Jump to content


Photo

Chrome not loading pages, they all become unresponsive


  • Please log in to reply
9 replies to this topic

#1 Kingjames305

Kingjames305

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 17 August 2016 - 07:54 PM

This morning chrome was working. I tried going to a web page and all of a sudden any site i go to becomes unresponsive and i have to kill it

 

i did some googling and saw to run https://www.google.c...l/thankyou.html

 

i have done so several times and that only fixes the problem for a few mins then its back to unresponsive pages.

 

norton is not detecting anything. im not really sure what i can do at this point

 

here are my logs


Edited by Kingjames305, 17 August 2016 - 07:57 PM.


#2 Kingjames305

Kingjames305

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 17 August 2016 - 07:54 PM

malware bytes

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/17/2016
Scan Time: 8:01 PM
Logfile: malware.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.08.17.14
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Jmaes

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316647
Time Elapsed: 32 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#3 Kingjames305

Kingjames305

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 17 August 2016 - 07:55 PM

frst

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-08-2016
Ran by Jmaes (administrator) on KINGJAMES305 (17-08-2016 20:39:29)
Running from C:\Users\Jmaes\Desktop
Loaded Profiles: Jmaes (Available Profiles: Jmaes)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
() C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
() C:\Program Files\Toshiba\Hotkey\Hotkey\TCrdKBB.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Mozilla Corporation) C:\Program Files (x86)\mozilla firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [402344 2016-01-07] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [601944 2015-08-14] (Conexant Systems, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKU\S-1-5-21-606174568-3190934056-102457006-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2990304 2013-10-30] (Nota Inc.)
HKU\S-1-5-21-606174568-3190934056-102457006-1001\...\Run: [GoogleChromeAutoLaunch_0795EB4778CE0BA83CF4AC4FBB612244] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [961352 2016-08-02] (Google Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4abf442a-b407-4a22-93dc-8bc7fd7b6c8e}: [DhcpNameServer] 40.40.1.201 40.40.1.203
Tcpip\..\Interfaces\{7f0202ed-1920-4c6a-9853-120232c7897b}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7f0202ed-1920-4c6a-9853-120232c7897b}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{83908101-9D7D-4EC8-AD82-A8E81A36568B}: [DhcpNameServer] 10.10.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-606174568-3190934056-102457006-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-606174568-3190934056-102457006-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
HKU\S-1-5-21-606174568-3190934056-102457006-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-606174568-3190934056-102457006-1001 -> {708AA1BA-78D9-4994-8692-63B7330E22B8} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-20] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-20] (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-20] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-20] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Jmaes\AppData\Roaming\Mozilla\Firefox\Profiles\4zzcvpji.default-1397737501560
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-17] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-606174568-3190934056-102457006-1001: @acestream.net/acestreamplugin,version=3.1.1 -> C:\Users\Jmaes\AppData\Roaming\ACEStream\player\npace_plugin.dll [2015-08-06] (Innovative Digital Technologies)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF Extension: Adblock Plus - C:\Users\Jmaes\AppData\Roaming\Mozilla\Firefox\Profiles\4zzcvpji.default-1397737501560\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-07-10]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF HKU\S-1-5-21-606174568-3190934056-102457006-1001\...\Firefox\Extensions: [acewebextension@acestream.org] - C:\Users\Jmaes\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension.xpi
FF Extension: Ace Stream Web Extension - C:\Users\Jmaes\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension.xpi [2015-11-10] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Jmaes\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jmaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Jmaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Jmaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\Jmaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Jmaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\Jmaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-01]
CHR Extension: (Norton Identity Safe) - C:\Users\Jmaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jmaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Jmaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Jmaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-17]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-04]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-606174568-3190934056-102457006-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-04]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (AS Magic Player) - C:\Users\Jmaes\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-09-29]
OPR Extension: (gera2ld) - C:\Users\Jmaes\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2016-08-14]
OPR Extension: (Adblock Plus) - C:\Users\Jmaes\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-08-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [435088 2013-07-02] (Nuance Communications, Inc.)
S2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2016-01-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\N360.exe [289080 2016-06-17] (Symantec Corporation)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2014-04-14] (The OpenVPN Project)
