FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:19-11-2015
Ran by Angie (administrator) on SEXY (20-11-2015 09:31:52)
Running from C:\Users\Angie\Desktop
Loaded Profiles: Angie (Available Profiles: Angie & Dylan)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-16] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-15] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-14] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-19] (AVAST Software)
HKLM-x32\...\RunOnce: [{621BAAED-7B19-42A7-AA04-7217716FF5D2}] => cmd.exe /C start /D "C:\Users\Angie\AppData\Local\Temp" /B {621BAAED-7B19-42A7-AA04-7217716FF5D2}.exe -accepteula -postboot
HKLM-x32\...\RunOnce: [AvgRemover] => C:\Users\Angie\Downloads\avg_remover_stf_x64_2015_5501.exe [3681088 2015-11-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2805473387-1554243729-575181077-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2805473387-1554243729-575181077-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2805473387-1554243729-575181077-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-19] (AVAST Software)
GroupPolicyUsers\S-1-5-21-2805473387-1554243729-575181077-1001\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{20655EBC-FB7C-4196-AC0D-DE706D11DDDA}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{B36F198F-F2F8-41B9-931F-7999DC95B017}: [DhcpNameServer] 10.4.182.22 10.4.81.105
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2805473387-1554243729-575181077-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2805473387-1554243729-575181077-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2805473387-1554243729-575181077-1000 -> DefaultScope {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2805473387-1554243729-575181077-1000 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-19] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-27] (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-20] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-19] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-14] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-27] (Symantec Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-06] (<TOSHIBA>)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-27] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-27] (Symantec Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\75u9dyh1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-01-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-01-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-11-15] ()
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn [2015-11-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-19]
Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Profile: C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Cards Against Originality) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\akccmajgihkbpjdmkceiamgkkplachhk [2015-04-23]
CHR Extension: (Digital painting tutorials) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\anpelenoiegfnfnnmakijehklfhkddhb [2013-08-30]
CHR Extension: (Google Docs) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (TV) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2013-08-30]
CHR Extension: (YouTube) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Facebook Theme Creator) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecnnffhckagcpoimngfooggeilkhlnnh [2014-10-12]
CHR Extension: (iCloud Bookmarks) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-07-24]
CHR Extension: (Google Docs Offline) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (AdBlock) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-19]
CHR Extension: (Avast Online Security) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-19]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-07-26]
CHR Extension: (In My Head) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icjghaijajcdnfbepmfmapepjcgkdehh [2013-08-30]
CHR Extension: (Norton Identity Safe) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-08]
CHR Extension: (Clearly) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2015-06-14]
CHR Extension: (Google Forms) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2015-09-11]
CHR Extension: (Google Play) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-02-12]
CHR Extension: (Peanut Gallery) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhbgfmofpkinopfbafkklckgbkojgknp [2013-08-30]
CHR Extension: (Skype Click to Call) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-03]
CHR Extension: (AgarioMods Evergreen Script) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjgdbihpkphlammdaeicdemggagfbdo [2015-09-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-08-11]
CHR Extension: (Tumblr Savior) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2015-05-02]
CHR Extension: (Facebook Themes (Facebook Style Gallery) App) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\oklfegjlnijpeedheifelomiocbagekj [2015-03-04]
CHR Extension: (Psykopaint) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2015-03-20]
CHR Extension: (Gmail) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-08-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-19]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-08-07]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-19] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2015-11-19] (AVAST Software)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-03-14] (WildTangent)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-31] (McAfee, Inc.)
