Inactive-A Unresponsive computer

zfessaras · Oct 3, 2015

Hello there, I am having trouble with my computer, and there are important files on it which I wish to protect.
As of now the computer is being unreasonable slow, unresponsive, and generally a hassle to work with.

Here all the files you requested.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-10-2015
Ran by Zach (administrator) on ZACH1-PC (03-10-2015 11:08:51)
Running from C:\Users\Zach\Desktop
Loaded Profiles: Zach (Available Profiles: Zach & zach2)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft) C:\Program Files (x86)\Microsoft MapPoint 2010\StreetsOlkShim.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [834032 2015-09-25] (Webroot)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk.disabled [2012-06-19]
ShortcutTarget: Intuit Data Protect.lnk.disabled -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Marketsplash Print Software.lnk.disabled [2012-02-02]
ShortcutTarget: Marketsplash Print Software.lnk.disabled -> C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk.disabled [2012-06-19]
ShortcutTarget: QuickBooks Update Agent.lnk.disabled -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk.disabled [2014-04-04]
ShortcutTarget: QuickBooks_Standard_21.lnk.disabled -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk.disabled [2013-07-05]
ShortcutTarget: Secunia PSI Tray.lnk.disabled -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML [2015-08-31] ()
Startup: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-08-31] ()
Startup: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-08-31] ()
InternetURL: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://ayh2m57ruxjtwyd5.speralreaopio.com/1vdfNY4
Startup: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-11-23]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk.disabled [2013-11-19]
ShortcutTarget: Send to OneNote.lnk.disabled -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{92FA524C-C5CF-47E3-8186-86D1E642636B}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{92FA524C-C5CF-47E3-8186-86D1E642636B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EF50B92A-56BC-45FF-8A7B-47355D05C1A3}: [DhcpNameServer] 172.16.3.10 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20141101-155-sshome-ie-df&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {4E9E29FD-6F65-4274-B66D-6332B4A95C5A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {4E9E29FD-6F65-4274-B66D-6332B4A95C5A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {4E9E29FD-6F65-4274-B66D-6332B4A95C5A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {4E9E29FD-6F65-4274-B66D-6332B4A95C5A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2188797451-4090431143-4288872003-1001 -> DefaultScope {4E9E29FD-6F65-4274-B66D-6332B4A95C5A} URL =
SearchScopes: HKU\S-1-5-21-2188797451-4090431143-4288872003-1001 -> {4E9E29FD-6F65-4274-B66D-6332B4A95C5A} URL =
SearchScopes: HKU\S-1-5-21-2188797451-4090431143-4288872003-1001 -> {4EF7D894-962D-4FE9-B127-94A9359D84DB} URL =
SearchScopes: HKU\S-1-5-21-2188797451-4090431143-4288872003-1001 -> {8CB98AD9-02AE-4ECB-823F-052FE7966E2B} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-11] (Oracle Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2014-09-29] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-10-01] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-11] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-11] (Oracle Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2014-09-29] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-10-01] (Webroot)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-11] (Oracle Corporation)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2014-09-29] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2014-09-29] (Webroot)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\9mrzoiu9.default
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-23] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-11] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-12-11] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2188797451-4090431143-4288872003-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Zach\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-12-12] (Citrix Online)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-22]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-22]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014-09-29]