R2 SurfEasyVPN; C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe [3186360 2013-10-16] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160810.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1607000.04C\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160816.002\IDSvia64.sys [876760 2016-07-07] (Symantec Corporation)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49776 2014-07-25] (Visicom Media Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-17] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1607000.04C\SRTSP64.SYS [773368 2016-07-20] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1607000.04C\SRTSPX64.SYS [48888 2016-06-01] (Symantec Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-01] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1607000.04C\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-07-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1607000.04C\Ironx64.SYS [291056 2016-06-01] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1607000.04C\SYMNETS.SYS [567536 2016-06-01] (Symantec Corporation)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-01-14] (Anchorfree Inc.)
R3 tapse01; C:\Windows\System32\drivers\tapse01.sys [39608 2013-10-16] (The OpenVPN Project)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160706.008\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160706.008\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-17 20:39 - 2016-08-17 20:40 - 00023599 _____ C:\Users\Jmaes\Desktop\FRST.txt
2016-08-17 20:39 - 2016-08-17 20:39 - 00000000 ____D C:\FRST
2016-08-17 20:38 - 2016-08-17 20:38 - 00001041 _____ C:\Users\Jmaes\Desktop\malware.txt
2016-08-17 20:29 - 2016-08-17 20:38 - 02394624 _____ (Farbar) C:\Users\Jmaes\Desktop\FRST64.exe
2016-08-17 19:40 - 2016-08-17 19:40 - 22851472 _____ (Malwarebytes ) C:\Users\Jmaes\Desktop\mbam-setup-2.2.1.1043.exe
2016-08-11 11:56 - 2016-08-11 11:56 - 00086570 _____ C:\Users\Jmaes\Desktop\vw turn in confirmation.pdf
2016-08-11 07:22 - 2016-08-11 07:52 - 91145082 _____ C:\Users\Jmaes\Desktop\2Girls1708Stickam.sav321_xvid.avi
2016-08-10 19:56 - 2016-08-10 19:56 - 00279984 _____ C:\Users\Jmaes\Desktop\vw final invoice.pdf
2016-08-09 20:52 - 2016-08-03 06:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-09 20:52 - 2016-08-03 06:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-09 20:52 - 2016-08-03 05:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-09 20:52 - 2016-08-03 05:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-09 20:52 - 2016-08-03 05:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-09 20:52 - 2016-08-03 05:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-09 20:52 - 2016-08-03 05:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-09 20:52 - 2016-08-03 05:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-09 20:52 - 2016-08-03 05:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-09 20:52 - 2016-08-03 00:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-09 20:52 - 2016-08-03 00:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-09 20:52 - 2016-08-03 00:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-09 20:52 - 2016-08-03 00:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-09 20:51 - 2016-08-03 07:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-09 20:51 - 2016-08-03 07:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-09 20:51 - 2016-08-03 07:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-09 20:51 - 2016-08-03 06:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-09 20:51 - 2016-08-03 06:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-09 20:51 - 2016-08-03 06:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-09 20:51 - 2016-08-03 06:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-09 20:51 - 2016-08-03 06:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-09 20:51 - 2016-08-03 06:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-09 20:51 - 2016-08-03 06:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-09 20:51 - 2016-08-03 06:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-09 20:51 - 2016-08-03 06:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-09 20:51 - 2016-08-03 06:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-09 20:51 - 2016-08-03 06:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-09 20:51 - 2016-08-03 06:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-09 20:51 - 2016-08-03 06:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-09 20:51 - 2016-08-03 06:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-09 20:51 - 2016-08-03 06:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-09 20:51 - 2016-08-03 06:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-09 20:51 - 2016-08-03 06:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-09 20:51 - 2016-08-03 05:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-09 20:51 - 2016-08-03 05:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-09 20:51 - 2016-08-03 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-09 20:51 - 2016-08-03 05:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-09 20:51 - 2016-08-03 05:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-09 20:51 - 2016-08-03 05:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-09 20:51 - 2016-08-03 05:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-09 20:51 - 2016-08-03 05:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-09 20:51 - 2016-08-03 05:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-09 20:51 - 2016-08-03 05:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-09 20:51 - 2016-08-03 05:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-09 20:51 - 2016-08-03 05:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-09 20:51 - 2016-08-03 05:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-09 20:51 - 2016-08-03 05:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-09 20:51 - 2016-08-03 05:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-09 20:51 - 2016-08-03 05:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-09 20:51 - 2016-08-03 05:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-09 20:51 - 2016-08-03 05:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-09 20:51 - 2016-08-03 05:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-09 20:51 - 2016-08-03 05:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-09 20:51 - 2016-08-03 05:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-09 20:51 - 2016-08-03 05:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-09 20:51 - 2016-08-03 05:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-09 20:51 - 2016-08-03 05:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-09 20:51 - 2016-08-03 05:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-09 20:51 - 2016-08-03 05:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-09 20:51 - 2016-08-03 05:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-09 20:51 - 2016-08-03 05:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-09 20:51 - 2016-08-03 05:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-09 20:51 - 2016-08-03 05:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-09 20:51 - 2016-08-03 05:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-09 20:51 - 2016-08-03 05:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-09 20:51 - 2016-08-03 05:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-09 20:51 - 2016-08-03 05:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-09 20:51 - 2016-08-03 05:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-09 20:51 - 2016-08-03 05:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-09 20:51 - 2016-08-03 05:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-09 20:51 - 2016-08-03 05:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-09 20:51 - 2016-08-03 05:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-09 20:51 - 2016-08-03 05:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-09 20:51 - 2016-08-03 05:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-09 20:51 - 2016-08-03 05:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-09 20:51 - 2016-08-03 05:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-09 20:51 - 2016-08-03 01:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-09 20:51 - 2016-08-03 01:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-09 20:51 - 2016-08-03 01:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-09 20:51 - 2016-08-03 01:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-09 20:51 - 2016-08-03 01:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-09 20:51 - 2016-08-03 01:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-09 20:51 - 2016-08-03 01:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-09 20:51 - 2016-08-03 01:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-09 20:51 - 2016-08-03 01:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-09 20:51 - 2016-08-03 01:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-09 20:51 - 2016-08-03 00:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-09 20:51 - 2016-08-03 00:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-09 20:51 - 2016-08-03 00:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-09 20:51 - 2016-08-03 00:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-09 20:51 - 2016-08-03 00:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-09 20:51 - 2016-08-03 00:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-09 20:51 - 2016-08-03 00:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-09 20:51 - 2016-08-03 00:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-09 20:51 - 2016-08-03 00:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-09 20:51 - 2016-08-03 00:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-09 20:51 - 2016-08-03 00:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-09 20:51 - 2016-08-03 00:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-09 20:51 - 2016-08-03 00:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-09 20:51 - 2016-08-03 00:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-09 20:51 - 2016-08-03 00:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-09 20:51 - 2016-08-03 00:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-09 20:51 - 2016-08-03 00:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-09 20:51 - 2016-08-03 00:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-09 20:51 - 2016-08-03 00:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-09 20:51 - 2016-08-03 00:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-09 20:51 - 2016-08-03 00:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-09 20:51 - 2016-08-03 00:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-09 20:51 - 2016-08-03 00:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-09 20:51 - 2016-08-03 00:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-09 20:51 - 2016-08-03 00:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-09 20:51 - 2016-08-03 00:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-09 20:50 - 2016-08-03 06:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-09 20:50 - 2016-08-03 06:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-09 20:50 - 2016-08-03 06:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-09 20:50 - 2016-08-03 06:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-09 20:50 - 2016-08-03 05:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-09 20:50 - 2016-08-03 05:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-09 20:50 - 2016-08-03 05:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-09 20:50 - 2016-08-03 05:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-09 20:50 - 2016-08-03 05:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-09 20:50 - 2016-08-03 05:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-09 20:50 - 2016-08-03 05:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-09 20:50 - 2016-08-03 05:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-09 20:50 - 2016-08-03 05:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-09 20:50 - 2016-08-03 05:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-09 20:50 - 2016-08-03 05:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-09 20:50 - 2016-08-03 05:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-09 20:50 - 2016-08-03 05:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-09 20:50 - 2016-08-03 05:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-09 20:50 - 2016-08-03 05:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-09 20:50 - 2016-08-03 00:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-09 20:50 - 2016-08-03 00:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-09 20:50 - 2016-08-03 00:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-09 19:16 - 2016-08-09 19:19 - 15475396 _____ C:\Users\Jmaes\Desktop\xvideos.com_38c9fad1108aa267e8f04dbb14715f04.mp4
2016-08-09 19:09 - 2016-08-09 19:09 - 16008724 _____ C:\Users\Jmaes\Desktop\61381A5.mp4
2016-08-09 19:07 - 2016-08-09 19:09 - 08855885 _____ C:\Users\Jmaes\Desktop\240P_400K_72029372.mp4
2016-08-09 19:06 - 2016-08-09 19:17 - 28236330 _____ C:\Users\Jmaes\Desktop\480P_600K_80203641.mp4
2016-08-09 19:04 - 2016-08-09 19:07 - 29570137 _____ C:\Users\Jmaes\Desktop\2087601.mp4
2016-08-09 07:41 - 2016-08-09 07:41 - 00440514 _____ C:\Users\Jmaes\Desktop\vw lease agreement.pdf
2016-08-09 07:40 - 2016-08-09 07:40 - 00086570 _____ C:\Users\Jmaes\Desktop\VCI.4865725.pdf
2016-08-02 21:08 - 2016-08-10 03:38 - 00000000 ____D C:\Program Files (x86)\mozilla firefox
2016-07-22 08:20 - 2016-07-22 08:20 - 00000000 ___HD C:\OneDriveTemp
2016-07-21 21:24 - 2016-07-21 21:24 - 00053888 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\Drivers\TVALZ_O.SYS