S2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-05-04] (Symantec Corporation)
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe [103792 2010-02-03] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-24] (Electronic Arts)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe [126392 2009-08-25] (Symantec Corporation)
S2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [520360 2013-03-26] (iWin Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-19] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-11-19] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-19] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2015-11-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-19] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-19] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-19] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-19] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-19] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-19] (AVAST Software)
R0 B04F67D4; C:\Windows\System32\drivers\B04F67D4.sys [478392 2015-11-19] (Kaspersky Lab ZAO)
S1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-28] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 massfilter_hs; C:\windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-19] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2015-11-19] (AVAST Software)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-11-19] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-20 09:31 - 2015-11-20 09:32 - 00023287 _____ C:\Users\Angie\Desktop\FRST.txt
2015-11-20 09:31 - 2015-11-20 09:31 - 02020352 _____ (Farbar) C:\Users\Angie\Desktop\FRST64.exe
2015-11-19 17:21 - 2015-11-19 17:21 - 00024332 _____ C:\ComboFix.txt
2015-11-19 17:10 - 2015-11-19 17:21 - 00000000 ____D C:\Qoobox
2015-11-19 17:10 - 2011-06-26 17:45 - 00256000 _____ C:\windows\PEV.exe
2015-11-19 17:10 - 2010-11-08 04:20 - 00208896 _____ C:\windows\MBR.exe
2015-11-19 17:10 - 2009-04-20 15:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-11-19 17:10 - 2000-08-31 11:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-11-19 17:10 - 2000-08-31 11:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-11-19 17:10 - 2000-08-31 11:00 - 00098816 _____ C:\windows\sed.exe
2015-11-19 17:10 - 2000-08-31 11:00 - 00080412 _____ C:\windows\grep.exe
2015-11-19 17:10 - 2000-08-31 11:00 - 00068096 _____ C:\windows\zip.exe
2015-11-19 17:09 - 2015-11-19 17:20 - 00000000 ____D C:\windows\erdnt
2015-11-19 17:06 - 2015-11-19 17:06 - 05639131 ____R (Swearware) C:\Users\Angie\Desktop\ComboFix.exe
2015-11-19 14:21 - 2015-11-19 14:21 - 00005882 _____ C:\Users\Angie\Desktop\techspot message.txt
2015-11-19 13:50 - 2015-11-19 13:50 - 19740232 _____ C:\Users\Angie\Downloads\RogueKiller (1).exe
2015-11-19 13:43 - 2015-11-19 13:43 - 00000618 _____ C:\Users\Angie\Desktop\JRT.txt
2015-11-19 13:40 - 2015-11-19 13:40 - 01599080 _____ (Malwarebytes) C:\Users\Angie\Downloads\JRT (1).exe
2015-11-19 13:32 - 2015-11-19 13:32 - 01599080 _____ (Malwarebytes) C:\Users\Angie\Downloads\JRT.exe
2015-11-19 13:19 - 2015-11-19 13:23 - 00000000 ____D C:\AdwCleaner
2015-11-19 13:19 - 2015-11-19 13:19 - 01732096 _____ C:\Users\Angie\Downloads\adwcleaner_5.021.exe
2015-11-19 13:18 - 2015-11-19 13:18 - 00000563 _____ C:\Users\Angie\Desktop\malware bytes scan 17-11-2015.txt
2015-11-19 13:17 - 2015-11-19 13:17 - 00001387 _____ C:\Users\Angie\Desktop\malware bytes scan 18-11-2015.txt
2015-11-19 13:16 - 2015-11-19 13:16 - 00001551 _____ C:\Users\Angie\Desktop\malware bytes scan 19-11-2015.txt
2015-11-19 12:46 - 2015-11-19 12:46 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-19 12:39 - 2015-11-19 12:39 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Angie\Downloads\avg_remover_stf_x64_2015_5501.exe
2015-11-19 12:39 - 2015-11-19 12:39 - 00385390 _____ C:\Users\Angie\Downloads\avgremover.log
2015-11-19 12:35 - 2015-11-19 12:35 - 19740232 _____ C:\Users\Angie\Downloads\RogueKiller.exe