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Cast) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-05-30]
CHR Extension: (Adblock Plus) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-30]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-11-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Webroot Password Manager) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-09-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-05-09] ()
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-06-02] (Foxit Software Inc.)
S4 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe [119408 2014-06-06] (Mozilla Foundation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-08-19] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-08-19] (Intuit Inc.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-10-17] (TOSHIBA CORPORATION)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [834032 2015-09-25] (Webroot)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16056 2015-10-03] (SlimWare Utilities, Inc.)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [111488 2013-10-15] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-03] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-09-25] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [43600 2015-10-01] (Webroot)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-03 11:08 - 2015-10-03 11:09 - 00023962 _____ C:\Users\Zach\Desktop\FRST.txt
2015-10-03 11:08 - 2015-10-03 11:08 - 00000000 ____D C:\FRST
2015-10-03 11:07 - 2015-10-03 11:07 - 02193408 _____ (Farbar) C:\Users\Zach\Desktop\FRST64.exe
2015-10-03 11:04 - 2015-10-03 11:07 - 00000000 ____D C:\Users\Zach\Desktop\New folder
2015-10-03 11:03 - 2015-10-03 11:07 - 02193408 _____ (Farbar) C:\Users\Zach\Downloads\FRST64.exe
2015-09-23 21:08 - 2015-09-02 22:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-23 21:08 - 2015-09-02 22:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-23 21:08 - 2015-09-02 14:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-23 21:08 - 2015-09-02 13:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-23 05:39 - 2015-08-22 14:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-23 05:39 - 2015-08-22 13:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-23 05:39 - 2015-08-22 13:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-23 05:39 - 2015-08-22 13:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-23 05:39 - 2015-08-22 13:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-23 05:39 - 2015-08-22 13:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-23 05:39 - 2015-08-22 12:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-23 05:39 - 2015-08-22 12:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-23 05:39 - 2015-08-22 12:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-23 05:39 - 2015-08-22 12:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-23 05:39 - 2015-08-22 12:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-23 05:39 - 2015-08-22 12:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-23 05:39 - 2015-08-22 12:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-23 05:39 - 2015-08-22 12:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-23 05:39 - 2015-08-22 12:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-23 05:39 - 2015-08-22 12:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-23 05:39 - 2015-08-22 12:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-23 05:39 - 2015-08-22 12:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-23 05:39 - 2015-08-22 12:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-23 05:39 - 2015-08-22 12:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-23 05:39 - 2015-08-22 12:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-23 05:39 - 2015-08-22 12:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-23 05:39 - 2015-08-22 12:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-23 05:39 - 2015-08-22 12:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-23 05:39 - 2015-08-22 12:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-23 05:39 - 2015-08-22 12:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-23 05:39 - 2015-08-22 12:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-23 05:39 - 2015-08-22 11:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-23 05:39 - 2015-08-22 11:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-21 19:45 - 2015-08-26 22:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-21 19:45 - 2015-08-26 14:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-21 19:45 - 2015-08-26 14:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-21 19:45 - 2015-08-26 14:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-21 19:45 - 2015-08-26 14:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-21 19:45 - 2015-08-26 10:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-21 19:45 - 2015-08-26 10:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-21 19:45 - 2015-08-26 10:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-21 19:45 - 2015-08-26 10:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-21 19:45 - 2015-08-26 10:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-21 19:45 - 2015-08-26 10:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-21 19:45 - 2015-08-26 10:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-21 19:45 - 2015-07-30 13:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-21 19:45 - 2015-07-30 12:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-21 19:39 - 2015-09-01 22:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-21 19:39 - 2015-09-01 22:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-21 19:39 - 2015-09-01 22:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-21 19:39 - 2015-09-01 22:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-21 19:39 - 2015-09-01 22:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-21 19:39 - 2015-07-22 10:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-21 19:39 - 2015-07-22 10:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-21 19:39 - 2015-07-22 10:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-21 19:39 - 2015-07-22 10:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-21 19:39 - 2015-07-18 14:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-21 19:39 - 2015-07-18 14:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-21 19:39 - 2015-07-18 14:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-21 19:39 - 2015-07-18 14:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-21 19:33 - 2015-08-03 17:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-21 19:33 - 2015-08-03 17:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-21 19:33 - 2015-08-01 10:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-21 19:33 - 2015-07-31 23:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-21 19:33 - 2015-07-31 23:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-21 19:33 - 2015-07-31 23:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-21 19:33 - 2015-07-31 23:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-21 19:33 - 2015-07-31 23:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-20 20:17 - 2015-07-22 10:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-20 20:17 - 2015-07-22 09:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-20 20:17 - 2015-07-17 10:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-20 20:17 - 2015-07-17 10:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-09-20 20:17 - 2015-07-13 23:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-09-20 20:17 - 2015-07-13 15:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-20 20:15 - 2015-07-09 12:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-09-20 20:15 - 2015-07-03 17:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-20 20:15 - 2015-07-03 10:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-20 20:15 - 2015-06-27 07:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-20 20:15 - 2015-06-19 13:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-03 11:09 - 2014-09-29 12:52 - 00000000 ____D C:\ProgramData\WRData
2015-10-03 11:06 - 2014-02-18 13:38 - 00000000 ____D C:\Users\Zach
2015-10-03 11:03 - 2014-11-23 10:44 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-03 11:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-03 10:50 - 2014-11-16 21:46 - 02074301 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-03 10:42 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-10-03 09:27 - 2013-08-25 12:56 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-03 08:51 - 2014-02-23 10:07 - 00000000 __RDO C:\Users\Zach\SkyDrive
2015-10-03 08:50 - 2015-08-31 19:42 - 00016056 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys
2015-10-03 08:50 - 2015-08-31 19:42 - 00000434 _____ C:\WINDOWS\Tasks\DriverUpdate Startup.job
2015-10-03 08:50 - 2013-08-25 12:56 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-02 22:18 - 2013-08-24 14:25 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2188797451-4090431143-4288872003-1001
2015-10-02 21:18 - 2014-12-27 14:42 - 00004676 _____ C:\WINDOWS\setupact.log
2015-10-02 21:18 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-02 21:17 - 2014-11-23 11:33 - 00021458 _____ C:\WINDOWS\PFRO.log
2015-10-02 19:15 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-02 18:52 - 2014-11-23 11:42 - 00000000 ____D C:\Users\Zach\AppData\Local\CrashDumps
2015-10-02 18:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-02 18:07 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-02 18:00 - 2014-02-20 20:15 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EFDE7583-B6A7-4BD4-8594-A33B4352A836}
2015-10-02 17:56 - 2014-11-01 20:38 - 00000000 ____D C:\Users\Zach\AppData\Local\Component
2015-10-01 07:09 - 2015-02-26 19:27 - 00043600 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2015-09-28 19:42 - 2015-08-31 19:42 - 00000488 _____ C:\WINDOWS\Tasks\DriverUpdate Scan.job
2015-09-28 19:38 - 2013-08-25 12:56 - 00000000 ____D C:\Users\Zach\AppData\Local\Google
2015-09-25 09:47 - 2014-09-29 13:05 - 00169168 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2015-09-25 09:47 - 2014-09-29 13:05 - 00117728 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2015-09-25 09:47 - 2014-09-29 13:05 - 00106880 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2015-09-25 09:29 - 2013-11-14 03:28 - 00885456 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-25 09:25 - 2013-08-22 10:44 - 00502504 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-23 21:40 - 2013-11-14 03:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-23 21:40 - 2013-08-27 13:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-23 21:40 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-23 21:04 - 2013-11-19 18:16 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-23 06:03 - 2014-11-23 10:44 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-09-20 20:22 - 2013-08-25 12:56 - 00003896 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-20 20:22 - 2013-08-25 12:56 - 00003660 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-14 21:18 - 2013-08-22 11:38 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-14 21:18 - 2013-08-22 11:38 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-08-31 19:28 - 2015-08-31 19:28 - 0008654 _____ () C:\Users\Zach\AppData\Roaming\HELP_DECRYPT.HTML
2015-08-31 19:28 - 2015-08-31 19:28 - 0046131 _____ () C:\Users\Zach\AppData\Roaming\HELP_DECRYPT.PNG
2015-08-31 19:28 - 2015-08-31 19:28 - 0004270 _____ () C:\Users\Zach\AppData\Roaming\HELP_DECRYPT.TXT
2015-08-31 19:28 - 2015-08-31 19:28 - 0000296 _____ () C:\Users\Zach\AppData\Roaming\HELP_DECRYPT.URL
2015-08-31 19:28 - 2015-08-31 19:28 - 0008654 _____ () C:\Users\Zach\AppData\Local\HELP_DECRYPT.HTML
2015-08-31 19:28 - 2015-08-31 19:28 - 0046131 _____ () C:\Users\Zach\AppData\Local\HELP_DECRYPT.PNG
2015-08-31 19:28 - 2015-08-31 19:28 - 0004270 _____ () C:\Users\Zach\AppData\Local\HELP_DECRYPT.TXT
2015-08-31 19:28 - 2015-08-31 19:28 - 0000296 _____ () C:\Users\Zach\AppData\Local\HELP_DECRYPT.URL
2015-08-31 19:28 - 2015-08-31 19:28 - 0008654 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-08-31 19:28 - 2015-08-31 19:28 - 0046131 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-08-31 19:28 - 2015-08-31 19:28 - 0004270 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-08-31 19:28 - 2015-08-31 19:28 - 0000296 _____ () C:\ProgramData\HELP_DECRYPT.URL

Some files in TEMP:
====================
C:\Users\Zach\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\Zach\AppData\Local\Temp\WRupdate558986781.exe
C:\Users\Zach\AppData\Local\Temp\WRupdate558990484.exe
C:\Users\Zach\AppData\Local\Temp\WRupdate648338343.exe
C:\Users\Zach\AppData\Local\Temp\WRupdate648341687.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-03 09:35

==================== End of FRST.txt ============================

zfessaras · Oct 3, 2015

addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-10-2015
Ran by Zach (2015-10-03 11:09:31)
Running from C:\Users\Zach\Desktop
Windows 8.1 (X64) (2014-02-21 00:03:13)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2188797451-4090431143-4288872003-500 - Administrator - Disabled)
Guest (S-1-5-21-2188797451-4090431143-4288872003-501 - Administrator - Disabled)
Zach (S-1-5-21-2188797451-4090431143-4288872003-1001 - Administrator - Enabled) => C:\Users\Zach
zach2 (S-1-5-21-2188797451-4090431143-4288872003-1002 - Limited - Enabled) => C:\Users\zach2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.7.1245.73473 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.7.1245.73473 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{A4B72B94-7745-4CA8-A4D6-D8AC2442451C}) (Version: 1.0.153 - Citrix)
DriverUpdate (HKLM-x32\...\{B6F57EFA-7F52-4349-B7C9-2E6AB01353B7}) (Version: 2.4.2 - SlimWare Utilities, Inc.)
DTS Studio Sound (HKLM-x32\...\{F8EB8FFC-C535-49A1-A84D-CC75CB2D6ADA}) (Version: 1.00.0071 - DTS, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.5.116.602 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
IDT Audio Driver (HKLM\...\{11424B27-C16B-4505-9667-82A10AD1B1DC}) (Version: 6.10.6472.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft MapPoint North America 2010 (HKLM-x32\...\{C82185E8-C27B-4EF4-2010-1111BC2C2B6D}) (Version: 17.0.18.2200 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2188797451-4090431143-4288872003-1001\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
myTV (HKLM-x32\...\{C54184D0-D281-4523-B357-0606209DB56C}) (Version: 3.4.2 - MyTV)
myTV (x32 Version: 3.4.1 - MyTV) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
QuickBooks (x32 Version: 24.0.4001.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4001.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
StreetEagle Professional (HKU\S-1-5-21-2188797451-4090431143-4288872003-1001\...\caefc45ecc4e725a) (Version: 1.0.0.230 - InsightUSA)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6630.6403 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.2.0000 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.342 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.6.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
Toshiba Start (HKU\S-1-5-21-2188797451-4090431143-4288872003-1001\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.7.63 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.4.7 - Webroot)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