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-17 20:41 - 2014-04-09 17:44 - 00000000 ____D C:\Users\Jmaes\AppData\Roaming\vlc
2016-08-17 20:28 - 2013-11-19 05:24 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-17 20:28 - 2013-11-19 05:24 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-17 20:00 - 2014-04-17 08:27 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-17 19:58 - 2014-04-17 08:27 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-17 19:58 - 2014-04-17 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-17 19:58 - 2014-04-17 08:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-17 11:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-08-17 11:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-08-17 11:14 - 2014-01-24 01:17 - 00000000 ____D C:\Users\Jmaes\AppData\Local\Adobe
2016-08-17 10:59 - 2016-07-10 21:33 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2016-08-17 10:58 - 2016-05-19 03:42 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-17 10:58 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-17 10:57 - 2014-01-24 01:07 - 00000000 __RDO C:\Users\Jmaes\SkyDrive
2016-08-17 10:55 - 2016-05-19 04:44 - 00000000 __SHD C:\Users\Jmaes\IntelGraphicsProfiles
2016-08-17 10:55 - 2016-05-19 03:20 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-17 10:51 - 2016-05-19 03:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-17 10:49 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-17 10:48 - 2016-05-19 03:25 - 00000000 ____D C:\Users\Jmaes
2016-08-17 10:25 - 2014-01-24 01:35 - 00000000 ____D C:\Users\Jmaes\AppData\Roaming\Skype
2016-08-16 21:17 - 2015-07-31 05:04 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-08-16 19:11 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-16 19:11 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-16 06:55 - 2014-03-24 15:26 - 00000000 ____D C:\Users\Jmaes\Desktop\tumb
2016-08-11 14:57 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-10 23:05 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 23:05 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 18:50 - 2014-01-24 00:56 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-10 18:44 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-10 18:44 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 18:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-10 18:43 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-08-09 21:58 - 2014-01-26 07:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-09 21:14 - 2014-01-26 07:33 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 19:30 - 2014-01-28 03:20 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 19:30 - 2014-01-28 03:20 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-07 11:34 - 2014-01-24 01:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-07 00:28 - 2014-02-02 00:42 - 00000000 ____D C:\Users\Jmaes\AppData\Local\CrashDumps
2016-08-04 07:21 - 2015-09-17 19:11 - 00003964 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1398700913
2016-08-04 07:21 - 2015-05-20 22:36 - 00001131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-08-04 07:21 - 2014-04-28 12:01 - 00000000 ____D C:\Program Files (x86)\Opera
2016-07-31 00:27 - 2014-08-30 22:55 - 00000000 ____D C:\Users\Jmaes\AppData\Roaming\.ACEStream
2016-07-31 00:26 - 2014-08-30 22:55 - 00000000 ___HD C:\_acestream_cache_
2016-07-28 20:23 - 2013-11-19 05:24 - 00003990 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 20:23 - 2013-11-19 05:24 - 00003758 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-27 23:57 - 2014-02-08 05:30 - 00000000 ____D C:\Users\Jmaes\Desktop\New folder