2015-11-19 12:30 - 2015-11-19 12:31 - 00000000 ____D C:\Users\Angie\Desktop\WTF files
2015-11-19 12:29 - 2015-11-19 12:29 - 00299944 _____ C:\windows\Minidump\111915-20826-01.dmp
2015-11-19 12:18 - 2015-11-19 12:18 - 00478392 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\B04F67D4.sys
2015-11-19 12:18 - 2015-11-19 12:18 - 00000000 ____D C:\KVRT_Data
2015-11-19 12:14 - 2015-11-19 12:18 - 94833832 _____ (Kaspersky Lab ZAO) C:\Users\Angie\Downloads\KVRT.exe
2015-11-19 12:00 - 2015-11-19 12:00 - 00002142 _____ C:\Users\Angie\Desktop\GMER log.log
2015-11-19 11:46 - 2015-11-19 11:46 - 00117086 _____ C:\Users\Angie\Desktop\OTL.Txt
2015-11-19 11:45 - 2015-11-19 11:45 - 00117086 _____ C:\Users\Angie\Downloads\OTL.Txt
2015-11-19 11:45 - 2015-11-19 11:45 - 00093110 _____ C:\Users\Angie\Downloads\Extras.Txt
2015-11-19 11:44 - 2015-11-19 11:44 - 00370943 _____ C:\Users\Angie\Desktop\gmer.zip
2015-11-19 11:44 - 2015-11-19 11:44 - 00000000 ____D C:\Users\Angie\Desktop\gmer
2015-11-19 11:37 - 2015-11-19 11:37 - 00602112 _____ (OldTimer Tools) C:\Users\Angie\Downloads\OTL.exe
2015-11-19 07:54 - 2015-11-19 14:07 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-19 07:54 - 2015-11-19 13:51 - 00035064 _____ C:\windows\system32\Drivers\TrueSight.sys
2015-11-19 06:21 - 2015-11-20 09:31 - 00000000 ____D C:\FRST
2015-11-19 01:28 - 2015-11-19 01:28 - 00003024 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1447856893
2015-11-19 01:28 - 2015-11-19 01:28 - 00001048 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2015-11-19 01:28 - 2015-11-19 01:28 - 00001048 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2015-11-19 01:27 - 2015-11-19 01:27 - 00147088 _____ (AVAST Software) C:\windows\system32\Drivers\ngvss.sys
2015-11-19 01:27 - 2015-11-19 01:27 - 00028144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2015-11-19 01:27 - 2015-11-19 01:23 - 00386096 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2015-11-19 01:25 - 2015-11-19 16:55 - 00002086 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2015-11-19 01:25 - 2015-11-19 01:25 - 00000000 ____D C:\Users\Angie\AppData\Roaming\AVAST Software
2015-11-19 01:25 - 2015-11-19 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-11-19 01:24 - 2015-11-19 01:27 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-11-19 01:24 - 2015-11-19 01:23 - 00449992 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2015-11-19 01:24 - 2015-11-19 01:23 - 00273784 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2015-11-19 01:24 - 2015-11-19 01:23 - 00154256 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2015-11-19 01:24 - 2015-11-19 01:23 - 00097648 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2015-11-19 01:24 - 2015-11-19 01:23 - 00093528 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2015-11-19 01:24 - 2015-11-19 01:23 - 00065224 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2015-11-19 01:24 - 2015-11-19 01:23 - 00028656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2015-11-19 01:23 - 2015-11-19 01:23 - 01059656 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2015-11-19 01:23 - 2015-11-19 01:23 - 00466400 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2015-11-19 01:23 - 2015-11-19 01:23 - 00043112 _____ (AVAST Software) C:\windows\avastSS.scr
2015-11-19 01:22 - 2015-11-19 01:27 - 00000000 ____D C:\Program Files\AVAST Software
2015-11-19 01:21 - 2015-11-19 01:27 - 00000000 ____D C:\ProgramData\AVAST Software
2015-11-19 00:58 - 2015-11-19 00:58 - 00003244 _____ C:\windows\System32\Tasks\IORRT
2015-11-16 21:00 - 2015-11-16 21:02 - 00000000 ____D C:\Users\Angie\Desktop\TRANSFERRING TO BACKUP
2015-11-11 09:45 - 2015-11-11 12:35 - 00056127 _____ C:\Users\Angie\Documents\Do Not Smoke.fdx
2015-11-06 22:41 - 2015-11-06 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-06 22:41 - 2015-11-06 22:41 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-02 21:28 - 2015-11-02 21:28 - 00000383 _____ C:\ftconfig.ini