30-08-2015 12:19:26 Scheduled Checkpoint
20-09-2015 20:58:02 Windows Update
23-09-2015 20:26:18 Windows Modules Installer
02-10-2015 18:06:31 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {024280AD-A110-478A-8DAA-B09A154343C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {366F3D58-4044-4BE6-9B1E-DD4C8FC215B8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {48918F3E-1FE2-4535-9455-4CB1CEAD6CE2} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {5BB67D78-8D77-475F-BBF3-0A61A3E7E552} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {6C9B9FCC-16B1-4E37-A819-443E7D772D10} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2015-08-21] (SlimWare Utilities, Inc.)
Task: {6D4665DA-8295-4637-ACF4-E01B9B383355} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {87AD6541-E652-4105-A119-67D005998347} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-23] (Adobe Systems Incorporated)
Task: {947DAED0-DC6E-4667-8707-2FCDF9E52C75} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {95F755FB-D2C1-4704-85FB-4719123EE985} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {9E536AFE-EA23-4146-BED3-46BE07B8AD93} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {AC9869C6-0550-4C8B-A199-7A0C35849D84} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)
Task: {B379FFC9-D32B-41C3-B5AC-5842B098BA1F} - System32\Tasks\DriverUpdate Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2015-08-21] (SlimWare Utilities, Inc.)
Task: {F647F9DB-E42D-40E5-9DB8-EAA96F9402D7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-09-11] (Microsoft Corporation)
Task: {FB37ECEC-392B-4DF2-97BD-4B775FD2701D} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2188797451-4090431143-4288872003-1001

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\WINDOWS\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\hpwebreg_xxxxxxxxxx.job => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exeOC:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-24 22:51 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-05-09 12:49 - 2013-05-09 12:49 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2015-09-16 05:36 - 2015-08-11 23:15 - 08900672 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-11-23 09:45 - 2014-11-23 09:45 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-09-23 21:01 - 2015-09-11 19:47 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2015-10-01 07:28 - 2015-09-23 22:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-10-01 07:28 - 2015-09-23 22:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2015-07-25 07:38 - 2015-07-25 07:38 - 00122024 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
2014-11-23 09:45 - 2014-11-23 09:45 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Zach\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2188797451-4090431143-4288872003-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: GFNEXSrv => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Norton PC Checkup Application Launcher => 2
MSCONFIG\Services: pcmaxservice => 2
MSCONFIG\startupreg: 1.TPUReg => "C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => "C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe"
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
MSCONFIG\startupreg: Persistence => "C:\WINDOWS\system32\igfxpers.exe"
MSCONFIG\startupreg: TCrdMain => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
MSCONFIG\startupreg: TecoResident => C:\Program Files\TOSHIBA\Teco\TecoResident.exe
MSCONFIG\startupreg: TODDMain => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: TSleepSrv => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
HKLM\...\StartupApproved\StartupFolder: => "Marketsplash Print Software.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "TSleepSrv"
HKLM\...\StartupApproved\Run32: => "1.TPUReg"
HKLM\...\StartupApproved\Run32: => "AmIcoSinglun64"
HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "BrowserSafeguard"
HKU\S-1-5-21-2188797451-4090431143-4288872003-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2188797451-4090431143-4288872003-1001\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-2188797451-4090431143-4288872003-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_B3BD8B133B2510FB696C20CDD4A51026"
HKU\S-1-5-21-2188797451-4090431143-4288872003-1001\...\StartupApproved\Run: => "OutfoxTV"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9E2B443F-96FB-4EED-A2C9-CFFC1A310FCC}] => (Allow) C:\Users\Zach\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{FF5626FA-CD50-4B0C-AC9F-EB2F35C46988}] => (Allow) C:\Program Files (x86)\myTV\myTV.exe
FirewallRules: [{334434CE-9137-4B43-A43F-F4B1D31CF5D0}] => (Allow) C:\Program Files (x86)\myTV\myTV.exe
FirewallRules: [{FD3A4C42-3EA4-47F2-9D9D-9537E2AC246B}] => (Allow) C:\Program Files (x86)\myTV\myTV.exe
FirewallRules: [{32F3E95B-72B9-47CA-AF1A-703684CC5C40}] => (Allow) C:\Program Files (x86)\myTV\myTV.exe
FirewallRules: [{425465F1-FE67-44DF-86F7-FF28C08DA131}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{FEA7BBE4-38AC-4E98-AB5F-41E2871DA735}C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_85b8c7b2cbc08817\streeteagle professional.exe] => (Allow) C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_85b8c7b2cbc08817\streeteagle professional.exe
FirewallRules: [UDP Query User{3F1ECC0C-F1DE-4F4C-A77E-DCEE048601A2}C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_85b8c7b2cbc08817\streeteagle professional.exe] => (Allow) C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_85b8c7b2cbc08817\streeteagle professional.exe
FirewallRules: [TCP Query User{5D8B794B-FA4D-4A86-A5FC-1028786CC2F2}C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_76f0ab5861ecae57\streeteagle professional.exe] => (Allow) C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_76f0ab5861ecae57\streeteagle professional.exe
FirewallRules: [UDP Query User{7D3878B2-6BED-433B-B445-8C2F15713EE0}C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_76f0ab5861ecae57\streeteagle professional.exe] => (Allow) C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_76f0ab5861ecae57\streeteagle professional.exe
FirewallRules: [{647E9DFA-D373-4C4A-BF52-D953B65907C7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F0D2BE9C-BFF2-4134-B2FF-826A8BD4D39B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6779A083-7E70-4715-9700-925C765FD3B1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AC20658D-D03A-48AB-90AB-3C8E4187ECFC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{654F06DC-6AB7-4FF8-A7C5-B89369BF0076}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{68C1BAD1-A7DE-450A-831B-FE0D586EC48D}C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_fcf7c9f8136c7997\streeteagle professional.exe] => (Allow) C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_fcf7c9f8136c7997\streeteagle professional.exe
FirewallRules: [UDP Query User{148FD3C3-D95D-47F6-BD01-96DCCC5CCC04}C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_fcf7c9f8136c7997\streeteagle professional.exe] => (Allow) C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_fcf7c9f8136c7997\streeteagle professional.exe
FirewallRules: [{57241E71-E5A4-442D-97E8-61BBDF6FCF78}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Dell 3333dn
Description: Dell 3333dn
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Dell
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/03/2015 08:53:51 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (10/03/2015 08:53:51 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (10/02/2015 09:41:13 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (10/02/2015 09:22:35 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (10/02/2015 09:22:35 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (10/02/2015 06:52:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17924, time stamp: 0x55959290
Faulting module name: GWXUI.dll, version: 6.3.9600.17924, time stamp: 0x559590e1
Exception code: 0xc0000005
Fault offset: 0x000000000002cb6d
Faulting process id: 0x1de8
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5

Error: (10/02/2015 06:51:33 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/02/2015 05:55:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 123458422

Error: (10/02/2015 05:55:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 123458422

Error: (10/02/2015 05:55:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (10/03/2015 10:43:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147500037

Error: (10/03/2015 10:43:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%1070

Error: (10/03/2015 10:43:38 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Function Discovery Resource Publication service hung on starting.

Error: (10/03/2015 10:42:48 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%1070

Error: (10/03/2015 10:42:48 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Function Discovery Resource Publication service hung on starting.

