In Progress Help! DoS Attacks, Admin Login Failures, WLAN access...

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

SydneyMarie1395

Sydney
Thread Starter
Joined
Mar 19, 2016
Messages
2
Okay, so this starts a few days ago when lighting hit the electric company's cords coming to my home. It destroyed a cable box, a tower, a monitor ,our modem, and our router. We've thankful got everything back up and running with an old laptop that was laying around. Unfortunately , i'm not very well versed in the router world. We bought a brand new NetGear router and it's lovely, however I found something called logs and now i'm terrified that I have some sort of Trojan running rampant on my computer. Please help.
Using:
Windows 8.1
Toshiba Satellite C55D-A
 

Attachments

dbreeze

David
Malware Specialist
Joined
Oct 5, 2014
Messages
431
Hi SydneyMarie1395,

Welcome to Tech Support Guy. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Tech Support Guy are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

    - Save ALL Tools to your Desktop-
    All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

    Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
    Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
    Choose Settings. at the bottom of the screen click the
    "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
    Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser.
    Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
    and the click the "Select Folder" button. Click OK to get out of the Options menu.
    Internet Explorer - Click the Tools menu in the upper right-corner of the browser.
    Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
Let's get started....

Tech Support Guy asks that you supply the scan from this post; the TSG SysInfo utility is available here ----> Everyone MUST read this BEFORE posting for help in this forum.

Next,

Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

Only one of these files will run on your system; that is the correct one. You can delete the other.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • Once the tool shows "The tool is ready to use." message, please press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 

SydneyMarie1395

Sydney
Thread Starter
Joined
Mar 19, 2016
Messages
2
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Jo (administrator) on LARSENHOME (20-03-2016 18:56:35)
Running from C:\Users\Sydney\Desktop
Loaded Profiles: Jo (Available Profiles: Jo & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Toshiba) C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7137664 2016-03-17] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [318_23557551817683] => C:\Users\Sydney\AppData\Local\LMIR0001.tmp_r.bat [360 2016-03-18] ()
HKLM\...\RunOnce: [318_23536001817683] => C:\Users\Sydney\AppData\Local\LMIR0002.tmp_r.bat [360 2016-03-18] ()
HKU\S-1-5-21-2601168658-3723079334-9058429-1001\...\MountPoints2: {ca03737b-6c3d-11e3-8254-806e6f6e6963} - "D:\Setup.exe"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-10] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-17] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B861535B-CBF9-4A86-B0CD-78905D5F3111}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F0D79DB1-0022-4D81-9F71-8924A154BE46}: [DhcpNameServer] 72.28.1.20 72.28.1.18 72.28.1.17

