\rachel\Downloads\Untitleddocument(1).pdf
2016-05-19 11:15 - 2016-05-19 11:15 - 00116530 _____ C:\Users\rachel\Downloads\Untitleddocument (1).pdf
2016-05-19 11:14 - 2016-05-19 11:14 - 00116529 _____ C:\Users\rachel\Downloads\Untitleddocument.pdf
2016-05-19 08:21 - 2016-06-04 12:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-15 16:12 - 2016-03-10 13:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsparse.dll
2016-05-15 16:12 - 2016-03-10 12:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsparse.dll
2016-05-15 16:12 - 2016-03-05 13:44 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-15 16:12 - 2016-03-05 13:04 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-15 16:12 - 2016-02-27 14:28 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-05-15 16:12 - 2016-02-27 13:57 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-05-15 16:12 - 2016-02-27 13:19 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-05-15 16:12 - 2016-02-27 12:32 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-05-15 16:11 - 2016-03-15 21:58 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-05-15 16:11 - 2016-03-15 21:58 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-05-15 16:11 - 2016-03-14 12:50 - 00316760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-05-15 16:11 - 2016-03-11 20:49 - 02466136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-05-15 16:11 - 2016-03-11 20:47 - 00160160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2016-05-15 16:11 - 2016-03-11 20:47 - 00121912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2016-05-15 16:11 - 2016-03-10 12:55 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-05-15 16:11 - 2016-03-10 12:52 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-05-15 16:11 - 2016-03-10 12:42 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-05-15 13:24 - 2016-04-22 16:54 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-15 13:24 - 2016-04-22 16:06 - 20349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-15 13:24 - 2016-04-22 15:19 - 15414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-15 13:24 - 2016-03-31 02:50 - 01307328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-15 13:24 - 2016-03-30 23:40 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-15 13:23 - 2016-04-22 16:15 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-15 13:23 - 2016-04-22 16:14 - 02893312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-15 13:23 - 2016-04-22 16:08 - 06052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-15 13:23 - 2016-04-22 16:00 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-15 13:23 - 2016-04-22 15:35 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-15 13:23 - 2016-04-22 15:29 - 02285568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-15 13:23 - 2016-04-22 15:24 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-05-15 13:23 - 2016-04-22 15:23 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-15 13:23 - 2016-04-22 15:17 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-05-15 13:23 - 2016-04-22 15:14 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-05-15 13:23 - 2016-04-22 15:14 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-05-15 13:23 - 2016-04-22 15:14 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-05-15 13:23 - 2016-04-22 15:12 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-05-15 13:23 - 2016-04-22 14:58 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-15 13:23 - 2016-04-22 14:58 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-05-15 13:23 - 2016-04-22 14:54 - 13811200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-15 13:23 - 2016-04-22 14:53 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-05-15 13:23 - 2016-04-22 14:52 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-05-15 13:23 - 2016-04-22 14:52 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-05-15 13:23 - 2016-04-22 14:52 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-05-15 13:23 - 2016-04-22 14:51 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-05-15 13:23 - 2016-04-22 14:40 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-15 13:23 - 2016-04-22 14:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-05-15 13:23 - 2016-04-22 14:27 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-05-15 13:23 - 2016-04-22 14:24 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-15 13:23 - 2016-04-22 14:23 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-05-15 13:23 - 2016-04-10 00:21 - 01763376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-15 13:23 - 2016-04-10 00:21 - 01489088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-15 13:23 - 2016-04-09 17:58 - 00534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-15 13:23 - 2016-04-09 17:50 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-15 13:23 - 2016-04-06 17:13 - 00561960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-05-15 13:23 - 2016-04-06 17:13 - 00137976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-05-15 13:23 - 2016-04-06 14:20 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-05-15 13:23 - 2016-04-06 14:19 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-05-15 13:23 - 2016-04-06 14:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-05-15 13:23 - 2016-04-06 13:49 - 00120384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-05-15 13:23 - 2016-04-06 13:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-05-15 13:23 - 2016-04-06 12:57 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-05-15 13:23 - 2016-04-06 12:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-15 13:23 - 2016-04-06 12:20 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-05-15 13:23 - 2016-04-06 11:48 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-15 13:23 - 2016-03-28 21:42 - 07446368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-15 13:22 - 2016-04-10 03:48 - 00738096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-15 13:22 - 2016-04-10 03:48 - 00613624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-15 13:22 - 2016-04-10 00:14 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-15 13:22 - 2016-04-09 19:29 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-05-15 13:22 - 2016-04-09 18:07 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-15 13:21 - 2016-04-10 01:37 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-15 13:20 - 2016-04-11 02:21 - 00074584 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-14 18:06 - 2013-09-30 16:35 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-14 18:01 - 2015-03-01 19:59 - 00000000 ____D C:\Users\rachel\AppData\Roaming\Skype
2016-06-14 18:01 - 2013-09-11 19:04 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A325AC5E-F12E-4C47-A6C6-D58E2EA84225}
2016-06-14 15:06 - 2013-09-30 16:34 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-14 14:54 - 2016-02-28 21:29 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-14 12:08 - 2013-08-01 00:09 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3828471679-650921150-1557953286-1001
2016-06-14 11:57 - 2014-09-24 03:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-14 11:57 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-06-14 11:55 - 2014-01-13 19:48 - 00000000 ____D C:\Users\rachel\AppData\Roaming\Spotify
2016-06-14 11:52 - 2014-12-28 20:03 - 00000000 ___DO C:\Users\rachel\OneDrive
2016-06-14 11:50 - 2014-01-13 19:48 - 00000000 ____D C:\Users\rachel\AppData\Local\Spotify
2016-06-14 11:49 - 2014-12-28 18:34 - 00000000 ____D C:\Users\rachel
2016-06-14 11:49 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-11 13:06 - 2016-03-06 10:33 - 00003290 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3828471679-650921150-1557953286-1001
2016-06-11 13:06 - 2016-03-06 10:32 - 00003344 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3828471679-650921150-1557953286-1001
2016-06-08 07:52 - 2013-09-07 12:02 - 00000000 ____D C:\Users\rachel\AppData\Local\Adobe
2016-06-06 11:32 - 2012-09-07 00:48 - 00000000 ____D C:\ProgramData\Adobe
2016-06-04 13:35 - 2015-09-13 15:08 - 00002485 ____R C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-04 13:35 - 2012-09-07 01:13 - 00000000 ____D C:\ProgramData\Google
2016-06-04 12:48 - 2015-12-31 20:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-04 12:45 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\Registration
2016-06-04 00:25 - 2015-10-30 05:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-06-04 00:25 - 2014-12-28 18:34 - 00038103 _____ C:\WINDOWS\diagwrn.xml
2016-06-04 00:25 - 2014-12-28 18:34 - 00038103 _____ C:\WINDOWS\diagerr.xml
2016-06-04 00:24 - 2014-12-28 21:17 - 00000000 ___DC C:\WINDOWS\Panther
2016-06-03 22:48 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-01 21:05 - 2013-08-08 11:50 - 00000000 ____D C:\Users\rachel\AppData\Local\CrashDumps
2016-05-30 10:08 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-26 09:06 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-26 09:04 - 2015-04-04 09:14 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-05-26 09:04 - 2015-04-04 09:14 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-05-26 08:11 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2016-05-25 15:44 - 2016-04-17 11:41 - 00000000 ____D C:\Users\rachel\Desktop\my resume
2016-05-19 19:57 - 2013-08-22 10:44 - 00337840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-19 19:54 - 2013-08-22 09:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-05-19 19:52 - 2015-01-08 23:25 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-19 19:51 - 2014-09-24 02:53 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-19 07:52 - 2013-08-15 21:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-18 20:41 - 2013-08-08 13:25 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-15 13:54 - 2016-02-28 21:29 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-05-15 13:21 - 2016-04-17 21:13 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-15 13:21 - 2016-04-17 21:13 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-05-15 13:21 - 2016-04-17 21:13 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-05-15 13:21 - 2016-04-17 21:13 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-15 13:21 - 2016-04-17 21:13 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-05-15 13:21 - 2016-04-17 21:13 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-05-15 13:21 - 2016-04-17 21:13 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
==================== Files in the root of some directories =======
2015-02-23 19:13 - 2015-05-17 11:47 - 0000020 _____ () C:\Users\rachel\AppData\Roaming\appdataFr3.bin
2013-12-18 23:09 - 2015-02-26 19:39 - 0000192 _____ () C:\Users\rachel\AppData\Roaming\WB.CFG
2015-02-23 19:38 - 2015-02-23 19:38 - 0000010 _____ () C:\Users\rachel\AppData\Local\DSI.DAT
2015-02-03 19:46 - 2015-02-03 19:46 - 0613057 _____ (CMI Limited) C:\Users\rachel\AppData\Local\nsj47C1.tmp
Some files in TEMP:
====================
C:\Users\rachel\AppData\Local\Temp\BingSvc.exe
C:\Users\rachel\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\rachel\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\rachel\AppData\Local\Temp\DefaultPack.EXE
C:\Users\rachel\AppData\Local\Temp\lowproc.exe
C:\Users\rachel\AppData\Local\Temp\Quarantine.exe
C:\Users\rachel\AppData\Local\Temp\rnsetup0.exe
C:\Users\rachel\AppData\Local\Temp\rnsetup1.exe
C:\Users\rachel\AppData\Local\Temp\rnsetup2.exe
C:\Users\rachel\AppData\Local\Temp\rnsetup3.exe
C:\Users\rachel\AppData\Local\Temp\rnsetup4.exe
C:\Users\rachel\AppData\Local\Temp\sqlite3.dll
C:\Users\rachel\AppData\Local\Temp\stubhelper.dll