Error: (10/03/2015 08:50:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147500037

Error: (10/03/2015 08:50:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147500037

Error: (10/03/2015 08:50:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147500037

Error: (10/03/2015 08:50:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147500037

Error: (10/02/2015 09:19:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147500037

CodeIntegrity:
===================================
Date: 2013-09-09 22:00:48.238
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-04 22:29:44.699
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 20%
Total physical RAM: 16296.04 MB
Available physical RAM: 13012.98 MB
Total Virtual: 32680.04 MB
Available Virtual: 29281.25 MB

==================== Drives ================================

Drive c: (TI10667700F) (Fixed) (Total:919.8 GB) (Free:809.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Broni · Oct 3, 2015

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

You're infected with Cryptowall ransomware.
While we can remove infection itself there is not much we can do about files which are encrypted already as described here: http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

Let me know if you want to continue.

zfessaras · Oct 4, 2015

If it is possible to continue, I would like to.

However is it possible to specify which files are encrypted? The only important files on my computer are the quickbooks accounting backups. Otherwise all the rest can be removed.

Broni · Oct 4, 2015

However is it possible to specify which files are encrypted?

You'll know only when you try to access them. There is no other way.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

zfessaras · Oct 4, 2015

The files I wish to save are working properly, however I would like to save them if by any chance they may get infected. Is the best course of action now to clear the infection and wait it out? Or to perhaps transfer them onto USB to prevent further infection?

Anyways, here is the fixlog.

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Zach (2015-10-04 19:45:09) Run:1
Running from C:\Users\Zach\Desktop
Loaded Profiles: Zach (Available Profiles: Zach & zach2)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Startup: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML [2015-08-31] ()
Startup: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-08-31] ()
Startup: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-08-31] ()
InternetURL: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://ayh2m57ruxjtwyd5.speralreaopio.com/1vdfNY4
C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML
C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG
C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT
C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2188797451-4090431143-4288872003-1001 -> DefaultScope {4E9E29FD-6F65-4274-B66D-6332B4A95C5A} URL =
SearchScopes: HKU\S-1-5-21-2188797451-4090431143-4288872003-1001 -> {4E9E29FD-6F65-4274-B66D-6332B4A95C5A} URL =
SearchScopes: HKU\S-1-5-21-2188797451-4090431143-4288872003-1001 -> {4EF7D894-962D-4FE9-B127-94A9359D84DB} URL =
SearchScopes: HKU\S-1-5-21-2188797451-4090431143-4288872003-1001 -> {8CB98AD9-02AE-4ECB-823F-052FE7966E2B} URL =
2015-08-31 19:28 - 2015-08-31 19:28 - 0008654 _____ () C:\Users\Zach\AppData\Roaming\HELP_DECRYPT.HTML
2015-08-31 19:28 - 2015-08-31 19:28 - 0046131 _____ () C:\Users\Zach\AppData\Roaming\HELP_DECRYPT.PNG
2015-08-31 19:28 - 2015-08-31 19:28 - 0004270 _____ () C:\Users\Zach\AppData\Roaming\HELP_DECRYPT.TXT
2015-08-31 19:28 - 2015-08-31 19:28 - 0000296 _____ () C:\Users\Zach\AppData\Roaming\HELP_DECRYPT.URL
2015-08-31 19:28 - 2015-08-31 19:28 - 0008654 _____ () C:\Users\Zach\AppData\Local\HELP_DECRYPT.HTML
2015-08-31 19:28 - 2015-08-31 19:28 - 0046131 _____ () C:\Users\Zach\AppData\Local\HELP_DECRYPT.PNG
2015-08-31 19:28 - 2015-08-31 19:28 - 0004270 _____ () C:\Users\Zach\AppData\Local\HELP_DECRYPT.TXT
2015-08-31 19:28 - 2015-08-31 19:28 - 0000296 _____ () C:\Users\Zach\AppData\Local\HELP_DECRYPT.URL
2015-08-31 19:28 - 2015-08-31 19:28 - 0008654 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-08-31 19:28 - 2015-08-31 19:28 - 0046131 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-08-31 19:28 - 2015-08-31 19:28 - 0004270 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-08-31 19:28 - 2015-08-31 19:28 - 0000296 _____ () C:\ProgramData\HELP_DECRYPT.URL
C:\Users\Zach\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\Zach\AppData\Local\Temp\WRupdate558986781.exe
C:\Users\Zach\AppData\Local\Temp\WRupdate558990484.exe
C:\Users\Zach\AppData\Local\Temp\WRupdate648338343.exe
C:\Users\Zach\AppData\Local\Temp\WRupdate648341687.exe
AlternateDataStreams: C:\Users\Zach\SkyDrive:ms-properties

*****************

C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML not found.
C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG not found.
C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT not found.
C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL not found.
"C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML" => File/Folder not found.
"C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG" => File/Folder not found.
"C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT" => File/Folder not found.
"C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL" => File/Folder not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-2188797451-4090431143-4288872003-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2188797451-4090431143-4288872003-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4E9E29FD-6F65-4274-B66D-6332B4A95C5A}" => key removed successfully
HKCR\CLSID\{4E9E29FD-6F65-4274-B66D-6332B4A95C5A} => key not found.
"HKU\S-1-5-21-2188797451-4090431143-4288872003-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4EF7D894-962D-4FE9-B127-94A9359D84DB}" => key removed successfully
HKCR\CLSID\{4EF7D894-962D-4FE9-B127-94A9359D84DB} => key not found.
"HKU\S-1-5-21-2188797451-4090431143-4288872003-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CB98AD9-02AE-4ECB-823F-052FE7966E2B}" => key removed successfully
HKCR\CLSID\{8CB98AD9-02AE-4ECB-823F-052FE7966E2B} => key not found.
C:\Users\Zach\AppData\Roaming\HELP_DECRYPT.HTML => moved successfully
C:\Users\Zach\AppData\Roaming\HELP_DECRYPT.PNG => moved successfully
C:\Users\Zach\AppData\Roaming\HELP_DECRYPT.TXT => moved successfully
C:\Users\Zach\AppData\Roaming\HELP_DECRYPT.URL => moved successfully
C:\Users\Zach\AppData\Local\HELP_DECRYPT.HTML => moved successfully
C:\Users\Zach\AppData\Local\HELP_DECRYPT.PNG => moved successfully
C:\Users\Zach\AppData\Local\HELP_DECRYPT.TXT => moved successfully
C:\Users\Zach\AppData\Local\HELP_DECRYPT.URL => moved successfully
C:\ProgramData\HELP_DECRYPT.HTML => moved successfully
C:\ProgramData\HELP_DECRYPT.PNG => moved successfully
C:\ProgramData\HELP_DECRYPT.TXT => moved successfully
C:\ProgramData\HELP_DECRYPT.URL => moved successfully
C:\Users\Zach\AppData\Local\Temp\FoxitUpdater.exe => moved successfully
C:\Users\Zach\AppData\Local\Temp\WRupdate558986781.exe => moved successfully
C:\Users\Zach\AppData\Local\Temp\WRupdate558990484.exe => moved successfully
C:\Users\Zach\AppData\Local\Temp\WRupdate648338343.exe => moved successfully
C:\Users\Zach\AppData\Local\Temp\WRupdate648341687.exe => moved successfully
C:\Users\Zach\SkyDrive => ":ms-properties" ADS removed successfully.

==== End of Fixlog 19:45:11 ====

Broni · Oct 4, 2015

Your files should be safe now so let's continue with cleaning process.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

zfessaras · Oct 6, 2015

I have followed all of your instructions and my PC is running seemingly faster.
Here are the logs below.