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2601168658-3723079334-9058429-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2601168658-3723079334-9058429-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2601168658-3723079334-9058429-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2601168658-3723079334-9058429-1001 -> DefaultScope {75130C6B-A9CC-453C-BA1F-AF6CFB19E370} URL =
SearchScopes: HKU\S-1-5-21-2601168658-3723079334-9058429-1001 -> {75130C6B-A9CC-453C-BA1F-AF6CFB19E370} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-17] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-10] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-17] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-17] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-10] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-17] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-25] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-10]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-10]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR StartupUrls: Profile 3 -> "hxxp://www.msn.com/"
CHR Profile: C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-19]
CHR Extension: (Google Slides) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-18]
CHR Extension: (Floorplanner) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag [2015-06-18]
CHR Extension: (Entanglement Web App) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-06-18]
CHR Extension: (Bejeweled) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2015-06-18]
CHR Extension: (Google Docs) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-18]
CHR Extension: (Google Drive) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Ribbet Photo Editor) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\bikpkcdadljalhghbbipfkkhocppkhob [2015-08-05]
CHR Extension: (YouTube) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Facebook) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-06-18]
CHR Extension: (Adblock Plus) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-24]
CHR Extension: (Mancala) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjlhjhpnhabnfepdfemepiilbjbkecpe [2015-06-18]
CHR Extension: (Adblock for Youtube™) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-10-25]
CHR Extension: (Google Search) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Stardoll) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkaepijclibocpmckgabmkoglbgmlk [2015-06-18]
CHR Extension: (Google+) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2015-06-18]
CHR Extension: (Google Calendar) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-17]
CHR Extension: (Avast SafePrice) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-11-01]
CHR Extension: (PanicButton) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2015-06-18]
CHR Extension: (Button for Pinterest™) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjhllmkehmdajjlkolhdjjlfcmmlpl [2015-11-20]
CHR Extension: (Google Sheets) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-18]
CHR Extension: (PicMonkey) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2015-06-18]
CHR Extension: (XKit) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2015-11-20]
CHR Extension: (Google Docs Offline) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Avast Online Security) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-10]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-11-02]
CHR Extension: (iPiccy Photo Editor) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2015-06-18]
CHR Extension: (Typing Test - KeyHero) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2015-06-18]
CHR Extension: (Grammarly Spell Checker & Grammar Checker) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2015-11-19]
CHR Extension: (Sketchpad 3.5) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkghjbajgkcialbbimbifdcjilhcgoim [2015-10-17]
CHR Extension: (Little Alchemy) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2015-06-18]
CHR Extension: (Odin) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfnmidjjkbkodpmmmppmmmlbddnandp [2015-06-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (AdBlock Pro) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-11-12]
CHR Extension: (My Chrome Theme) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-08-26]
CHR Extension: (Lookout) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeiefnfaafnkeiojgkpephegakjpplke [2015-06-18]
CHR Extension: (Gmail) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-18]
CHR Profile: C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-20]
CHR Extension: (Floorplanner) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\abopacaefhbognnmeigicfpgnmpideag [2015-11-20]
CHR Extension: (Bejeweled) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2015-11-20]
CHR Extension: (Google Docs) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-20]
CHR Extension: (Google Drive) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-20]
CHR Extension: (YouTube) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-20]
CHR Extension: (Facebook) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-11-20]
CHR Extension: (Adblock for Youtube™) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-11-20]
CHR Extension: (Google Search) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-20]
CHR Extension: (Stardoll) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dknkaepijclibocpmckgabmkoglbgmlk [2015-11-20]
CHR Extension: (Google+) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2015-11-20]
CHR Extension: (Google Calendar) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-11-20]
CHR Extension: (Avast SafePrice) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-11-20]
CHR Extension: (PanicButton) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2015-11-20]
CHR Extension: (Button for Pinterest™) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fbfjhllmkehmdajjlkolhdjjlfcmmlpl [2015-11-20]
CHR Extension: (Google Sheets) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-20]
CHR Extension: (PicMonkey) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2015-11-20]
CHR Extension: (Google Docs Offline) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Avast Online Security) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-20]
CHR Extension: (iPiccy Photo Editor) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2015-11-20]
CHR Extension: (Typing Test - KeyHero) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2015-11-20]
CHR Extension: (Little Alchemy) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2015-11-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-20]
CHR Extension: (AdBlock Pro) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-11-20]
CHR Extension: (My Chrome Theme) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-11-20]
CHR Extension: (Lookout) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oeiefnfaafnkeiojgkpephegakjpplke [2015-11-20]
CHR Extension: (Gmail) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-20]
CHR Profile: C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Profile: C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Docs) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-17]
CHR Extension: (Google Drive) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-17]
CHR Extension: (YouTube) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-17]
CHR Extension: (Google Search) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-17]
CHR Extension: (Avast SafePrice) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-03-17]
CHR Extension: (Google Sheets) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-10]
CHR Extension: (Google Docs Offline) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-10]
CHR Extension: (Cute Pixel Pastel Easter Egg Chrome Theme) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\moghnphckegpabpoaenlpppcdiglijdk [2016-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-10]
CHR Extension: (Gmail) - C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-17]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-08-30] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-10] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-02-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-10] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2946264 2013-10-18] (Realtek Semiconductor Corporation )