==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-14 12:08
==================== End of FRST.txt ============================
 

Ran by rachel (2016-06-14 18:36:11)
Running from C:\Users\rachel\Downloads
Windows 8.1 (Update) (X64) (2014-12-28 23:57:10)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-3828471679-650921150-1557953286-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3828471679-650921150-1557953286-501 - Limited - Enabled) => C:\Users\Guest
rachel (S-1-5-21-3828471679-650921150-1557953286-1001 - Administrator - Enabled) => C:\Users\rachel
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C4152B0B-1B9B-51E7-068A-800FCE6D792D}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CWA Reminder by We-Care.com v4.1.22.3 (HKLM-x32\...\{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}) (Version: 4.1.22.3 - We-Care.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Chrome (HKLM-x32\...\Google Chrome_is1) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Internet Explorer 11 (HKLM-x32\...\{66732EEE-ECBC-4CA6-A474-1122}_is1) (Version:  - Microsoft Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3828471679-650921150-1557953286-1001\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6414 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0013 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07AF4D0C-842E-4462-9001-7A1B04D2FC7E} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe <==== ATTENTION
Task: {080688EF-C83B-43A7-8464-9CE978336C5A} - System32\Tasks\HDNINSTSCHD => C:\WINDOWS\PCBHDNW\hdnInstaller.exe <==== ATTENTION
Task: {0C1A956B-64CB-4E24-8B6B-A45710B4BE74} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {11313118-646B-4707-8665-DD28ADEC09ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {262AF14C-F11C-4098-A427-2286A52F48CB} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3828471679-650921150-1557953286-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {269D2528-9B11-4233-B093-6C0F2F817E8C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3828471679-650921150-1557953286-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {35AECD36-ED25-4B7C-9E5F-0F3EDDCFBDAC} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe <==== ATTENTION
Task: {3B6EA84C-7722-41BD-80B5-D6AFCF2B7D76} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-15] (Adobe Systems Incorporated)
Task: {3BE46402-ACD9-4184-9F4C-4DF31AD12D6D} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\HomeTab\WBrokerHandler.exe <==== ATTENTION
Task: {4C1BAA9F-D246-4C15-831D-30E6FD9FC222} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {4E5D0CA4-4BC9-4706-AC1F-0A63DA38E4DB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {51DEA08D-E6B3-44BF-BB2A-346C85070AF2} - System32\Tasks\RNUpgradeHelperLogonPrompt_rachel => C:\Users\rachel\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.03\agent\rnupgagent.exe [2016-06-14] (RealNetworks, Inc.)
Task: {5B112812-BDCF-4F6B-93C0-E461D0CF9899} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-18] (Microsoft Corporation)
Task: {613C8501-AE8A-4ACC-B19B-75B7A9C5681F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {623C68ED-3DBC-4374-B863-A9B8735085D1} - System32\Tasks\IEError => C:\Program Files (x86)\Tuneup computer\Popialert.exe
Task: {62B0BB6D-F8A9-420C-8DE1-FE6CB9B1E4B8} - System32\Tasks\ReclaimerUpdateXML_rachel => C:\Users\rachel\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.03\agent\rnupgagent.exe [2016-06-14] (RealNetworks, Inc.)
Task: {6420830C-6EDB-49B4-AC2C-88813C4F1D3F} - System32\Tasks\boosterpop => C:\Program Files (x86)\Tuneup computer\Probsalert.exe
Task: {66C08AB2-2C52-4EE0-B476-8B8DF0A87A32} - System32\Tasks\avaxvavya => C:\Users\rachel\AppData\Local\avaxvavya\avaxvavya.exe <==== ATTENTION
Task: {6AEF86F1-6ADB-4F3F-AE6A-4EBA6A51638C} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Tuneup computer\updater.exe
Task: {6ED9E5A5-74EC-40CA-B689-96408E9E0E38} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3828471679-650921150-1557953286-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {762B9C17-E704-43C1-ABDB-96E199CB59FF} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {80882261-0711-4CFF-A3F7-9A1F90C39442} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {91C02209-6572-4510-9277-24C3B8C9CDD3} - System32\Tasks\RNUpgradeHelperResumePrompt_rachel => C:\Users\rachel\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.03\agent\rnupgagent.exe [2016-06-14] (RealNetworks, Inc.)
Task: {A4B586A5-0EB9-46AD-8B57-5A26585F0040} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {B73F8521-7ED9-4946-8B87-644068CC264D} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\WSearchProtect.exe <==== ATTENTION
Task: {BBD69363-BBAD-49B4-AF8D-A9FDC45CB472} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3828471679-650921150-1557953286-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {BCE5C4A0-0BF2-4B9E-8944-4EE5EE1397D6} - \Browser Updater\Browser Updater -> No File <==== ATTENTION
Task: {BD02BBC7-0CCD-43C7-B5A9-121B40CED1C8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {C26114AD-EBAC-4AEE-BE1C-9A65303EC027} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {C2F704A9-DE66-4A48-89D1-A6DF006D886F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3828471679-650921150-1557953286-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CF4B52B9-626F-4D99-ADDC-D33596A812A9} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {D4FC49CB-4107-454B-A4A7-28EFA3B41B27} - System32\Tasks\ReclaimerUpdateFiles_rachel => C:\Users\rachel\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.03\agent\rnupgagent.exe [2016-06-14] (RealNetworks, Inc.)
Task: {D7E0E658-C953-4CA7-A84C-EC139B1B4A9A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {D9378434-CC7F-47DB-A36A-DB45B0546BC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {DADF5695-5141-4220-A062-2DD8FA575B9B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\rachel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Users\rachel\AppData\Local\Google\Chrome\Application\46.10.2479.1\chromer.exe (Google Inc.) ->  --load-extension="C:\ProgramData\Google\Extensions\ytd"
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\ProgramData\Google\Extensions\ytd"
==================== Loaded Modules (Whitelisted) ==============
2014-07-04 22:33 - 2014-07-04 22:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-08-13 22:13 - 2012-08-13 22:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2013-08-22 03:19 - 2013-08-22 02:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd
2016-05-28 18:53 - 2016-05-28 18:53 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\e2e1cd64b91b7395a96ebcde35a63a1c\Windows.Foundation.ni.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-23 19:36 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-23 19:36 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-23 19:36 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-23 19:36 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-23 19:36 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-03-13 22:05 - 2015-04-07 19:18 - 40506936 _____ () C:\Users\rachel\AppData\Roaming\Spotify\libcef.dll
2015-03-13 22:05 - 2015-04-07 19:18 - 01365560 _____ () C:\Users\rachel\AppData\Roaming\Spotify\libglesv2.dll