==================== Files in the root of some directories =======

2016-01-16 22:40 - 2016-01-16 22:40 - 0003429 _____ () C:\Program Files (x86)\INSTALL.LOG
2016-01-16 22:40 - 2002-07-26 18:02 - 0153088 _____ () C:\Program Files (x86)\UNWISE.EXE
2014-06-16 03:12 - 2014-06-17 17:56 - 0005120 _____ () C:\Users\Jmaes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Users\Public\VOIP.dat


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-09 19:59

==================== End of FRST.txt ============================



#4 Kingjames305

Kingjames305

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 17 August 2016 - 07:55 PM

addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2016
Ran by Jmaes (17-08-2016 20:41:29)
Running from C:\Users\Jmaes\Desktop
Windows 10 Home Version 1511 (X64) (2016-05-19 08:43:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-606174568-3190934056-102457006-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-606174568-3190934056-102457006-503 - Limited - Disabled)
Guest (S-1-5-21-606174568-3190934056-102457006-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-606174568-3190934056-102457006-1003 - Limited - Enabled)
Jmaes (S-1-5-21-606174568-3190934056-102457006-1001 - Administrator - Enabled) => C:\Users\Jmaes

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ace Stream Media 3.1.1 (HKU\S-1-5-21-606174568-3190934056-102457006-1001\...\AceStream) (Version: 3.1.1 - Ace Stream Media) <==== ATTENTION
Acoustica Effects Pack (HKLM-x32\...\Acoustica Effects Pack) (Version: 1.0 - Acoustica, Inc)
Acoustica Mixcraft (HKLM-x32\...\Acoustica Mixcraft) (Version:  - Acoustica)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.19.52 - Conexant)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Gyazo 2.0.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HMA! Pro VPN 2.8.6.0 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.8.6.0 - Privax Ltd)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
ManyCam 4.0.110 (HKLM-x32\...\ManyCam) (Version: 4.0.110 - Visicom Media Inc.)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 48.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.0.6051 - Mozilla)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.7.0.76 - Symantec Corporation)
Opera Stable 39.0.2256.48 (HKLM-x32\...\Opera 39.0.2256.48) (Version: 39.0.2256.48 - Opera Software)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SurfEasy VPN 1.1.237 (HKLM-x32\...\SurfEasy VPN) (Version: 1.1.237 - SurfEasy Inc)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
Tag&Rename 3.1.7 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.1.7 - Softpointer Inc)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{84FA4D2D-4273-4C66-BD3D-ADD3FE48DFA2}) (Version: 1.1.5.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.0003.64001 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-606174568-3190934056-102457006-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 5.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-606174568-3190934056-102457006-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jmaes\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1AC8C802-F4D1-48E4-A223-382CD277ACB1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1D9BE500-F87B-4AB9-8B7B-B423B9E206E4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {47853530-932E-41B9-A58A-25DF1EB9E0CD} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2016-06-16] (Symantec Corporation)
Task: {4F79B3FF-75D0-45C1-B121-FB253BAF38DA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {519EF15E-17C4-4365-AE3A-6E3DFD1F5A62} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {557BDD38-6165-44CF-9A37-D37885AAB48B} - System32\Tasks\{6A2957DA-32F1-48B9-B0C2-0C2685187B33} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1638
Task: {56454F55-1164-4AF0-AA12-4A04DC6056DC} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\SymErr.exe
Task: {66DD0A58-E5B2-4DB3-A549-6E2FB1128851} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {703BCC30-03EF-4980-821A-48952A105881} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {76CABBAB-A14F-49ED-AEBA-CCA9D43BC815} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7CDCACFF-E7DB-40C2-8DB6-7BB5A19D4DE6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {83078231-04B4-4EED-B2FD-6A9520EA28E1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\WSCStub.exe [2016-06-16] (Symantec Corporation)
Task: {8A66E7AA-2307-4C54-A04B-52C33A6888F6} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-08] (Synaptics Incorporated)
Task: {8BF63057-37AC-42EA-BC00-AC22B0E551D8} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {8F5FE454-C27E-4BF3-A912-67001E78856A} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {933F3661-09D9-4CD2-9E1D-1440E7F1DDEC} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {9367AC9F-4ABE-4E50-B76F-536CF1C1C682} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {986D610D-DBFD-42A1-ADD3-68ED271E844F} - System32\Tasks\Opera scheduled Autoupdate 1398700913 => C:\Program Files (x86)\Opera\launcher.exe [2016-08-03] (Opera Software)
Task: {9F71CB25-62A9-414D-A706-38DFE0A2679E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A076ADC8-CE18-4379-9F14-6374EABA12A4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A45594B1-0AC7-47C1-8DAF-0A80E267BEE4} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {AADFACF1-9D0C-426E-AB87-C885FD9C7B7F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-08-09] (Microsoft Corporation)
Task: {ADCBB16E-0DB0-41DE-814A-DA074E96D957} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BB3B6E63-3D6F-4ACB-86C2-0E6C7EDC8514} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {BCB42748-713C-4282-AC05-AB382E06D547} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\SymErr.exe
Task: {DF7DABEC-0DAD-4EB1-B860-B2C5DBED4EF8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DFF3317D-D8CB-4F70-B33E-86F2C6341BCE} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {E04F0BF6-A563-49C3-BD18-342DEB4B06A6} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {E31C7F57-249B-4701-8912-7AD63CB644D1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E3FF21F7-9566-4690-963B-422DF1785DC1} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-08-28] (TODO: <Company name>)
Task: {F2438F8D-E3E1-450F-9D0F-2059A948C9DF} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {FE6AECBB-D3A8-46CF-AC83-72B755FA1B8A} - System32\Tasks\{3A91DE5D-925B-41F4-8552-357C6169379B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1638