RogueKiller V10.10.9.0 [Oct 5 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Zach [Administrator]
Started from : C:\Users\Zach\Desktop\RogueKiller.exe
Mode : Delete -- Date : 10/06/2015 19:35:20

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2188797451-4090431143-4288872003-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2188797451-4090431143-4288872003-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 168.94.0.14 168.94.0.15 ([UNITED STATES (US)][UNITED STATES (US)]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EF50B92A-56BC-45FF-8A7B-47355D05C1A3} | DhcpNameServer : 172.16.3.10 8.8.8.8 ([(Private Address) (XX)][-]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EF50B92A-56BC-45FF-8A7B-47355D05C1A3} | DhcpNameServer : 168.94.0.14 168.94.0.15 ([UNITED STATES (US)][UNITED STATES (US)]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{EF50B92A-56BC-45FF-8A7B-47355D05C1A3} | DhcpNameServer : 172.16.3.10 8.8.8.8 ([(Private Address) (XX)][-]) -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS541010A9E680 +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1024 MB
1 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2099200 | Size: 260 MB
2 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2631680 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2893824 | Size: 941875 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1931853824 | Size: 350 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1932570624 | Size: 10231 MB
User = LL1 ... OK
User = LL2 ... OK

__________________________________________________________________________

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/6/2015
Scan Time: 7:37 PM
Logfile: mwb.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.10.06.06
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Zach

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 457383
Time Elapsed: 8 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

zfessaras · Oct 6, 2015

# AdwCleaner v5.010 - Logfile created 06/10/2015 at 19:48:11
# Updated 04/10/2015 by Xplode
# Database : 2015-10-05.3 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Zach - ZACH1-PC
# Running from : C:\Users\Zach\Desktop\adwcleaner_5.010.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : swdumon

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\ProgramData\Yahoo! Companion
[-] Folder Deleted : C:\Users\Zach\Favorites\StumbleUpon
[!] Folder Not Deleted : C:\Users\Zach\Favorites\StumbleUpon

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Facebook.lnk
[-] File Deleted : C:\WINDOWS\SysNative\drivers\swdumon.sys

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
[-] Key Deleted : HKU\.DEFAULT\Software\GeekBuddyRSP
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\YTDownloader
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\SevereWeatherAlerts
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\YTDownloader
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[!] Key Not Deleted : [x64] HKCU\Software\YTDownloader
[!] Key Not Deleted : [x64] HKCU\Software\Avg Secure Update
[!] Key Not Deleted : [x64] HKCU\Software\SevereWeatherAlerts
[!] Key Not Deleted : [x64] HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
[-] Key Deleted : [x64] HKLM\SOFTWARE\SearchModule

***** [ Web browsers ] *****

[-] [C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\zach2\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\zach2\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3339 bytes] ##########

__________________________________________________________________________

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 8.1 x64
Ran by Zach on Tue 10/06/2015 at 19:51:50.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update ConstaSurf

~~~ Files

Successfully deleted: [File] C:\ProgramData\Microsoft\windows\Start Menu\search.lnk

~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\reviversoft
Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers
Successfully deleted: [Folder] C:\Users\Zach\Appdata\Local\crashrpt

~~~ Chrome

[C:\Users\Zach\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Zach\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Zach\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Zach\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/06/2015 at 19:53:39.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · Oct 6, 2015

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

zfessaras · Oct 9, 2015

frst.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-10-2015
Ran by Zach (administrator) on ZACH1-PC (09-10-2015 15:47:27)
Running from C:\Users\Zach\Desktop
Loaded Profiles: Zach (Available Profiles: Zach & zach2)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [834032 2015-09-25] (Webroot)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk.disabled [2012-06-19]
ShortcutTarget: Intuit Data Protect.lnk.disabled -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Marketsplash Print Software.lnk.disabled [2012-02-02]
ShortcutTarget: Marketsplash Print Software.lnk.disabled -> C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk.disabled [2012-06-19]
ShortcutTarget: QuickBooks Update Agent.lnk.disabled -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk.disabled [2014-04-04]
ShortcutTarget: QuickBooks_Standard_21.lnk.disabled -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk.disabled [2013-07-05]
ShortcutTarget: Secunia PSI Tray.lnk.disabled -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-11-23]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk.disabled [2013-11-19]
ShortcutTarget: Send to OneNote.lnk.disabled -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{92FA524C-C5CF-47E3-8186-86D1E642636B}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{92FA524C-C5CF-47E3-8186-86D1E642636B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EF50B92A-56BC-45FF-8A7B-47355D05C1A3}: [DhcpNameServer] 172.16.3.10 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {4E9E29FD-6F65-4274-B66D-6332B4A95C5A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {4E9E29FD-6F65-4274-B66D-6332B4A95C5A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {4E9E29FD-6F65-4274-B66D-6332B4A95C5A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {4E9E29FD-6F65-4274-B66D-6332B4A95C5A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2188797451-4090431143-4288872003-1001 -> DefaultScope {4E9E29FD-6F65-4274-B66D-6332B4A95C5A} URL =
SearchScopes: HKU\S-1-5-21-2188797451-4090431143-4288872003-1001 -> {4E9E29FD-6F65-4274-B66D-6332B4A95C5A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-11] (Oracle Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2014-09-29] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-10-01] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-11] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-11] (Oracle Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2014-09-29] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-10-01] (Webroot)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-11] (Oracle Corporation)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2014-09-29] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2014-09-29] (Webroot)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\9mrzoiu9.default
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-23] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-11] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-12-11] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2188797451-4090431143-4288872003-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Zach\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-12-12] (Citrix Online)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-22]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-22]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014-09-29]