2015-03-13 22:05 - 2015-04-07 19:18 - 00219192 _____ () C:\Users\rachel\AppData\Roaming\Spotify\libegl.dll
2015-03-13 22:05 - 2015-03-13 22:05 - 09305656 _____ () C:\Users\rachel\AppData\Roaming\Spotify\pdf.dll
2015-03-13 22:05 - 2015-04-07 19:18 - 00990776 _____ () C:\Users\rachel\AppData\Roaming\Spotify\ffmpegsumo.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:AD022376 [147]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2016-04-13 20:28 - 00000857 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3828471679-650921150-1557953286-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\rachel\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\554887_457385930981499_2040076795_n.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "ospd_us_776"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{D2C40D68-F68D-4ECC-A923-C271ECD200C1}C:\users\rachel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rachel\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{8DB63697-08E4-4DE3-894C-0F07AB8C3068}C:\users\rachel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rachel\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2145F8B0-2A02-490D-BC92-1F7BD106C38E}C:\users\rachel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rachel\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6E988563-22C5-4B38-89FE-EA4B9627D95F}C:\users\rachel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rachel\appdata\roaming\spotify\spotify.exe
FirewallRules: [{12A7EF17-52B1-4433-9630-C893082DE7C2}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A9A27953-B202-4CCD-B7BC-292728E750DA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2FF66B84-6547-49C8-9E92-DC828A46ED79}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9DC3B069-7F92-45A0-8517-B77899A24E04}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F3156856-78D4-40FC-97DE-CBEBD7FC0873}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{140B793F-745E-44FF-99AD-66083BC3523A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{0F7812EE-19D9-4517-ADAB-248F4E6E6FC5}] => (Allow) LPort=1900
FirewallRules: [{6243A023-8B9C-4A2F-A4C1-53569B92F894}] => (Allow) LPort=2869
FirewallRules: [{C1FE97EC-B03D-48FF-94D5-E5FC0E1F9A37}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{E33E9995-A249-4FBD-9571-E8C1F38E937C}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{A8319C30-1C3E-4819-A766-D17734591B32}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{58617B2A-F7C1-4854-A76B-0966CAED7EB2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{630E2636-A7EF-47D7-8D40-D71257F67E1D}] => (Allow) C:\Users\rachel\AppData\Roaming\OAS\oas.exe
FirewallRules: [{D6DA8686-E0EA-44C3-99B1-C9CDE232B548}] => (Allow) C:\Program Files (x86)\Windows FontCache\R1\WmiPrvSD.exe
FirewallRules: [{D1F824F7-2C9D-4FB8-8115-158167A0AA3C}] => (Allow) C:\Program Files (x86)\Windows FontCache\R1\FontCache.exe
FirewallRules: [{DDBB3239-9E26-44D3-A50D-73B4B60101E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{03F05B06-F241-4822-A92C-BBF4EC44A820}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D6F05DA5-0A82-40B1-B050-0EE4EFA6CDB5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF6099CB-F5E7-479D-9460-942362DE99A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
26-05-2016 07:48:43 Scheduled Checkpoint
04-06-2016 14:20:44 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (06/14/2016 06:00:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2354375
Error: (06/14/2016 06:00:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2354375
Error: (06/14/2016 06:00:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/14/2016 11:51:36 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (06/14/2016 11:50:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RACHELSPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (06/14/2016 11:50:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: da0
Start Time: 01d1c6546e02abe3
Termination Time: 4294967295
Application Path: C:\WINDOWS\system32\wwahost.exe
Report Id: b5d83548-3247-11e6-bf37-008cfa220215
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.WindowsLive.Mail
Error: (06/14/2016 11:50:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: RACHELSPC)
Description: App microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Mail did not launch within its allotted time.
Error: (06/14/2016 11:50:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: RACHELSPC)
Description: Package microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe+ppleae38af2e007f4358a809ac99a64a67c1 was terminated because it took too long to suspend.
Error: (06/14/2016 11:50:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RACHELSPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (06/14/2016 11:50:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: RACHELSPC)
Description: App microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Mail did not launch within its allotted time.

System errors:
=============
Error: (06/14/2016 11:49:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SuperOptimizer Stats service to connect.
Error: (06/14/2016 11:49:05 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:17:56 PM on ‎6/‎12/‎2016 was unexpected.
Error: (06/11/2016 01:10:22 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Device Association Service service, but this action failed with the following error:
An instance of the service is already running.

Error: (06/11/2016 01:09:27 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Connection Broker service, but this action failed with the following error:
An instance of the service is already running.

Error: (06/11/2016 01:09:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (06/11/2016 01:09:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
Error: (06/11/2016 01:09:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (06/11/2016 01:09:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (06/11/2016 01:09:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (06/11/2016 01:09:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Network Connection Broker service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

==================== Memory info ===========================
Processor: AMD E2-1800 APU with Radeon™ HD Graphics
Percentage of memory in use: 41%
Total physical RAM: 3678.26 MB
Available physical RAM: 2161.18 MB
Total Virtual: 5470.26 MB
Available Virtual: 3441.75 MB
==================== Drives ================================
Drive c: (TI10653500D) (Fixed) (Total:455.08 GB) (Free:404.26 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:50 AM

Posted 14 June 2016 - 07:46 PM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello :)

Your logs show you have no anti-virus program installed on the machine. We will need to install one once the machine is clean to help prevent future infections. Having an anti-virus installed on the machine is crucial to protecting your computer.

Please let me know how the machine is running after following these steps. :thumbup2:


Step 1: Remove Spybot Search and Destroy

I see that you have Spybot Search & Destroy. We no longer recommend this product because of the poor testing results. I recommend uninstalling this program.