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2013-10-16 16:51 - 2013-10-16 16:51 - 03186360 _____ () C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe
2016-07-12 22:36 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 22:36 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-20 05:31 - 2016-05-20 05:31 - 00959168 _____ () C:\Users\Jmaes\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-01-07 17:44 - 2016-01-07 17:44 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-05-19 05:30 - 2016-05-19 05:30 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-05-19 07:05 - 2016-05-19 07:05 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 22:39 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 22:36 - 2016-06-30 23:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 22:36 - 2016-06-30 23:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 22:36 - 2016-06-30 23:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 22:36 - 2016-06-30 23:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-07-18 22:38 - 2012-07-18 22:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-08-01 18:24 - 2013-08-01 18:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2013-11-19 05:34 - 2013-07-02 18:30 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
2013-11-19 05:34 - 2013-07-02 18:30 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
2013-11-19 05:34 - 2013-07-02 18:30 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
2013-11-19 05:34 - 2013-07-02 18:30 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
2013-11-19 05:34 - 2013-07-02 18:30 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
2013-11-19 05:34 - 2013-07-02 18:30 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
2013-11-19 05:34 - 2013-07-02 18:29 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
2013-11-19 04:59 - 2013-09-03 19:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-05-19 05:30 - 2016-05-19 05:30 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-20 05:31 - 2016-05-20 05:31 - 00679624 _____ () C:\Users\Jmaes\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-08-08 19:30 - 2016-08-02 20:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 19:30 - 2016-08-02 20:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-606174568-3190934056-102457006-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jmaes\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-606174568-3190934056-102457006-1001\...\StartupApproved\StartupFolder: => "DesktopWeatherAlerts.lnk"
HKU\S-1-5-21-606174568-3190934056-102457006-1001\...\StartupApproved\Run: => "Optimizer Pro"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{5EF9A567-25D5-4482-980D-CBDAA87A550F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{4D3251E8-4455-4CA0-B251-12A775D9B7D3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{D92101C8-A3B6-476A-B881-13F547C59825}] => (Allow) C:\Program Files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{F23E0F47-B2D5-4DED-BEB4-D3E7AC33AB8A}] => (Allow) C:\Program Files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{EB383A83-AF0E-42F4-B1CF-55EFB1AA9E85}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C9B3CE70-BCD6-4AD4-BBAD-C65431E9A003}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CBC53205-EE6D-497E-A69A-D471B81E3CAD}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{972BAD66-A5B8-4E7C-935B-5EBB02B9B667}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{C3A1AC58-A462-4339-BFC4-04B50E71010F}] => (Allow) C:\Users\Jmaes\AppData\Local\Temp\7zS97B4.tmp\SymNRT.exe
FirewallRules: [{65BFE023-B57A-4A83-993B-76DE25AAC801}] => (Allow) C:\Users\Jmaes\AppData\Local\Temp\7zS97B4.tmp\SymNRT.exe
FirewallRules: [UDP Query User{5CAF4665-A84C-4171-A4FF-C11968F1BA40}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2B1C31C1-7D50-4C2B-B3EE-829F121F9AA6}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{C9C208F8-B892-4C41-A00D-83EAD0A5F216}C:\users\jmaes\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\jmaes\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{D85F009B-A2B6-4ECC-A68C-5932D8313A11}C:\users\jmaes\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\jmaes\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{30E75F50-32C4-40D7-A2CF-E47505961D06}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

08-08-2016 19:20:34 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2016 08:25:11 PM) (Source: COM) (EventID: 10031) (User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}

Error: (08/17/2016 08:25:11 PM) (Source: COM) (EventID: 10031) (User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}

Error: (08/17/2016 07:54:14 PM) (Source: COM) (EventID: 10031) (User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}

Error: (08/17/2016 07:54:13 PM) (Source: COM) (EventID: 10031) (User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}

Error: (08/17/2016 11:15:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 48.0.0.6051 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1ebc

Start Time: 01d1f8982ff908ce

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\mozilla firefox\firefox.exe

Report Id: 64e83ac1-648d-11e6-82e9-00c2c62469a8

Faulting package full name:

Faulting package-relative application ID:

Error: (08/17/2016 11:13:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.10586.494, time stamp: 0x5775e1d8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0513f866
Faulting process id: 0x1b24
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5

Error: (08/17/2016 10:57:24 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (08/17/2016 10:48:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: N360.exe, version: 13.1.1.19, time stamp: 0x573e3d6e
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571afb7f
Exception code: 0xc000000d
Fault offset: 0x000ea24c
Faulting process id: 0x5a4
Faulting application start time: 0xN360.exe0
Faulting application path: N360.exe1
Faulting module path: N360.exe2
Report Id: N360.exe3
Faulting package full name: N360.exe4
Faulting package-relative application ID: N360.exe5

Error: (08/17/2016 10:47:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 48.0.0.6051 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 269c

Start Time: 01d1f893aac96940

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\mozilla firefox\firefox.exe

Report Id: 8e97c972-6489-11e6-82e8-00c2c62469a8

Faulting package full name:

Faulting package-relative application ID:

Error: (08/17/2016 10:35:58 AM) (Source: COM) (EventID: 10031) (User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}


System errors:
=============
Error: (08/17/2016 10:51:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (08/17/2016 10:51:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.

Error: (08/17/2016 10:51:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dts_apo_service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (08/17/2016 10:51:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the dts_apo_service service to connect.

Error: (08/17/2016 10:48:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_5255a service to connect.

Error: (08/17/2016 10:48:39 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_5255a service, but this action failed with the following error:
%%1056 = An instance of the service is already running.

Error: (08/17/2016 10:48:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_5255a service to connect.

Error: (08/17/2016 10:48:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_5255a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/17/2016 10:48:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_5255a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/17/2016 10:48:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_5255a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-08-11 04:30:49.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-10 18:49:11.429
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-14 04:59:09.958
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-13 13:39:08.154
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-13 04:06:37.115
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-18 04:12:21.876
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-15 04:55:11.136
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-15 03:43:41.195
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-26 04:37:02.272
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-19 06:51:15.179
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 43%
Total physical RAM: 8116.09 MB
Available physical RAM: 4567.71 MB
Total Virtual: 14772.09 MB
Available Virtual: 10786.09 MB

==================== Drives ================================

Drive c: (TI10672700E) (Fixed) (Total:687.8 GB) (Free:485.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