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2013-08-23] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-20 18:56 - 2016-03-20 18:57 - 00026528 _____ C:\Users\Sydney\Desktop\FRST.txt
2016-03-20 18:55 - 2016-03-20 18:56 - 00000000 ____D C:\FRST
2016-03-20 18:54 - 2016-03-20 18:54 - 02374144 _____ (Farbar) C:\Users\Sydney\Desktop\FRST64.exe
2016-03-20 18:54 - 2016-03-20 18:54 - 01725440 _____ (Farbar) C:\Users\Sydney\Desktop\FRST.exe
2016-03-18 23:47 - 2016-03-18 23:47 - 00000360 _____ C:\Users\Sydney\AppData\Local\LMIR0002.tmp_r.bat
2016-03-18 23:07 - 2016-03-18 23:07 - 00000360 _____ C:\Users\Sydney\AppData\Local\LMIR0001.tmp_r.bat
2016-03-18 22:58 - 2016-03-18 23:07 - 00000000 ____D C:\Program Files (x86)\LogMeIn Rescue RC - a921182a-60c6-4888-b01f-1b910c495de1
2016-03-18 22:58 - 2016-03-18 22:58 - 00000248 _____ C:\rescue.info
2016-03-18 22:57 - 2016-03-18 23:47 - 00000000 ____D C:\Users\Sydney\AppData\Local\LogMeIn Rescue Applet
2016-03-18 22:54 - 2016-03-18 22:54 - 00003580 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP DeskJet 3630 series
2016-03-18 22:54 - 2016-03-18 22:54 - 00002243 _____ C:\Users\Public\Desktop\HP DeskJet 3630 series.lnk
2016-03-18 22:54 - 2016-03-18 22:54 - 00001190 _____ C:\Users\Public\Desktop\Shop for Supplies - HP DeskJet 3630 series.lnk
2016-03-18 22:54 - 2016-03-18 22:54 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-03-18 22:54 - 2015-04-09 02:32 - 00803848 ____N (Hewlett-Packard Development Company, LP) C:\WINDOWS\system32\HPDiscoPME311.dll
2016-03-18 00:19 - 2016-03-08 03:00 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-18 00:19 - 2016-03-08 03:00 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-17 23:55 - 2016-02-08 14:14 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-03-17 23:55 - 2016-02-08 13:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-03-17 23:54 - 2016-02-08 17:05 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-17 23:54 - 2016-02-08 16:39 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-03-17 23:54 - 2016-02-08 16:34 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-17 23:54 - 2016-02-08 16:29 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-03-17 23:54 - 2016-02-08 16:28 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-03-17 23:54 - 2016-02-08 16:10 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-17 23:54 - 2016-02-08 16:07 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-03-17 23:54 - 2016-02-08 16:05 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-17 23:54 - 2016-02-08 16:03 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-03-17 23:54 - 2016-02-08 16:02 - 13012480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-17 23:54 - 2016-02-08 16:02 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-03-17 23:54 - 2016-02-08 16:01 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-03-17 23:54 - 2016-02-08 15:43 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-17 23:54 - 2016-02-08 15:39 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-17 23:54 - 2016-02-08 15:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-03-17 23:54 - 2016-02-08 14:27 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-17 23:54 - 2016-02-08 14:26 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-03-17 23:54 - 2016-02-08 14:16 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-17 23:54 - 2016-02-08 14:13 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-03-17 23:54 - 2016-02-08 13:42 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-03-17 23:54 - 2016-02-08 13:37 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-03-17 23:54 - 2016-02-08 13:34 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-03-17 23:54 - 2016-02-08 13:33 - 14613504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-17 23:54 - 2016-02-08 13:33 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-03-17 23:54 - 2016-02-08 13:19 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-17 23:54 - 2016-02-08 13:15 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-03-17 23:54 - 2016-02-08 13:07 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-17 23:54 - 2016-02-08 12:55 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-03-17 23:53 - 2016-02-05 15:07 - 00292696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-03-17 23:53 - 2016-02-05 15:07 - 00243032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-03-17 23:53 - 2016-02-05 11:03 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-17 23:53 - 2016-02-05 11:00 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-17 23:52 - 2016-02-05 10:59 - 07784960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-17 23:52 - 2016-02-05 10:55 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-17 23:52 - 2016-02-05 10:48 - 07075840 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-03-17 23:52 - 2016-02-05 10:47 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-03-17 05:49 - 2016-02-03 16:37 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-17 05:49 - 2016-02-03 16:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-17 05:49 - 2016-02-03 11:09 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-17 05:49 - 2016-02-03 11:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-17 05:49 - 2016-02-03 11:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-17 02:17 - 2016-02-04 14:18 - 04174336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-03-17 02:14 - 2016-02-04 14:18 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-17 02:14 - 2016-02-04 14:12 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-17 02:14 - 2016-02-04 13:44 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-17 02:14 - 2016-02-04 13:39 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-17 02:14 - 2016-02-04 13:24 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-17 02:14 - 2016-02-04 13:02 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-17 02:12 - 2016-02-06 14:08 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-17 02:11 - 2016-01-31 15:16 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-20 18:41 - 2013-12-23 22:37 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-19 20:41 - 2013-12-23 22:37 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-19 00:08 - 2015-04-25 11:10 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2601168658-3723079334-9058429-1001
2016-03-18 22:54 - 2015-07-05 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-03-18 22:54 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-03-18 22:53 - 2015-07-05 21:12 - 00000000 ____D C:\ProgramData\HP
2016-03-18 22:53 - 2015-07-05 21:12 - 00000000 ____D C:\Program Files\HP
2016-03-18 22:53 - 2015-07-05 21:12 - 00000000 ____D C:\Program Files (x86)\HP
2016-03-18 22:52 - 2015-07-05 21:10 - 00000000 ____D C:\Users\Sydney\AppData\Local\HP
2016-03-18 06:03 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2016-03-18 00:25 - 2013-11-05 03:48 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-18 00:18 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-18 00:17 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-03-18 00:00 - 2013-08-22 11:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-17 11:48 - 2015-06-18 18:37 - 00002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-17 11:48 - 2015-06-18 18:37 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-17 11:44 - 2013-12-23 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-03-17 10:48 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-17 10:45 - 2015-06-18 20:07 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-17 10:30 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-17 10:30 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-17 03:25 - 2015-06-20 21:01 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2016-03-17 03:25 - 2015-06-20 20:58 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2016-03-17 03:05 - 2015-06-20 21:01 - 00463744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2016-03-17 02:58 - 2015-06-20 21:02 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-03-17 02:20 - 2013-08-22 10:44 - 00482672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-19 05:46 - 2014-04-25 22:07 - 00000000 ____D C:\Users\Sydney\AppData\Local\Packages
2016-02-19 05:44 - 2015-06-24 23:38 - 00000000 ____D C:\Users\Sydney\AppData\Local\CrashDumps