If you don't want to uninstall the program then you must at least disable Tea Timer while performing any of my instructions. You can re-enable it when we are all done.

Instructions for that are here.

If you do decide to uninstall the program, first Undo your immunization before uninstalling. You can do that by clicking the Undo button with Spybot S&D and then remove from Add/Remove programs.


Step 2: Chrome Reinstallation

Unfortunately, the malware infection has changed your Chrome browser into the Development Build. This greatly lowers the security of the browser and allows malware to install any extension it pleases. We need to resolve this immediately.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chromevia the Control Panel.
Note: When asked about user data or settings you must remove this also, so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome.
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.


Step 3: Fix with FRST

Note: Before performing this step, please move FRST64.exe from C:\Users\rachel\Downloads to the Desktop or the fix will not work. All tools must be run from the Desktop.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
Task: {07AF4D0C-842E-4462-9001-7A1B04D2FC7E} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe <==== ATTENTION
Task: {080688EF-C83B-43A7-8464-9CE978336C5A} - System32\Tasks\HDNINSTSCHD => C:\WINDOWS\PCBHDNW\hdnInstaller.exe <==== ATTENTION
Task: {35AECD36-ED25-4B7C-9E5F-0F3EDDCFBDAC} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe <==== ATTENTION
C:\Program Files (x86)\Portable WeatherApp
Task: {3BE46402-ACD9-4184-9F4C-4DF31AD12D6D} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\HomeTab\WBrokerHandler.exe <==== ATTENTION
C:\Program Files (x86)\HomeTab
Task: {66C08AB2-2C52-4EE0-B476-8B8DF0A87A32} - System32\Tasks\avaxvavya => C:\Users\rachel\AppData\Local\avaxvavya\avaxvavya.exe <==== ATTENTION
C:\Users\rachel\AppData\Local\avaxvavya
Task: {B73F8521-7ED9-4946-8B87-644068CC264D} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\WSearchProtect.exe <==== ATTENTION
Task: {BCE5C4A0-0BF2-4B9E-8944-4EE5EE1397D6} - \Browser Updater\Browser Updater -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:AD022376 [147]
HKLM-x32\...\Run: [ospd_us_776] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3828471679-650921150-1557953286-1001\...\MountPoints2: {9b35c7d6-c572-11e5-bf1d-008cfa220215} - "E:\HTC_Sync_Manager_PC.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKU\S-1-5-21-3828471679-650921150-1557953286-1001 -> {23ACBB71-0018-4987-A555-9D5CB1EDF0DA} URL =
BHO: No Name -> {8113db48-904f-4584-b70d-29f707690b6a} -> No File
BHO-x32: No Name -> {8113db48-904f-4584-b70d-29f707690b6a} -> No File
BHO-x32: No Name -> {9c480543-3190-4476-90b6-97b4a2f6be66} -> No File
Toolbar: HKLM - No Name - {56e32636-e2b8-4b04-9a97-60581dd90f51} - No File
Toolbar: HKLM-x32 - No Name - {56e32636-e2b8-4b04-9a97-60581dd90f51} - No File
FF HKU\S-1-5-21-3828471679-650921150-1557953286-1001\...\Firefox\Extensions: [{AAB8C196-B829-7008-9494-5F4DDFEC16B7}] - C:\Program Files (x86)\ver3BlockAndSurf\187.xpi => not found
CHR dev: Chrome dev build detected! <======= ATTENTION
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S1 ssnfd_1_10_0_5; system32\drivers\ssnfd_1_10_0_5.sys [X]
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 4: Junkware Removal Tool

junkware-removal-tool_zpspjolgpuh.png Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 5: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
  • Please Check the following options:
    • Reset Proxy Settings
    • Reset Winsock Settings
    • Reset TCP/IP Settings
    • Reset Firewall Settings
    • Reset IPSec Settings
    • Reset BITS Queue
    • Reset Internet Explorer Policies
    • Reset Chrome Policies
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\Adwcleaner
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

An update on how the machine is running.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 Flyingsushi

Flyingsushi
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 15 June 2016 - 08:28 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 8.1 x64
Ran by rachel (Administrator) on Tue 06/14/2016 at 22:03:23.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 15

Successfully deleted: C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ieadcoanfjloocmfafkebdnfefmohngj_0.localstorage (File)
Successfully deleted: C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lcnnhcneegeeojhgpfijnlnocjdmlaon_0.localstorage (File)
Successfully deleted: C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage (File)
Successfully deleted: C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage (File)
Successfully deleted: C:\Users\rachel\AppData\Roaming\tuneup computer (Folder)
Successfully deleted: C:\WINDOWS\launcher.exe (File)
Successfully deleted: C:\WINDOWS\system32\Tasks\AI_Updater (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\IEError (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\Users\rachel\AppData\Local\nsj47C1.tmp (File)
Successfully deleted: C:\Users\rachel\AppData\Roaming\appdataFr3.bin (File)
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARINSTALLER_UPDATE-0E55DEFA.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARMANAGER_F3B2E431-91187305.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-B25C45A8.pf (File)

 

Registry: 7

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{23ACBB71-0018-4987-A555-9D5CB1EDF0DA} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8113db48-904f-4584-b70d-29f707690b6a} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c480543-3190-4476-90b6-97b4a2f6be66} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8113db48-904f-4584-b70d-29f707690b6a} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c480543-3190-4476-90b6-97b4a2f6be66} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{56e32636-e2b8-4b04-9a97-60581dd90f51} (Registry Value)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/14/2016 at 22:07:03.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#4 Flyingsushi

Flyingsushi
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 15 June 2016 - 08:30 PM

Start

 

CreateRestorePoint:

 

CloseProcesses:

 

Task: {07AF4D0C-842E-4462-9001-7A1B04D2FC7E} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe <==== ATTENTION

 

Task: {080688EF-C83B-43A7-8464-9CE978336C5A} - System32\Tasks\HDNINSTSCHD => C:\WINDOWS\PCBHDNW\hdnInstaller.exe <==== ATTENTION

 

Task: {35AECD36-ED25-4B7C-9E5F-0F3EDDCFBDAC} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe <==== ATTENTION

 

C:\Program Files (x86)\Portable WeatherApp

 

Task: {3BE46402-ACD9-4184-9F4C-4DF31AD12D6D} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\HomeTab\WBrokerHandler.exe <==== ATTENTION

 

C:\Program Files (x86)\HomeTab

 

Task: {66C08AB2-2C52-4EE0-B476-8B8DF0A87A32} - System32\Tasks\avaxvavya => C:\Users\rachel\AppData\Local\avaxvavya\avaxvavya.exe <==== ATTENTION

 

C:\Users\rachel\AppData\Local\avaxvavya

 

Task: {B73F8521-7ED9-4946-8B87-644068CC264D} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\WSearchProtect.exe <==== ATTENTION

 

Task: {BCE5C4A0-0BF2-4B9E-8944-4EE5EE1397D6} - \Browser Updater\Browser Updater -> No File <==== ATTENTION

 

AlternateDataStreams: C:\ProgramData\TEMP:AD022376 [147]

 

HKLM-x32\...\Run: [ospd_us_776] => [X]

 

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

 

HKU\S-1-5-21-3828471679-650921150-1557953286-1001\...\MountPoints2: {9b35c7d6-c572-11e5-bf1d-008cfa220215} - "E:\HTC_Sync_Manager_PC.exe"