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Cast) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-05-30]
CHR Extension: (Adblock Plus) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-30]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-11-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Webroot Password Manager) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-09-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
S2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-05-09] ()
S2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-06-02] (Foxit Software Inc.)
S4 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe [119408 2014-06-06] (Mozilla Foundation)
S2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-08-19] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-08-19] (Intuit Inc.) [File not signed]
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-10-17] (TOSHIBA CORPORATION)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [834032 2015-09-25] (Webroot)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [111488 2013-10-15] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-10-06] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-09-25] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [43600 2015-10-01] (Webroot)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-09 15:47 - 2015-10-09 15:47 - 00022273 _____ C:\Users\Zach\Desktop\FRST.txt
2015-10-06 21:16 - 2015-10-06 21:17 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Zach\Downloads\SkypeSetup_exe
2015-10-06 19:53 - 2015-10-06 19:53 - 00001614 _____ C:\Users\Zach\Desktop\JRT.txt
2015-10-06 19:50 - 2015-10-06 19:50 - 00003446 _____ C:\Users\Zach\Desktop\AdwCleaner[C1].txt
2015-10-06 19:47 - 2015-10-06 19:48 - 00000000 ____D C:\AdwCleaner
2015-10-06 19:46 - 2015-10-06 19:46 - 00001034 _____ C:\Users\Zach\Desktop\mwb.txt
2015-10-06 19:35 - 2015-10-06 19:35 - 00005124 _____ C:\Users\Zach\Desktop\rk_9EDD.tmp.txt
2015-10-06 19:22 - 2015-10-06 19:23 - 01681920 _____ C:\Users\Zach\Desktop\adwcleaner_5.010.exe
2015-10-06 19:21 - 2015-10-06 19:27 - 18823752 _____ C:\Users\Zach\Desktop\RogueKiller.exe
2015-10-06 19:21 - 2015-10-06 19:23 - 01801288 _____ (Malwarebytes) C:\Users\Zach\Desktop\JRT.exe
2015-10-04 19:45 - 2015-10-09 15:47 - 00000000 ____D C:\Users\Zach\Desktop\FRST-OlderVersion
2015-10-04 19:43 - 2015-10-04 19:43 - 00002939 _____ C:\Users\Zach\Downloads\fixlist.txt
2015-10-03 11:50 - 2015-10-03 11:52 - 01675766 _____ C:\Users\Zach\Downloads\DEVELOPMENT.dwg
2015-10-03 11:09 - 2015-10-03 11:09 - 00032541 _____ C:\Users\Zach\Desktop\Addition.txt
2015-10-03 11:08 - 2015-10-09 15:47 - 00000000 ____D C:\FRST
2015-10-03 11:07 - 2015-10-09 15:47 - 02194944 _____ (Farbar) C:\Users\Zach\Desktop\FRST64.exe
2015-10-03 11:04 - 2015-10-03 11:31 - 00000000 ____D C:\Users\Zach\Desktop\All Files
2015-10-03 11:03 - 2015-10-03 11:07 - 02193408 _____ (Farbar) C:\Users\Zach\Downloads\FRST64.exe
2015-09-23 21:08 - 2015-09-02 22:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-23 21:08 - 2015-09-02 22:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-23 21:08 - 2015-09-02 14:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-23 21:08 - 2015-09-02 13:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-23 05:39 - 2015-08-22 14:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-23 05:39 - 2015-08-22 13:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-23 05:39 - 2015-08-22 13:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-23 05:39 - 2015-08-22 13:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-23 05:39 - 2015-08-22 13:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-23 05:39 - 2015-08-22 13:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-23 05:39 - 2015-08-22 12:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-23 05:39 - 2015-08-22 12:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-23 05:39 - 2015-08-22 12:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-23 05:39 - 2015-08-22 12:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-23 05:39 - 2015-08-22 12:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-23 05:39 - 2015-08-22 12:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-23 05:39 - 2015-08-22 12:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-23 05:39 - 2015-08-22 12:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-23 05:39 - 2015-08-22 12:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-23 05:39 - 2015-08-22 12:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-23 05:39 - 2015-08-22 12:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-23 05:39 - 2015-08-22 12:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-23 05:39 - 2015-08-22 12:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-23 05:39 - 2015-08-22 12:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-23 05:39 - 2015-08-22 12:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-23 05:39 - 2015-08-22 12:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-23 05:39 - 2015-08-22 12:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-23 05:39 - 2015-08-22 12:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-23 05:39 - 2015-08-22 12:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-23 05:39 - 2015-08-22 12:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-23 05:39 - 2015-08-22 12:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-23 05:39 - 2015-08-22 11:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-23 05:39 - 2015-08-22 11:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-21 19:45 - 2015-08-26 22:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-21 19:45 - 2015-08-26 14:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-21 19:45 - 2015-08-26 14:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-21 19:45 - 2015-08-26 14:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-21 19:45 - 2015-08-26 14:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-21 19:45 - 2015-08-26 10:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-21 19:45 - 2015-08-26 10:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-21 19:45 - 2015-08-26 10:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-21 19:45 - 2015-08-26 10:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-21 19:45 - 2015-08-26 10:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-21 19:45 - 2015-08-26 10:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-21 19:45 - 2015-08-26 10:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-21 19:45 - 2015-07-30 13:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-21 19:45 - 2015-07-30 12:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-21 19:39 - 2015-09-01 22:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-21 19:39 - 2015-09-01 22:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-21 19:39 - 2015-09-01 22:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-21 19:39 - 2015-09-01 22:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-21 19:39 - 2015-09-01 22:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-21 19:39 - 2015-07-22 10:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-21 19:39 - 2015-07-22 10:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-21 19:39 - 2015-07-22 10:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-21 19:39 - 2015-07-22 10:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-21 19:39 - 2015-07-18 14:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-21 19:39 - 2015-07-18 14:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-21 19:39 - 2015-07-18 14:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-21 19:39 - 2015-07-18 14:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-21 19:33 - 2015-08-03 17:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-21 19:33 - 2015-08-03 17:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-21 19:33 - 2015-08-01 10:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-21 19:33 - 2015-07-31 23:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-21 19:33 - 2015-07-31 23:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-21 19:33 - 2015-07-31 23:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-21 19:33 - 2015-07-31 23:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-21 19:33 - 2015-07-31 23:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-20 20:17 - 2015-07-22 10:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-20 20:17 - 2015-07-22 09:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-20 20:17 - 2015-07-17 10:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-20 20:17 - 2015-07-17 10:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-09-20 20:17 - 2015-07-13 23:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-09-20 20:17 - 2015-07-13 15:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-20 20:15 - 2015-07-09 12:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-09-20 20:15 - 2015-07-03 17:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-20 20:15 - 2015-07-03 10:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-20 20:15 - 2015-06-27 07:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-20 20:15 - 2015-06-19 13:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-09 15:47 - 2014-09-29 12:52 - 00000000 ____D C:\ProgramData\WRData
2015-10-09 15:44 - 2014-11-16 21:46 - 01724654 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-09 15:44 - 2014-02-20 20:15 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EFDE7583-B6A7-4BD4-8594-A33B4352A836}
2015-10-09 15:42 - 2014-02-23 10:07 - 00000000 __RDO C:\Users\Zach\SkyDrive
2015-10-09 15:42 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-09 15:41 - 2013-08-25 12:56 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-07 19:27 - 2013-08-25 12:56 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-07 07:03 - 2014-11-23 10:44 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-07 06:44 - 2013-08-24 14:25 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2188797451-4090431143-4288872003-1001
2015-10-06 19:49 - 2014-12-27 14:42 - 00004830 _____ C:\WINDOWS\setupact.log
2015-10-06 19:49 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-06 19:48 - 2014-11-23 11:33 - 00034414 _____ C:\WINDOWS\PFRO.log
2015-10-06 19:48 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-06 19:48 - 2012-01-06 13:21 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-10-06 19:37 - 2014-11-02 16:55 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-06 19:35 - 2014-11-03 19:48 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-06 19:28 - 2014-11-03 19:48 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-10-06 19:07 - 2015-04-19 18:03 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-10-05 20:24 - 2013-08-24 14:16 - 00000000 ____D C:\Users\Zach\AppData\Local\Packages
2015-10-05 19:59 - 2015-04-19 18:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-10-05 19:59 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-03 12:11 - 2015-04-20 20:43 - 00000352 _____ C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD RW Drive (E).lnk
2015-10-03 12:11 - 2014-12-27 15:13 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-03 12:11 - 2014-11-23 10:40 - 00002235 _____ C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Geek Squad Online Support.lnk
2015-10-03 12:11 - 2014-02-20 20:03 - 00001030 _____ C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-03 12:11 - 2014-02-18 13:42 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-03 12:11 - 2013-12-09 09:49 - 00002729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft MapPoint North America 2010.lnk
2015-10-03 12:11 - 2013-09-07 07:13 - 00000291 _____ C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Computer.lnk
2015-10-03 12:11 - 2013-07-29 06:59 - 00002389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Start.lnk
2015-10-03 12:11 - 2013-07-05 10:49 - 00001067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-10-03 12:11 - 2013-05-06 03:02 - 00002051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Registration.lnk
2015-10-03 12:11 - 2012-03-12 18:42 - 00001036 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-03 12:11 - 2012-02-02 08:24 - 00000940 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-10-03 12:11 - 2011-03-12 13:37 - 00001456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-10-03 12:11 - 2011-03-12 13:37 - 00001372 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2015-10-03 12:11 - 2011-03-12 13:37 - 00001303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2015-10-03 12:11 - 2011-03-12 13:36 - 00002484 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-10-03 12:10 - 2014-11-02 16:55 - 00001089 _____ C:\Users\Zach\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-03 12:10 - 2014-11-01 20:37 - 00002090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Google Chrome.lnk
2015-10-03 12:10 - 2014-11-01 20:37 - 00002090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Amazon.lnk
2015-10-03 12:10 - 2013-08-21 15:08 - 00000784 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Toribash.lnk
2015-10-03 12:10 - 2013-07-29 07:01 - 00002067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Toshiba Book Place.lnk
2015-10-03 12:10 - 2012-01-04 16:48 - 00001876 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2015-10-03 11:45 - 2014-11-02 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-03 11:45 - 2014-11-02 16:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-03 11:06 - 2014-02-18 13:38 - 00000000 ____D C:\Users\Zach
2015-10-03 10:42 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-10-02 18:52 - 2014-11-23 11:42 - 00000000 ____D C:\Users\Zach\AppData\Local\CrashDumps
2015-10-02 18:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-02 17:56 - 2014-11-01 20:38 - 00000000 ____D C:\Users\Zach\AppData\Local\Component
2015-10-01 07:09 - 2015-02-26 19:27 - 00043600 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2015-09-28 19:38 - 2013-08-25 12:56 - 00000000 ____D C:\Users\Zach\AppData\Local\Google
2015-09-25 09:47 - 2014-09-29 13:05 - 00169168 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2015-09-25 09:47 - 2014-09-29 13:05 - 00117728 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2015-09-25 09:47 - 2014-09-29 13:05 - 00106880 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2015-09-25 09:29 - 2013-11-14 03:28 - 00885456 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-25 09:25 - 2013-08-22 10:44 - 00502504 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-23 21:40 - 2013-11-14 03:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-23 21:40 - 2013-08-27 13:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-23 21:40 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-23 21:04 - 2013-11-19 18:16 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-23 06:03 - 2014-11-23 10:44 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-09-20 20:22 - 2013-08-25 12:56 - 00003896 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-20 20:22 - 2013-08-25 12:56 - 00003660 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-14 21:18 - 2013-08-22 11:38 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-14 21:18 - 2013-08-22 11:38 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