==================== Files in the root of some directories =======

2016-03-18 23:07 - 2016-03-18 23:07 - 0000360 _____ () C:\Users\Sydney\AppData\Local\LMIR0001.tmp_r.bat
2016-03-18 23:47 - 2016-03-18 23:47 - 0000360 _____ () C:\Users\Sydney\AppData\Local\LMIR0002.tmp_r.bat
2015-07-05 21:11 - 2015-07-05 21:11 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-12-23 22:05 - 2013-12-23 22:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Sydney\AppData\Local\Temp\COMAP.EXE


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-17 02:56

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Jo (2016-03-20 18:58:50)
Running from C:\Users\Sydney\Desktop
Windows 8.1 (X64) (2015-04-25 14:43:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2601168658-3723079334-9058429-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2601168658-3723079334-9058429-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2601168658-3723079334-9058429-1003 - Limited - Enabled)
Jo (S-1-5-21-2601168658-3723079334-9058429-1001 - Administrator - Enabled) => C:\Users\Sydney

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.03) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B280788C-B671-E08D-4219-CE907B7BFF75}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3424.05 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Product Improvement Study (HKLM\...\{4B3264AA-951A-4A6B-B837-125224261F12}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP DeskJet 3630 series Basic Device Software (HKLM\...\{82088106-8F3E-4C76-A919-607CB9BA02AE}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
HP DeskJet 3630 series Help (HKLM-x32\...\{5F074370-FEB0-4477-820F-A59DF28A933E}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Product Improvement Study for HP DeskJet 3630 series (HKLM\...\{11AF0CB4-0708-4DDF-BB66-FC8CF90E3425}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.1.0.14 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04711360-C986-4FE6-BB18-1DFDB8884344} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-17] (AVAST Software)
Task: {1E87269B-4F25-4A90-BE2F-8AE0230361EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3DB69EC4-D55F-4D40-BBD0-26CB86F654A5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {4CD2DD1F-6FC3-4293-882F-192A14587B15} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-21] (Realtek Semiconductor)
Task: {5AE8FAC0-7A5E-4E80-9482-9D63A3468916} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {5D25C840-EE5A-4F5F-9035-0E2A8618E75B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5DFA541A-5460-4B2F-AECC-05B4F9697DB8} - System32\Tasks\HPCustParticipation HP DeskJet 3630 series => C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP)
Task: {841E9708-E4E5-444A-ABC3-E3E67E3D7734} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {89BEC733-D2AD-4CC7-BBB2-459B8CA48BA4} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {8DF99C0D-5542-429D-8CF6-4CEABC920C81} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-10] (AVAST Software)
Task: {A1FC49A1-4F71-4521-B115-C31B246B342C} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {BCA2C6E2-F4A0-467B-9C57-3A430C43378A} - System32\Tasks\SafeZone scheduled Autoupdate 1455156811 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {D58B4364-D83E-4846-ABAD-0E2A54DE1E00} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {E2598C22-037E-41EC-89BA-B51D714DE2C9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-17] (Microsoft Corporation)
Task: {E9F7CD05-EDA1-474E-82A6-0D2563469FD7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {EE040EE1-A54F-4456-A872-FCDB7871F307} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {F0D3157E-9FB8-4B98-AC33-7F22C9EB7D71} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {F62F3F72-6FFE-48A8-9911-4D551AEEA1EA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-08-30 23:47 - 2013-08-30 23:47 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2015-08-25 19:52 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-10 16:54 - 2013-09-10 16:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2015-10-28 16:50 - 2015-09-01 12:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-07-18 22:38 - 2012-07-18 22:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-08-22 03:19 - 2013-08-22 02:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd
2013-08-30 23:47 - 2013-08-30 23:47 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2016-02-10 21:49 - 2016-02-10 21:49 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-10 21:49 - 2016-02-10 21:49 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-17 18:32 - 2016-03-17 18:32 - 02856960 _____ () C:\Program Files\AVAST Software\Avast\defs\16031702\algo.dll
2016-02-10 21:49 - 2016-02-10 21:49 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-03-20 14:55 - 2016-03-20 14:55 - 02856960 _____ () C:\Program Files\AVAST Software\Avast\defs\16032001\algo.dll
2016-03-20 18:56 - 2016-03-20 18:56 - 02856960 _____ () C:\Program Files\AVAST Software\Avast\defs\16032002\algo.dll
2016-02-10 21:50 - 2016-02-10 21:50 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-03-19 02:06 - 2016-03-19 02:06 - 00098816 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\win32api.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00110080 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\pywintypes27.dll
2016-03-19 02:06 - 2016-03-19 02:06 - 00364544 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\pythoncom27.dll