 

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File

 

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File

 

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

 

ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File

 

ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File

 

ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

 

GroupPolicy: Restriction - Chrome <======= ATTENTION

 

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

 

SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =

 

SearchScopes: HKU\S-1-5-21-3828471679-650921150-1557953286-1001 -> {23ACBB71-0018-4987-A555-9D5CB1EDF0DA} URL =

 

BHO: No Name -> {8113db48-904f-4584-b70d-29f707690b6a} -> No File

 

BHO-x32: No Name -> {8113db48-904f-4584-b70d-29f707690b6a} -> No File

 

BHO-x32: No Name -> {9c480543-3190-4476-90b6-97b4a2f6be66} -> No File

 

Toolbar: HKLM - No Name - {56e32636-e2b8-4b04-9a97-60581dd90f51} - No File

 

Toolbar: HKLM-x32 - No Name - {56e32636-e2b8-4b04-9a97-60581dd90f51} - No File

 

FF HKU\S-1-5-21-3828471679-650921150-1557953286-1001\...\Firefox\Extensions: [{AAB8C196-B829-7008-9494-5F4DDFEC16B7}] - C:\Program Files (x86)\ver3BlockAndSurf\187.xpi => not found

 

CHR dev: Chrome dev build detected! <======= ATTENTION

 

S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

 

S1 ssnfd_1_10_0_5; system32\drivers\ssnfd_1_10_0_5.sys [X]

 

CMD: netsh advfirewall reset

 

CMD: netsh advfirewall set allprofiles state on

 

CMD: ipconfig /flushdns

 

Emptytemp:

 

End



#5 Flyingsushi

Flyingsushi
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 15 June 2016 - 08:33 PM

# AdwCleaner v5.200 - Logfile created 14/06/2016 at 22:38:02

 

# Updated 14/06/2016 by ToolsLib

 

# Database : 2016-06-14.1 [Server]

 

# Operating system : Windows 8.1  (X64)

 

# Username : rachel - RACHELSPC

 

# Running from : C:\Users\rachel\Downloads\AdwCleaner (4).exe

 

# Option : Scan

 

# Support : https://toolslib.net/forum

 

 

***** [ Services ] *****

 

 

 

***** [ Folders ] *****

 

 

Folder Found : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion

 

Folder Found : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion

 

Folder Found : C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd

 

 

***** [ Files ] *****

 

 

File Found : C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocifcogajbgikalbpphmoedjlcfjkhgh

 

File Found : C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_best.utop.it_0.localstorage

 

File Found : C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_best.utop.it_0.localstorage-journal

 

File Found : C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage

 

File Found : C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal

 

File Found : C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_best.utop.it_0.localstorage

 

File Found : C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_best.utop.it_0.localstorage-journal

 

File Found : C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_land.pckeeper.software_0.localstorage

 

File Found : C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_land.pckeeper.software_0.localstorage-journal

 

File Found : C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage

 

File Found : C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage-journal

 

 

***** [ DLL ] *****

 

 

 

***** [ WMI ] *****

 

 

 

***** [ Shortcuts ] *****

 

 

 

***** [ Scheduled tasks ] *****

 

 

Task Found : Browser Updater\Browser Updater

 

 

***** [ Registry ] *****

 

 

Key Found : HKLM\SOFTWARE\Classes\AppID\wdapimng.exe

 

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater

 

Key Found : HKLM\SOFTWARE\231e7b55-c796-7e83-bf88-9f55b9ce4f05

 

Key Found : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd

 

Key Found : HKCU\Software\Classes\PepperZip

 

Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector

 

Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1

 

Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib

 

Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1

 

Key Found : HKLM\SOFTWARE\Classes\Sample.BrowserHandler

 

Key Found : HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1

 

Key Found : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample

 

Key Found : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1

 

Key Found : HKLM\SOFTWARE\Classes\WAPIBroker.APIBroker

 

Key Found : HKLM\SOFTWARE\Classes\WAPIBroker.APIBroker.1

 

Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar

 

Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1

 

Key Found : HKU\S-1-5-21-3828471679-650921150-1557953286-1001\Software\Classes\PepperZip

 

Key Found : HKLM\SOFTWARE\Classes\AppID\{8F0B965A-009F-4046-8596-1B104841FD88}

 

Key Found : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}

 

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}

 

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}

 

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}

 

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4BEF720-313C-420A-ACF6-77DD95D8F553}

 

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

 

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}]

 

Key Found : HKCU\Software\APN PIP

 

Key Found : HKCU\Software\Corez

 

Key Found : HKCU\Software\Yahoo\Companion

 

Key Found : HKCU\Software\Yahoo\YFriendsBar

 

Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion

 

Key Found : HKLM\SOFTWARE\Yahoo\Companion

 

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}

 

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU

 

Key Found : HKU\.DEFAULT\Software\Yahoo\Companion

 

Key Found : HKU\.DEFAULT\Software\Yahoo\YFriendsBar

 

Key Found : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

 

Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion

 

Key Found : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_

 

Key Found : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer

 

Key Found : HKU\S-1-5-21-3828471679-650921150-1557953286-1001\Software\APN PIP

 

Key Found : HKU\S-1-5-21-3828471679-650921150-1557953286-1001\Software\Corez

 

Key Found : HKU\S-1-5-21-3828471679-650921150-1557953286-1001\Software\Yahoo\Companion

 

Key Found : HKU\S-1-5-21-3828471679-650921150-1557953286-1001\Software\Yahoo\YFriendsBar

 

Key Found : HKU\S-1-5-21-3828471679-650921150-1557953286-1001\Software\AppDataLow\Software\Yahoo\Companion

 

Key Found : HKU\S-1-5-21-3828471679-650921150-1557953286-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer

 

Key Found : HKU\S-1-5-18\Software\Yahoo\Companion

 

Key Found : HKU\S-1-5-18\Software\Yahoo\YFriendsBar

 

Key Found : HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

 

Key Found : HKU\S-1-5-18\Software\AppDataLow\Software\Yahoo\Companion

 

Key Found : HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_

 

Key Found : HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer

 

Data Found : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI [] - hxxp://search.certified-toolbar.com?si=85023&st=bs&tid=29472&ver=7.3&ts=1423006336452&tguid=85023-29472-1423006336452-793C0DA2721019256B8A104298DBF907&q=%s

 

Data Found : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [] - hxxp://search.certified-toolbar.com?si=85023&st=bs&tid=29472&ver=7.3&ts=1423006336452&tguid=85023-29472-1423006336452-793C0DA2721019256B8A104298DBF907&q=%s

 

Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [mobilegeni daemon]

 

Value Found : HKU\S-1-5-21-3828471679-650921150-1557953286-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Optimizer Pro]

 

Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [SmartWeb]

 

Value Found : HKU\S-1-5-21-3828471679-650921150-1557953286-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Super Optimizer]

 

Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [WinCheck]

 

 

***** [ Web browsers ] *****

 

 

[C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : homepage-web.com

 

[C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com

 

[C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

 

[C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fcfenmboojpjinhpgggodefccipikbpd

 

 

*************************

 

 

C:\AdwCleaner\AdwCleaner[R0].txt - [17203 bytes] - [01/03/2015 21:38:39]

 

C:\AdwCleaner\AdwCleaner[S0].txt - [17179 bytes] - [01/03/2015 21:43:13]

 

C:\AdwCleaner\AdwCleaner[S1].txt - [10728 bytes] - [14/06/2016 22:14:14]

 

C:\AdwCleaner\AdwCleaner[S2].txt - [10632 bytes] - [14/06/2016 22:38:02]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [10706 bytes] ##########



#6 Flyingsushi

Flyingsushi
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 15 June 2016 - 08:48 PM

The computer seems to be functioning better.  