Some files in TEMP:
====================
C:\Users\Zach\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Zach\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-06 20:00

==================== End of FRST.txt ============================

zfessaras · Oct 9, 2015

addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-10-2015
Ran by Zach (2015-10-09 15:48:20)
Running from C:\Users\Zach\Desktop
Windows 8.1 (X64) (2014-02-21 00:03:13)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2188797451-4090431143-4288872003-500 - Administrator - Disabled)
Guest (S-1-5-21-2188797451-4090431143-4288872003-501 - Administrator - Disabled)
Zach (S-1-5-21-2188797451-4090431143-4288872003-1001 - Administrator - Enabled) => C:\Users\Zach
zach2 (S-1-5-21-2188797451-4090431143-4288872003-1002 - Limited - Enabled) => C:\Users\zach2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.7.1245.73473 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.7.1245.73473 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{A4B72B94-7745-4CA8-A4D6-D8AC2442451C}) (Version: 1.0.153 - Citrix)
DriverUpdate (HKLM-x32\...\{B6F57EFA-7F52-4349-B7C9-2E6AB01353B7}) (Version: 2.4.2 - SlimWare Utilities, Inc.)
DTS Studio Sound (HKLM-x32\...\{F8EB8FFC-C535-49A1-A84D-CC75CB2D6ADA}) (Version: 1.00.0071 - DTS, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.5.116.602 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
IDT Audio Driver (HKLM\...\{11424B27-C16B-4505-9667-82A10AD1B1DC}) (Version: 6.10.6472.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft MapPoint North America 2010 (HKLM-x32\...\{C82185E8-C27B-4EF4-2010-1111BC2C2B6D}) (Version: 17.0.18.2200 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2188797451-4090431143-4288872003-1001\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
myTV (HKLM-x32\...\{C54184D0-D281-4523-B357-0606209DB56C}) (Version: 3.4.2 - MyTV)
myTV (x32 Version: 3.4.1 - MyTV) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
QuickBooks (x32 Version: 24.0.4001.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4001.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
StreetEagle Professional (HKU\S-1-5-21-2188797451-4090431143-4288872003-1001\...\caefc45ecc4e725a) (Version: 1.0.0.230 - InsightUSA)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6630.6403 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.2.0000 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.342 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.6.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.7.63 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.4.7 - Webroot)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

20-09-2015 20:58:02 Windows Update
23-09-2015 20:26:18 Windows Modules Installer
02-10-2015 18:06:31 Windows Update
05-10-2015 19:59:21 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {024280AD-A110-478A-8DAA-B09A154343C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {366F3D58-4044-4BE6-9B1E-DD4C8FC215B8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {48918F3E-1FE2-4535-9455-4CB1CEAD6CE2} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {5BB67D78-8D77-475F-BBF3-0A61A3E7E552} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {6D4665DA-8295-4637-ACF4-E01B9B383355} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {87AD6541-E652-4105-A119-67D005998347} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-23] (Adobe Systems Incorporated)
Task: {947DAED0-DC6E-4667-8707-2FCDF9E52C75} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {95F755FB-D2C1-4704-85FB-4719123EE985} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {AC9869C6-0550-4C8B-A199-7A0C35849D84} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)
Task: {F647F9DB-E42D-40E5-9DB8-EAA96F9402D7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-09-11] (Microsoft Corporation)
Task: {FB37ECEC-392B-4DF2-97BD-4B775FD2701D} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2188797451-4090431143-4288872003-1001

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\hpwebreg_xxxxxxxxxx.job => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exeOC:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe

==================== Loaded Modules (Whitelisted) ==============

2014-03-24 22:51 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-16 05:36 - 2015-08-11 23:15 - 08900672 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-01 07:28 - 2015-09-23 22:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-10-01 07:28 - 2015-09-23 22:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2015-10-01 07:28 - 2015-09-23 22:34 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Zach\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2188797451-4090431143-4288872003-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: GFNEXSrv => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Norton PC Checkup Application Launcher => 2
MSCONFIG\Services: pcmaxservice => 2
MSCONFIG\startupreg: 1.TPUReg => "C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => "C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe"
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
MSCONFIG\startupreg: Persistence => "C:\WINDOWS\system32\igfxpers.exe"
MSCONFIG\startupreg: TCrdMain => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
MSCONFIG\startupreg: TecoResident => C:\Program Files\TOSHIBA\Teco\TecoResident.exe
MSCONFIG\startupreg: TODDMain => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: TSleepSrv => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
HKLM\...\StartupApproved\StartupFolder: => "Marketsplash Print Software.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "TSleepSrv"
HKLM\...\StartupApproved\Run32: => "1.TPUReg"
HKLM\...\StartupApproved\Run32: => "AmIcoSinglun64"
HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "BrowserSafeguard"
HKU\S-1-5-21-2188797451-4090431143-4288872003-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2188797451-4090431143-4288872003-1001\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-2188797451-4090431143-4288872003-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_B3BD8B133B2510FB696C20CDD4A51026"
HKU\S-1-5-21-2188797451-4090431143-4288872003-1001\...\StartupApproved\Run: => "OutfoxTV"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9E2B443F-96FB-4EED-A2C9-CFFC1A310FCC}] => (Allow) C:\Users\Zach\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{FF5626FA-CD50-4B0C-AC9F-EB2F35C46988}] => (Allow) C:\Program Files (x86)\myTV\myTV.exe
FirewallRules: [{334434CE-9137-4B43-A43F-F4B1D31CF5D0}] => (Allow) C:\Program Files (x86)\myTV\myTV.exe
FirewallRules: [{FD3A4C42-3EA4-47F2-9D9D-9537E2AC246B}] => (Allow) C:\Program Files (x86)\myTV\myTV.exe
FirewallRules: [{32F3E95B-72B9-47CA-AF1A-703684CC5C40}] => (Allow) C:\Program Files (x86)\myTV\myTV.exe
FirewallRules: [{425465F1-FE67-44DF-86F7-FF28C08DA131}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{FEA7BBE4-38AC-4E98-AB5F-41E2871DA735}C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_85b8c7b2cbc08817\streeteagle professional.exe] => (Allow) C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_85b8c7b2cbc08817\streeteagle professional.exe
FirewallRules: [UDP Query User{3F1ECC0C-F1DE-4F4C-A77E-DCEE048601A2}C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_85b8c7b2cbc08817\streeteagle professional.exe] => (Allow) C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_85b8c7b2cbc08817\streeteagle professional.exe
FirewallRules: [TCP Query User{5D8B794B-FA4D-4A86-A5FC-1028786CC2F2}C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_76f0ab5861ecae57\streeteagle professional.exe] => (Allow) C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_76f0ab5861ecae57\streeteagle professional.exe
FirewallRules: [UDP Query User{7D3878B2-6BED-433B-B445-8C2F15713EE0}C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_76f0ab5861ecae57\streeteagle professional.exe] => (Allow) C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_76f0ab5861ecae57\streeteagle professional.exe
FirewallRules: [{647E9DFA-D373-4C4A-BF52-D953B65907C7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F0D2BE9C-BFF2-4134-B2FF-826A8BD4D39B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6779A083-7E70-4715-9700-925C765FD3B1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AC20658D-D03A-48AB-90AB-3C8E4187ECFC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{654F06DC-6AB7-4FF8-A7C5-B89369BF0076}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{68C1BAD1-A7DE-450A-831B-FE0D586EC48D}C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_fcf7c9f8136c7997\streeteagle professional.exe] => (Allow) C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_fcf7c9f8136c7997\streeteagle professional.exe
FirewallRules: [UDP Query User{148FD3C3-D95D-47F6-BD01-96DCCC5CCC04}C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_fcf7c9f8136c7997\streeteagle professional.exe] => (Allow) C:\users\zach\appdata\local\apps\2.0\jvlypzm0.7ke\ran9begr.akr\stre..tion_0000000000000000_0001.0000_fcf7c9f8136c7997\streeteagle professional.exe
FirewallRules: [{57241E71-E5A4-442D-97E8-61BBDF6FCF78}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Dell 3333dn
Description: Dell 3333dn
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Dell
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/09/2015 03:44:21 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (10/09/2015 03:44:21 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (10/09/2015 03:40:55 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/07/2015 07:15:11 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (10/07/2015 07:15:11 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (10/07/2015 06:36:39 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (10/07/2015 06:36:39 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (10/06/2015 09:09:50 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (10/06/2015 09:09:50 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (10/06/2015 07:52:53 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

System errors:
=============
Error: (10/09/2015 03:41:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147500037

Error: (10/09/2015 03:41:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147500037

Error: (10/07/2015 07:12:54 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TONYTHEODOREPC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{92FA524C-C5CF-47E3-8186-86D1E642636B}.
The master browser is stopping or an election is being forced.

Error: (10/07/2015 07:12:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147500037

Error: (10/07/2015 07:12:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147500037

Error: (10/07/2015 07:11:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147500037

Error: (10/07/2015 07:11:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147500037

Error: (10/07/2015 06:33:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147500037

Error: (10/07/2015 06:33:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147500037

Error: (10/06/2015 09:06:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147500037

CodeIntegrity:
===================================
Date: 2013-09-09 22:00:48.238
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-04 22:29:44.699
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 17%
Total physical RAM: 16296.04 MB
Available physical RAM: 13417.12 MB
Total Virtual: 32680.04 MB
Available Virtual: 29712.23 MB

==================== Drives ================================

Drive c: (TI10667700F) (Fixed) (Total:919.8 GB) (Free:809.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Broni · Oct 9, 2015

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

zfessaras · Oct 10, 2015

So I attempted to run FRST, and it says it was updating, however after some time the window closed and I could no longer find it on my computer (deleted from desktop).

I re-downloaded it and followed the steps as you instructed.

Fix result of Farbar Recovery Scan Tool (x64) Version:10-10-2015
Ran by Zach (2015-10-10 11:48:36) Run:2
Running from C:\Users\Zach\Desktop
Loaded Profiles: Zach (Available Profiles: Zach & zach2)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2188797451-4090431143-4288872003-1001 -> DefaultScope {4E9E29FD-6F65-4274-B66D-6332B4A95C5A} URL =
SearchScopes: HKU\S-1-5-21-2188797451-4090431143-4288872003-1001 -> {4E9E29FD-6F65-4274-B66D-6332B4A95C5A} URL =
C:\Users\Zach\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Zach\AppData\Local\Temp\sqlite3.dll

*****************

"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-2188797451-4090431143-4288872003-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2188797451-4090431143-4288872003-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4E9E29FD-6F65-4274-B66D-6332B4A95C5A}" => key removed successfully
HKCR\CLSID\{4E9E29FD-6F65-4274-B66D-6332B4A95C5A} => key not found.
C:\Users\Zach\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Zach\AppData\Local\Temp\sqlite3.dll => moved successfully

==== End of Fixlog 11:48:37 ====

Broni · Oct 10, 2015

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

zfessaras · Oct 14, 2015

Apologies for the long wait, here is the security scan below.

Results of screen317's Security Check version 1.009
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Webroot SecureAnywhere
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 25
Java version 32-bit out of Date!
Adobe Flash Player 19.0.0.185
Mozilla Firefox 30.0 Firefox out of Date!
Google Chrome (45.0.2454.101)
Google Chrome (45.0.2454.99)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

zfessaras · Oct 14, 2015

FSS.txt

Farbar Service Scanner Version: 26-07-2015
Ran by Zach (administrator) on 14-10-2015 at 20:42:15
Running from "C:\Users\Zach\Desktop"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Broni · Oct 15, 2015

Sophos?

zfessaras · Oct 19, 2015

I am so very sorry for the long wait.

I was able to run all the scans except for the Sophos security scan, all because lately I have been unable to access the internet efficiently.

It has taken me 2 hours to load this website, and even more time to try to download Sophos. I have not used this computer at all over these past weeks except to get on this website in order to resolve the issue.

If it helps, on Google Chrome in particular, the internet program I use, is unbearably slow, and I get errors about the flash plugins.

Broni · Oct 19, 2015

Is Firefox as slow as Chrome?

Broni · Oct 24, 2015

Still with me?

Broni · Oct 29, 2015

This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.

Inactive-A Unresponsive computer

Posts: 12 +0

Posts: 12 +0

Posts: 56,041 +516

Posts: 12 +0

Posts: 56,041 +516

Attachments

Posts: 12 +0

Posts: 56,041 +516

Posts: 12 +0

Posts: 12 +0

Posts: 56,041 +516

Posts: 12 +0

Posts: 12 +0

Posts: 56,041 +516

Attachments

Posts: 12 +0

Posts: 56,041 +516

Posts: 12 +0

Posts: 12 +0

Posts: 56,041 +516

Posts: 12 +0

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 56,041 +516

Similar threads