2016-03-19 02:06 - 2016-03-19 02:06 - 00320512 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\win32com.shell.shell.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00776704 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\_hashlib.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 01176576 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\wx._core_.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00806400 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\wx._gdi_.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00816128 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\wx._windows_.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 01067008 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\wx._controls_.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00733184 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\wx._misc_.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00682496 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\pysqlite2._sqlite.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00088064 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\_ctypes.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00119808 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\win32file.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00108544 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\win32security.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00007168 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\hashobjs_ext.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00017920 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\thumbnails_ext.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00088064 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\usb_ext.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00167936 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\win32gui.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00018432 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\win32event.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00046080 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\_socket.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 01208320 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\_ssl.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00128512 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\_elementtree.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00127488 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\pyexpat.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00013824 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\common.time34.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00038912 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\win32inet.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00036864 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\_psutil_windows.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00525208 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\windows._lib_cacheinvalidation.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00011264 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\win32crypt.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00077312 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\wx._html2.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00027136 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\_multiprocessing.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00020480 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\_yappi.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00035840 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\win32process.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00686080 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\unicodedata.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00078848 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\wx._animate.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00123392 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\wx._wizard.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00024064 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\win32pipe.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00010240 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\select.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00025600 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\win32pdh.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00017408 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\win32profile.pyd
2016-03-19 02:06 - 2016-03-19 02:06 - 00022528 _____ () C:\Users\Sydney\AppData\Local\Temp\_MEI58442\win32ts.pyd
2015-10-28 16:50 - 2015-09-01 08:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2016-03-17 11:48 - 2016-03-07 22:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-17 11:48 - 2016-03-07 22:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll
2016-03-17 03:47 - 2016-03-08 13:16 - 17541312 _____ () C:\Users\Sydney\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.182\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2601168658-3723079334-9058429-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sydney\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2601168658-3723079334-9058429-1001\...\StartupApproved\Run: => "EADM"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C3AFBF92-A6D8-4D1D-9A9D-58DA5E75D822}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe
FirewallRules: [{3B3DB4C7-43E4-48CA-9F9E-572435453CE9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{64BAD3EA-1B70-448F-B6C3-D5DAC4AADBDA}] => (Allow) LPort=2869
FirewallRules: [{ACEC8BFB-BC90-40A5-81E5-133A55048D64}] => (Allow) LPort=1900
FirewallRules: [{F20C036D-3C2A-46E5-846F-263320BE5AAC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{7B822C2C-78D5-4B7A-B626-D0CEE28AFBC9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{ABD4F51C-361E-43E7-AEC1-C6C5E9AA63CF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{BE59FD77-2AF2-4505-9E68-E22EE0A5AD3F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B3F9DB3E-F3C6-4DD6-B3DD-6CF598C9FF11}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{C4B976D8-4B4C-4563-BF42-8A4CAF2EA405}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{959B52B2-42C0-4F50-AF5E-2B09159F64F8}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{6D471B43-39B1-4045-8BA6-C9278D40AC0C}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{C5A032DB-E8E2-4D4C-A304-F4F623105EB6}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{D30C4936-17D2-475A-9E43-2D478B65DB80}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DD10ED2D-E3DE-4D7D-93B7-9A135D99B31A}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\DeviceSetup.exe
FirewallRules: [{DDB035FD-55F7-4A46-BC13-BE22A3DA57C9}] => (Allow) LPort=5357
FirewallRules: [{3E7DEE1F-D254-4D52-B3CF-BA24C5B8A12C}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPNetworkCommunicatorCom.exe

==================== Restore Points =========================

17-03-2016 02:10:27 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2016 08:53:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fd8

Start Time: 01d182a6bf86b395

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: b71a1a89-ee9a-11e5-8290-008cfaa3c385

Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (03/20/2016 08:38:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1af8

Start Time: 01d182a4a71545eb

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: 9bbe69b8-ee98-11e5-8290-008cfaa3c385

Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (03/20/2016 08:23:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fe8

Start Time: 01d182a28eaaff70

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: 8324756d-ee96-11e5-8290-008cfaa3c385

Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (03/20/2016 03:33:27 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (03/19/2016 07:04:27 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (03/19/2016 03:44:31 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (03/18/2016 05:38:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 66c

Start Time: 01d180f92c257669

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: 20d823b5-eced-11e5-8290-008cfaa3c385

Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (03/18/2016 05:29:29 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (03/18/2016 12:22:18 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive.
Error Data:
(no response)
Stack Trace:
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (03/17/2016 10:26:31 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive.
Error Data:
(no response)
Stack Trace:
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)


System errors:
=============
Error: (03/20/2016 03:34:16 AM) (Source: DCOM) (EventID: 10010) (User: LARSENHOME)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/20/2016 03:33:46 AM) (Source: DCOM) (EventID: 10010) (User: LARSENHOME)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/19/2016 03:45:23 AM) (Source: DCOM) (EventID: 10010) (User: LARSENHOME)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/19/2016 03:44:53 AM) (Source: DCOM) (EventID: 10010) (User: LARSENHOME)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/18/2016 05:30:16 AM) (Source: DCOM) (EventID: 10010) (User: LARSENHOME)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/18/2016 05:29:46 AM) (Source: DCOM) (EventID: 10010) (User: LARSENHOME)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/17/2016 09:41:07 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (03/17/2016 06:07:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (03/17/2016 02:57:42 AM) (Source: DCOM) (EventID: 10010) (User: LARSENHOME)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/17/2016 02:57:12 AM) (Source: DCOM) (EventID: 10010) (User: LARSENHOME)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


==================== Memory info ===========================

Processor: AMD E2-3800 APU with Radeon(TM) HD Graphics
Percentage of memory in use: 55%
Total physical RAM: 3534.26 MB
Available physical RAM: 1569.38 MB
Total Virtual: 7246.26 MB
Available Virtual: 3880.59 MB

==================== Drives ================================

Drive c: (TI10684500B) (Fixed) (Total:456.21 GB) (Free:405.27 GB) NTFS
Drive d: (HP DJ3630) (CDROM) (Total:0.45 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 

dbreeze

David
Malware Specialist
Joined
Oct 5, 2014
Messages
431
I have checked your logs and they are clean; no malware present in the logs. As to the router log image and the DoS entries, those are nothing to be too concerned about. The DoS attack is originating from outside your home network and is being blocked (and logged) by your Router's firewall. If you notice that it is the same IP address attacking you for some time, then you may want to report that address to your ISP so they can block the IP address globally on the ISP's network. (Most likely in that case, you will not be the only one reporting it.)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top