#7 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:50 AM

Posted 15 June 2016 - 09:28 PM

Hello :)
 

The computer seems to be functioning better.

That's good news. :)

The FRST fix will need to be run again, as it looks as though you only posted the fixlist. Also, we'll need to run AdwCleaner again and remove the found items. :thumbup2:


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
Task: {07AF4D0C-842E-4462-9001-7A1B04D2FC7E} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe <==== ATTENTION
Task: {080688EF-C83B-43A7-8464-9CE978336C5A} - System32\Tasks\HDNINSTSCHD => C:\WINDOWS\PCBHDNW\hdnInstaller.exe <==== ATTENTION
Task: {35AECD36-ED25-4B7C-9E5F-0F3EDDCFBDAC} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe <==== ATTENTION
C:\Program Files (x86)\Portable WeatherApp
Task: {3BE46402-ACD9-4184-9F4C-4DF31AD12D6D} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\HomeTab\WBrokerHandler.exe <==== ATTENTION
C:\Program Files (x86)\HomeTab
Task: {66C08AB2-2C52-4EE0-B476-8B8DF0A87A32} - System32\Tasks\avaxvavya => C:\Users\rachel\AppData\Local\avaxvavya\avaxvavya.exe <==== ATTENTION
C:\Users\rachel\AppData\Local\avaxvavya
Task: {B73F8521-7ED9-4946-8B87-644068CC264D} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\WSearchProtect.exe <==== ATTENTION
Task: {BCE5C4A0-0BF2-4B9E-8944-4EE5EE1397D6} - \Browser Updater\Browser Updater -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:AD022376 [147]
HKLM-x32\...\Run: [ospd_us_776] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3828471679-650921150-1557953286-1001\...\MountPoints2: {9b35c7d6-c572-11e5-bf1d-008cfa220215} - "E:\HTC_Sync_Manager_PC.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKU\S-1-5-21-3828471679-650921150-1557953286-1001 -> {23ACBB71-0018-4987-A555-9D5CB1EDF0DA} URL =
BHO: No Name -> {8113db48-904f-4584-b70d-29f707690b6a} -> No File
BHO-x32: No Name -> {8113db48-904f-4584-b70d-29f707690b6a} -> No File
BHO-x32: No Name -> {9c480543-3190-4476-90b6-97b4a2f6be66} -> No File
Toolbar: HKLM - No Name - {56e32636-e2b8-4b04-9a97-60581dd90f51} - No File
Toolbar: HKLM-x32 - No Name - {56e32636-e2b8-4b04-9a97-60581dd90f51} - No File
FF HKU\S-1-5-21-3828471679-650921150-1557953286-1001\...\Firefox\Extensions: [{AAB8C196-B829-7008-9494-5F4DDFEC16B7}] - C:\Program Files (x86)\ver3BlockAndSurf\187.xpi => not found
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S1 ssnfd_1_10_0_5; system32\drivers\ssnfd_1_10_0_5.sys [X]
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Rerun AdwCleaner

adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
  • Please Check the following options:
    • Reset Proxy Settings
    • Reset Winsock Settings
    • Reset TCP/IP Settings
    • Reset Firewall Settings
    • Reset IPSec Settings
    • Reset BITS Queue
    • Reset Internet Explorer Policies
    • Reset Chrome Policies
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\Adwcleaner
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

AdwCleaner Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#8 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:50 AM

Posted 18 June 2016 - 06:43 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#9 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:50 AM

Posted 21 June 2016 - 05:34 PM

User returned.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#10 Flyingsushi

Flyingsushi
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 21 June 2016 - 06:42 PM

# AdwCleaner v5.200 - Logfile created 21/06/2016 at 17:35:21
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-21.2 [Server]
# Operating system : Windows 8.1  (X64)
# Username : rachel - RACHELSPC
# Running from : C:\Users\rachel\Downloads\AdwCleaner (5).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fcfenmboojpjinhpgggodefccipikbpd_0.localstorage
[-] File Deleted : C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fcfenmboojpjinhpgggodefccipikbpd_0.localstorage-journal
[-] File Deleted : C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocifcogajbgikalbpphmoedjlcfjkhgh
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\wdapimng.exe
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater
[-] Key Deleted : HKLM\SOFTWARE\231e7b55-c796-7e83-bf88-9f55b9ce4f05
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key Deleted : HKCU\Software\Classes\PepperZip
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WAPIBroker.APIBroker
[-] Key Deleted : HKLM\SOFTWARE\Classes\WAPIBroker.APIBroker.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8F0B965A-009F-4046-8596-1B104841FD88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}]
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\Corez
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[-] Key Deleted : HKU\S-1-5-21-3828471679-650921150-1557953286-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[-] Data Restored : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI []
[-] Data Restored : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl []
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [mobilegeni daemon]
[-] Value Deleted : HKU\S-1-5-21-3828471679-650921150-1557953286-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Optimizer Pro]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [SmartWeb]
[-] Value Deleted : HKU\S-1-5-21-3828471679-650921150-1557953286-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Super Optimizer]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [WinCheck]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\rachel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd
 
*************************
 
:: Proxy settings cleared
:: Winsock settings cleared
:: TCP/IP settings cleared
:: Firewall settings cleared
:: IPSec settings cleared
:: BITS queue cleared
:: IE policies deleted
:: Chrome policies deleted
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [8269 bytes] - [21/06/2016 17:35:21]
C:\AdwCleaner\AdwCleaner[R0].txt - [17203 bytes] - [01/03/2015 21:38:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [17179 bytes] - [01/03/2015 21:43:13]
C:\AdwCleaner\AdwCleaner[S1].txt - [10728 bytes] - [14/06/2016 22:14:14]
C:\AdwCleaner\AdwCleaner[S2].txt - [10802 bytes] - [14/06/2016 22:38:02]
C:\AdwCleaner\AdwCleaner[S3].txt - [9455 bytes] - [21/06/2016 17:07:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8711 bytes] ##########