#5 Kingjames305

Kingjames305

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 17 August 2016 - 07:57 PM

sal log

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 5th August 2016
Running from:C:\Users\Jmaes\Desktop (20:47:09 - 08/17/2016)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled!
Internet Explorer 11
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
***-----------------Anti-Virus - Firewall-------------------***
Norton Security Suite (Enabled - Up to Date)
Windows Firewall is Enabled!
Searching for any other Firewall
Norton Security Suite
***----------------AntiSpyware - Miscellaneous---------------***
Adobe Flash Player Plugin (version 22.0.0.209)
Java (version 8.25.18)
Google Chrome (version 52)
Malwarebytes Anti-Malware (version 2.2.1.1043)
Microsoft Silverlight (version 5)
Mozilla Firefox (version 48)
Opera (version 38)

***----------------Analysis Complete-------------------------***



#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 18 August 2016 - 06:49 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
Remove this program via the Control panel > Programs > Programs and Features.
Ace Stream Media 3.1.1 (HKU\S-1-5-21-606174568-3190934056-102457006-1001\...\AceStream) (Version: 3.1.1 - Ace Stream Media) <==== ATTENTION

---

JoySaburo you are not authorized to post replies in live topics.

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction - Chrome <======= ATTENTION
HKU\S-1-5-21-606174568-3190934056-102457006-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
HKU\S-1-5-21-606174568-3190934056-102457006-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
FF Plugin HKU\S-1-5-21-606174568-3190934056-102457006-1001: @acestream.net/acestreamplugin,version=3.1.1 -> C:\Users\Jmaes\AppData\Roaming\ACEStream\player\npace_plugin.dll [2015-08-06] (Innovative Digital Technologies)
FF HKU\S-1-5-21-606174568-3190934056-102457006-1001\...\Firefox\Extensions: [acewebextension@acestream.org] - C:\Users\Jmaes\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension.xpi
FF Extension: Ace Stream Web Extension - C:\Users\Jmaes\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension.xpi [2015-11-10] [not signed]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jmaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-04]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-606174568-3190934056-102457006-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-04]
OPR Extension: (AS Magic Player) - C:\Users\Jmaes\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-09-29]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160706.008\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160706.008\EX64.SYS [X]
Task: {1AC8C802-F4D1-48E4-A223-382CD277ACB1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1D9BE500-F87B-4AB9-8B7B-B423B9E206E4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4F79B3FF-75D0-45C1-B121-FB253BAF38DA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {519EF15E-17C4-4365-AE3A-6E3DFD1F5A62} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {66DD0A58-E5B2-4DB3-A549-6E2FB1128851} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {703BCC30-03EF-4980-821A-48952A105881} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {76CABBAB-A14F-49ED-AEBA-CCA9D43BC815} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7CDCACFF-E7DB-40C2-8DB6-7BB5A19D4DE6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {933F3661-09D9-4CD2-9E1D-1440E7F1DDEC} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {9367AC9F-4ABE-4E50-B76F-536CF1C1C682} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A076ADC8-CE18-4379-9F14-6374EABA12A4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {ADCBB16E-0DB0-41DE-814A-DA074E96D957} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E31C7F57-249B-4701-8912-7AD63CB644D1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F2438F8D-E3E1-450F-9D0F-2059A948C9DF} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.goog...er/183083?hl=en

Restart Chrome.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com...d/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmic...java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.co...oads/index.html

How to disable Java in your browsers
http://www.infoworld...browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

Please post the log and let me know if the problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 Kingjames305