2015-11-02 10:05 - 2015-11-02 10:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-11-02 10:05 - 2015-11-02 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-02 10:03 - 2015-11-02 10:03 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Angie\Downloads\SkypeSetup (2).exe
2015-11-01 22:52 - 2015-11-01 22:53 - 00584288 _____ (Oracle Corporation) C:\Users\Angie\Downloads\chromeinstall-8u65.exe
2015-10-25 16:34 - 2015-10-25 16:37 - 00000000 ____D C:\Program Files (x86)\MCSkin3D
2015-10-25 16:34 - 2015-10-25 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCSkin3D
2015-10-25 16:28 - 2015-10-25 16:32 - 00000000 ____D C:\ProgramData\Informer Technologies, Inc
2015-10-25 16:28 - 2015-10-25 16:29 - 02045882 _____ (Altered Softworks & MCSkin3D Development Team ) C:\Users\Angie\Downloads\mcskin3d_1_3.exe
2015-10-25 16:06 - 2015-10-25 16:09 - 03602752 _____ (Informer Technologies, Inc. ) C:\Users\Angie\Downloads\siinst.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-19 22:47 - 2010-11-21 14:47 - 01719488 _____ C:\windows\PFRO.log
2015-11-19 19:10 - 2015-03-02 00:17 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-19 17:21 - 2009-07-14 14:20 - 00000000 __RHD C:\Users\Default
2015-11-19 17:19 - 2009-07-14 13:34 - 00000215 _____ C:\windows\system.ini
2015-11-19 17:03 - 2012-11-15 04:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton PC Checkup
2015-11-19 13:25 - 2009-07-14 15:51 - 00139920 _____ C:\windows\setupact.log
2015-11-19 12:46 - 2015-03-02 00:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-19 12:46 - 2015-03-02 00:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-19 12:29 - 2013-09-14 15:51 - 00000000 ____D C:\windows\Minidump
2015-11-19 12:29 - 2013-09-14 15:50 - 384536491 _____ C:\windows\MEMORY.DMP
2015-11-19 12:27 - 2009-07-14 16:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-19 06:39 - 2015-03-31 19:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-19 05:40 - 2013-08-30 22:58 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-19 05:40 - 2013-08-30 22:58 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-19 05:40 - 2012-11-15 03:36 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-19 02:14 - 2015-02-09 22:42 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-11-19 01:58 - 2009-07-14 15:45 - 00028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-19 01:57 - 2009-07-14 15:45 - 00028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-19 01:54 - 2012-11-15 03:30 - 01355564 _____ C:\windows\WindowsUpdate.log
2015-11-18 21:06 - 2009-07-14 16:13 - 00779080 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-17 07:25 - 2013-09-14 15:04 - 00000000 ____D C:\Users\Angie\AppData\Local\CrashDumps
2015-11-16 23:53 - 2015-02-27 11:54 - 00000000 ____D C:\windows\pss
2015-11-16 19:04 - 2013-10-07 18:38 - 00000000 ____D C:\Users\Angie\AppData\Roaming\Skype
2015-11-11 22:13 - 2015-02-09 22:42 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 22:13 - 2014-03-01 10:36 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 22:13 - 2014-03-01 10:36 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-10 21:26 - 2014-08-28 22:44 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-10 10:47 - 2009-07-14 16:08 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-11-03 19:03 - 2013-08-30 23:57 - 00000000 ____D C:\Users\Angie\AppData\Local\Tific
2015-11-02 10:06 - 2012-11-15 04:13 - 00000000 ____D C:\ProgramData\Skype
==================== Files in the root of some directories =======
2015-06-03 23:34 - 2015-06-03 23:34 - 0002148 _____ () C:\Users\Angie\AppData\Local\recently-used.xbel
2015-02-27 11:38 - 2015-02-27 11:38 - 0007605 _____ () C:\Users\Angie\AppData\Local\Resmon.ResmonCfg
2014-04-19 19:31 - 2014-04-19 19:31 - 0000025 ____H () C:\ProgramData\.811261211181235583101118113995
2015-06-22 01:15 - 2015-04-23 01:15 - 0000032 ____R () C:\ProgramData\hash.dat
Files to move or delete:
====================
C:\ProgramData\hash.dat
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-10 08:20
==================== End of FRST.txt ============================