#11 Flyingsushi

Flyingsushi
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 21 June 2016 - 06:43 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by rachel (2016-06-21 16:06:56) Run:1
Running from C:\Users\rachel\Desktop
Loaded Profiles: rachel (Available Profiles: rachel & Administrator & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Task: {07AF4D0C-842E-4462-9001-7A1B04D2FC7E} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe <==== ATTENTION
Task: {080688EF-C83B-43A7-8464-9CE978336C5A} - System32\Tasks\HDNINSTSCHD => C:\WINDOWS\PCBHDNW\hdnInstaller.exe <==== ATTENTION
Task: {35AECD36-ED25-4B7C-9E5F-0F3EDDCFBDAC} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe <==== ATTENTION
C:\Program Files (x86)\Portable WeatherApp
Task: {3BE46402-ACD9-4184-9F4C-4DF31AD12D6D} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\HomeTab\WBrokerHandler.exe <==== ATTENTION
C:\Program Files (x86)\HomeTab
Task: {66C08AB2-2C52-4EE0-B476-8B8DF0A87A32} - System32\Tasks\avaxvavya => C:\Users\rachel\AppData\Local\avaxvavya\avaxvavya.exe <==== ATTENTION
C:\Users\rachel\AppData\Local\avaxvavya
Task: {B73F8521-7ED9-4946-8B87-644068CC264D} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\WSearchProtect.exe <==== ATTENTION
Task: {BCE5C4A0-0BF2-4B9E-8944-4EE5EE1397D6} - \Browser Updater\Browser Updater -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:AD022376 [147]
HKLM-x32\...\Run: [ospd_us_776] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3828471679-650921150-1557953286-1001\...\MountPoints2: {9b35c7d6-c572-11e5-bf1d-008cfa220215} - "E:\HTC_Sync_Manager_PC.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKU\S-1-5-21-3828471679-650921150-1557953286-1001 -> {23ACBB71-0018-4987-A555-9D5CB1EDF0DA} URL =
BHO: No Name -> {8113db48-904f-4584-b70d-29f707690b6a} -> No File
BHO-x32: No Name -> {8113db48-904f-4584-b70d-29f707690b6a} -> No File
BHO-x32: No Name -> {9c480543-3190-4476-90b6-97b4a2f6be66} -> No File
Toolbar: HKLM - No Name - {56e32636-e2b8-4b04-9a97-60581dd90f51} - No File
Toolbar: HKLM-x32 - No Name - {56e32636-e2b8-4b04-9a97-60581dd90f51} - No File
FF HKU\S-1-5-21-3828471679-650921150-1557953286-1001\...\Firefox\Extensions: [{AAB8C196-B829-7008-9494-5F4DDFEC16B7}] - C:\Program Files (x86)\ver3BlockAndSurf\187.xpi => not found
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S1 ssnfd_1_10_0_5; system32\drivers\ssnfd_1_10_0_5.sys [X]
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07AF4D0C-842E-4462-9001-7A1B04D2FC7E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07AF4D0C-842E-4462-9001-7A1B04D2FC7E}" => key removed successfully
C:\WINDOWS\System32\Tasks\UPDTEXE4_WDR => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UPDTEXE4_WDR => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{080688EF-C83B-43A7-8464-9CE978336C5A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{080688EF-C83B-43A7-8464-9CE978336C5A}" => key removed successfully
C:\WINDOWS\System32\Tasks\HDNINSTSCHD => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDNINSTSCHD => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35AECD36-ED25-4B7C-9E5F-0F3EDDCFBDAC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35AECD36-ED25-4B7C-9E5F-0F3EDDCFBDAC}" => key removed successfully
C:\WINDOWS\System32\Tasks\IE_ERR4WDR => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IE_ERR4WDR => key not found. 
"C:\Program Files (x86)\Portable WeatherApp" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3BE46402-ACD9-4184-9F4C-4DF31AD12D6D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BE46402-ACD9-4184-9F4C-4DF31AD12D6D}" => key removed successfully
C:\WINDOWS\System32\Tasks\SystemSockets\SystemSockets => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemSockets\SystemSockets => key not found. 
"C:\Program Files (x86)\HomeTab" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66C08AB2-2C52-4EE0-B476-8B8DF0A87A32}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66C08AB2-2C52-4EE0-B476-8B8DF0A87A32} => key not found. 
C:\WINDOWS\System32\Tasks\avaxvavya => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaxvavya => key not found. 
"C:\Users\rachel\AppData\Local\avaxvavya" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B73F8521-7ED9-4946-8B87-644068CC264D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B73F8521-7ED9-4946-8B87-644068CC264D}" => key removed successfully
C:\WINDOWS\System32\Tasks\ProtectedSearch\Protected Search => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch\Protected Search => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BCE5C4A0-0BF2-4B9E-8944-4EE5EE1397D6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCE5C4A0-0BF2-4B9E-8944-4EE5EE1397D6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater\Browser Updater" => key removed successfully
C:\ProgramData\TEMP => ":AD022376" ADS removed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_776 => value not found.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found. 
"HKU\S-1-5-21-3828471679-650921150-1557953286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b35c7d6-c572-11e5-bf1d-008cfa220215}" => key removed successfully
HKCR\CLSID\{9b35c7d6-c572-11e5-bf1d-008cfa220215} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C} => key not found. 
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => key not found. 
"HKU\S-1-5-21-3828471679-650921150-1557953286-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23ACBB71-0018-4987-A555-9D5CB1EDF0DA}" => key removed successfully
HKCR\CLSID\{23ACBB71-0018-4987-A555-9D5CB1EDF0DA} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8113db48-904f-4584-b70d-29f707690b6a}" => key removed successfully
HKCR\CLSID\{8113db48-904f-4584-b70d-29f707690b6a} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8113db48-904f-4584-b70d-29f707690b6a} => key not found. 
HKCR\Wow6432Node\CLSID\{8113db48-904f-4584-b70d-29f707690b6a} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c480543-3190-4476-90b6-97b4a2f6be66} => key not found. 
HKCR\Wow6432Node\CLSID\{9c480543-3190-4476-90b6-97b4a2f6be66} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{56e32636-e2b8-4b04-9a97-60581dd90f51} => value removed successfully
HKCR\CLSID\{56e32636-e2b8-4b04-9a97-60581dd90f51} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{56e32636-e2b8-4b04-9a97-60581dd90f51} => value not found.
HKCR\Wow6432Node\CLSID\{56e32636-e2b8-4b04-9a97-60581dd90f51} => key not found. 
HKU\S-1-5-21-3828471679-650921150-1557953286-1001\Software\Mozilla\Firefox\Extensions\\{AAB8C196-B829-7008-9494-5F4DDFEC16B7} => value not found.
MBAMSwissArmy => service not found.
ssnfd_1_10_0_5 => service not found.
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 36295702 B
Java, Flash, Steam htmlcache => 41081 B
Windows/system/drivers => 309411288 B
Edge => 0 B
Chrome => 72541747 B
Firefox => 377838757 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 315367 B
systemprofile32 => 112457005 B
LocalService => 0 B
NetworkService => 0 B
rachel => 1258838699 B
Administrator => 12198 B
Guest => 13608 B
 
RecycleBin => 12173958 B
EmptyTemp: => 2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 16:13:15 ====


#12 Flyingsushi

Flyingsushi
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 21 June 2016 - 06:45 PM

The computer seems to be functioning fine but this is a laptop and for some reason the the mouse pad on the laptop has stopped working.  I have to use the wireless mouse now.  Remember, this is not my personal computer, I am trying to help someone and between our communication the computer was not with me.  

 

Thanks



#13 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:50 AM

Posted 21 June 2016 - 06:57 PM

The computer seems to be functioning fine but this is a laptop and for some reason the the mouse pad on the laptop has stopped working.  I have to use the wireless mouse now.  Remember, this is not my personal computer, I am trying to help someone and between our communication the computer was not with me.  
 
Thanks


That's good news. :thumbup2: We've got some further steps to ensure the machine is completely clear of malware. Some laptops have a switch near the mouse pad to turn it off and on. If it's still malfunctioning when we are done, we'll get the hardware techs to check it out. As for the delay, no problem. I'll not close the thread if it takes longer than 3 days to respond. :thumbup2:

Since it's been a few days, let's get a look with FRST to get some fresh data. If those logs look ok, we'll proceed with scanning for remnants on the machine.