Kingjames305

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 18 August 2016 - 01:58 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-08-2016
Ran by Jmaes (18-08-2016 14:16:48) Run:1
Running from C:\Users\Jmaes\Desktop
Loaded Profiles: Jmaes (Available Profiles: Jmaes)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction - Chrome <======= ATTENTION
HKU\S-1-5-21-606174568-3190934056-102457006-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
HKU\S-1-5-21-606174568-3190934056-102457006-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
FF Plugin HKU\S-1-5-21-606174568-3190934056-102457006-1001: @acestream.net/acestreamplugin,version=3.1.1 -> C:\Users\Jmaes\AppData\Roaming\ACEStream\player\npace_plugin.dll [2015-08-06] (Innovative Digital Technologies)
FF HKU\S-1-5-21-606174568-3190934056-102457006-1001\...\Firefox\Extensions: [acewebextension@acestream.org] - C:\Users\Jmaes\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension.xpi
FF Extension: Ace Stream Web Extension - C:\Users\Jmaes\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension.xpi [2015-11-10] [not signed]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jmaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-04]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-606174568-3190934056-102457006-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-04]
OPR Extension: (AS Magic Player) - C:\Users\Jmaes\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-09-29]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160706.008\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160706.008\EX64.SYS [X]
Task: {1AC8C802-F4D1-48E4-A223-382CD277ACB1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1D9BE500-F87B-4AB9-8B7B-B423B9E206E4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4F79B3FF-75D0-45C1-B121-FB253BAF38DA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {519EF15E-17C4-4365-AE3A-6E3DFD1F5A62} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {66DD0A58-E5B2-4DB3-A549-6E2FB1128851} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {703BCC30-03EF-4980-821A-48952A105881} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {76CABBAB-A14F-49ED-AEBA-CCA9D43BC815} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7CDCACFF-E7DB-40C2-8DB6-7BB5A19D4DE6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {933F3661-09D9-4CD2-9E1D-1440E7F1DDEC} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {9367AC9F-4ABE-4E50-B76F-536CF1C1C682} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A076ADC8-CE18-4379-9F14-6374EABA12A4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {ADCBB16E-0DB0-41DE-814A-DA074E96D957} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E31C7F57-249B-4701-8912-7AD63CB644D1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F2438F8D-E3E1-450F-9D0F-2059A948C9DF} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-606174568-3190934056-102457006-1001\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value removed successfully
HKU\S-1-5-21-606174568-3190934056-102457006-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKU\S-1-5-21-606174568-3190934056-102457006-1001\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.1" => key removed successfully
C:\Users\Jmaes\AppData\Roaming\ACEStream\player\npace_plugin.dll => moved successfully
HKU\S-1-5-21-606174568-3190934056-102457006-1001\Software\Mozilla\Firefox\Extensions\\acewebextension@acestream.org => value removed successfully
C:\Users\Jmaes\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension.xpi => moved successfully
C:\Users\Jmaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe" => key removed successfully
Could not move "C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\Exts\Chrome.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKU\S-1-5-21-606174568-3190934056-102457006-1001\SOFTWARE\Google\Chrome\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe" => key removed successfully
Could not move "C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\Exts\Chrome.crx" => Scheduled to move on reboot.
C:\Users\Jmaes\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim => moved successfully
NAVENG => service could not remove
NAVEX15 => service could not remove
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1AC8C802-F4D1-48E4-A223-382CD277ACB1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AC8C802-F4D1-48E4-A223-382CD277ACB1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1D9BE500-F87B-4AB9-8B7B-B423B9E206E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D9BE500-F87B-4AB9-8B7B-B423B9E206E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F79B3FF-75D0-45C1-B121-FB253BAF38DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F79B3FF-75D0-45C1-B121-FB253BAF38DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{519EF15E-17C4-4365-AE3A-6E3DFD1F5A62}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{519EF15E-17C4-4365-AE3A-6E3DFD1F5A62}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66DD0A58-E5B2-4DB3-A549-6E2FB1128851}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66DD0A58-E5B2-4DB3-A549-6E2FB1128851}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{703BCC30-03EF-4980-821A-48952A105881}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{703BCC30-03EF-4980-821A-48952A105881}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76CABBAB-A14F-49ED-AEBA-CCA9D43BC815}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76CABBAB-A14F-49ED-AEBA-CCA9D43BC815}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CDCACFF-E7DB-40C2-8DB6-7BB5A19D4DE6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CDCACFF-E7DB-40C2-8DB6-7BB5A19D4DE6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{933F3661-09D9-4CD2-9E1D-1440E7F1DDEC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{933F3661-09D9-4CD2-9E1D-1440E7F1DDEC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9367AC9F-4ABE-4E50-B76F-536CF1C1C682}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9367AC9F-4ABE-4E50-B76F-536CF1C1C682}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A076ADC8-CE18-4379-9F14-6374EABA12A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A076ADC8-CE18-4379-9F14-6374EABA12A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ADCBB16E-0DB0-41DE-814A-DA074E96D957}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADCBB16E-0DB0-41DE-814A-DA074E96D957}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E31C7F57-249B-4701-8912-7AD63CB644D1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E31C7F57-249B-4701-8912-7AD63CB644D1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2438F8D-E3E1-450F-9D0F-2059A948C9DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2438F8D-E3E1-450F-9D0F-2059A948C9DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 71735946 B
Java, Flash, Steam htmlcache => 1412 B
Windows/system/drivers => 333 B
Edge => 1851660 B
Chrome => 2083177215 B
Firefox => 385348758 B
Opera => 261612986 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 31735697 B
NetworkService => 14246 B
Jmaes => 45969654 B

RecycleBin => 466389653 B
EmptyTemp: => 3.1 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 18-08-2016 14:54:34)

"C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\Exts\Chrome.crx" => Could not move
"C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\Exts\Chrome.crx" => Could not move

==== End of Fixlog 14:54:35 ====



#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 19 August 2016 - 05:53 AM

Any remaining issues?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 Kingjames305

Kingjames305

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 22 August 2016 - 06:38 PM

hey sorry, i was away for the weekend, just got back. And no issues. everything seems to be back to normal. Thank you for all your help!!



#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 23 August 2016 - 06:56 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingc...best-practices/
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!