Step 1: Fresh FRST Scans
  • Start Farbar's Recovery Scan Tool, place a check in the Addition.txt box and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST.txt Log

Addition.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#14 Flyingsushi

Flyingsushi
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 22 June 2016 - 06:22 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by rachel (2016-06-22 19:17:00)
Running from C:\Users\rachel\Desktop
Windows 8.1 (Update) (X64) (2014-12-28 23:57:10)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3828471679-650921150-1557953286-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3828471679-650921150-1557953286-501 - Limited - Enabled) => C:\Users\Guest
rachel (S-1-5-21-3828471679-650921150-1557953286-1001 - Administrator - Enabled) => C:\Users\rachel
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C4152B0B-1B9B-51E7-068A-800FCE6D792D}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Internet Explorer 11 (HKLM-x32\...\{66732EEE-ECBC-4CA6-A474-1122}_is1) (Version:  - Microsoft Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3828471679-650921150-1557953286-1001\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6414 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0013 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17323 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C1A956B-64CB-4E24-8B6B-A45710B4BE74} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {11313118-646B-4707-8665-DD28ADEC09ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-14] (Google Inc.)
Task: {262AF14C-F11C-4098-A427-2286A52F48CB} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3828471679-650921150-1557953286-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {2B3BF162-87AB-4F5A-AF55-E2ADB629A2CA} - System32\Tasks\ReclaimerUpdateFiles_rachel => C:\Users\rachel\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.03\agent\rnupgagent.exe [2016-06-14] (RealNetworks, Inc.)
Task: {2DD66883-ED5F-49EC-B31F-38E6C9809D3C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3828471679-650921150-1557953286-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {3B6EA84C-7722-41BD-80B5-D6AFCF2B7D76} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {45969A88-889D-41A1-B98A-EC310B486474} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3828471679-650921150-1557953286-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4C1BAA9F-D246-4C15-831D-30E6FD9FC222} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {4D4037B3-0C97-4A7F-AC21-F84A904E8C95} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3828471679-650921150-1557953286-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4E5D0CA4-4BC9-4706-AC1F-0A63DA38E4DB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {51DEA08D-E6B3-44BF-BB2A-346C85070AF2} - System32\Tasks\RNUpgradeHelperLogonPrompt_rachel => C:\Users\rachel\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.03\agent\rnupgagent.exe [2016-06-14] (RealNetworks, Inc.)
Task: {5B112812-BDCF-4F6B-93C0-E461D0CF9899} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-15] (Microsoft Corporation)
Task: {6420830C-6EDB-49B4-AC2C-88813C4F1D3F} - \boosterpop -> No File <==== ATTENTION
Task: {6FB8874C-3276-4E74-BF77-93B71E0F755E} - System32\Tasks\ReclaimerUpdateXML_rachel => C:\Users\rachel\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.03\agent\rnupgagent.exe [2016-06-14] (RealNetworks, Inc.)
Task: {762B9C17-E704-43C1-ABDB-96E199CB59FF} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {80882261-0711-4CFF-A3F7-9A1F90C39442} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {91C02209-6572-4510-9277-24C3B8C9CDD3} - System32\Tasks\RNUpgradeHelperResumePrompt_rachel => C:\Users\rachel\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.03\agent\rnupgagent.exe [2016-06-14] (RealNetworks, Inc.)
Task: {BD02BBC7-0CCD-43C7-B5A9-121B40CED1C8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {C08B2F65-200E-42C1-92AD-A9CA798638ED} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3828471679-650921150-1557953286-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C26114AD-EBAC-4AEE-BE1C-9A65303EC027} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {CF4B52B9-626F-4D99-ADDC-D33596A812A9} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {D9378434-CC7F-47DB-A36A-DB45B0546BC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-14] (Google Inc.)
Task: {DADF5695-5141-4220-A062-2DD8FA575B9B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-07-04 22:33 - 2014-07-04 22:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 22:13 - 2012-08-13 22:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2013-08-22 03:19 - 2013-08-22 02:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd
2016-05-28 18:53 - 2016-05-28 18:53 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\e2e1cd64b91b7395a96ebcde35a63a1c\Windows.Foundation.ni.dll
2015-07-02 20:32 - 2015-07-02 20:32 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2016-06-18 12:49 - 2016-06-15 04:26 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 12:49 - 2016-06-15 04:26 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-13 22:05 - 2015-04-07 19:18 - 40506936 _____ () C:\Users\rachel\AppData\Roaming\Spotify\libcef.dll
2015-03-13 22:05 - 2015-04-07 19:18 - 01365560 _____ () C:\Users\rachel\AppData\Roaming\Spotify\libglesv2.dll
2015-03-13 22:05 - 2015-04-07 19:18 - 00219192 _____ () C:\Users\rachel\AppData\Roaming\Spotify\libegl.dll
2015-03-13 22:05 - 2015-03-13 22:05 - 09305656 _____ () C:\Users\rachel\AppData\Roaming\Spotify\pdf.dll
2015-03-13 22:05 - 2015-04-07 19:18 - 00990776 _____ () C:\Users\rachel\AppData\Roaming\Spotify\ffmpegsumo.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2016-04-13 20:28 - 00000857 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3828471679-650921150-1557953286-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\rachel\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\554887_457385930981499_2040076795_n.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "ospd_us_776"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
04-06-2016 14:20:44 Scheduled Checkpoint
14-06-2016 22:03:27 JRT Pre-Junkware Removal
18-06-2016 12:50:54 Windows Update
21-06-2016 16:07:04 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/21/2016 05:38:45 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (06/21/2016 04:38:31 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (06/21/2016 04:07:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {1de38196-5ddc-4291-890a-b2ab936207a1}
 
Error: (06/21/2016 02:16:27 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108
 
Error: (06/21/2016 11:13:11 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (06/19/2016 01:56:55 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (06/18/2016 07:19:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9187
 
Error: (06/18/2016 07:19:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9187
 
Error: (06/18/2016 07:19:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/18/2016 04:07:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 16a4
 
Start Time: 01d1c99ae39c20c0
 
Termination Time: 140
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 38c5fc7c-3590-11e6-bf3d-008cfa220215
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (06/21/2016 05:35:49 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056 = An instance of the service is already running.
 
 
Error: (06/21/2016 05:35:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TPCH Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/21/2016 05:35:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/21/2016 05:35:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TMachInfo service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/21/2016 05:35:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (06/21/2016 05:35:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA eco Utility Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/21/2016 05:35:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA Optical Disc Drive Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/21/2016 05:35:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RealNetworks Downloader Resolver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/21/2016 05:35:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Font Cache Service (R1) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/21/2016 05:35:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: AMD E2-1800 APU with Radeon™ HD Graphics
Percentage of memory in use: 36%
Total physical RAM: 3678.26 MB
Available physical RAM: 2349.33 MB
Total Virtual: 5470.26 MB
Available Virtual: 3461.14 MB
 
==================== Drives ================================
 
Drive c: (TI10653500D) (Fixed) (Total:455.08 GB) (Free:405.85 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#15 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:50 AM

Posted 22 June 2016 - 08:36 PM

Hello :)

The Addition log looks good, only one item in there that needs removing. Please post the fresh FRST.txt log and we'll continue. It will be located on the Desktop

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.








0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users