Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-01-2015 01
Ran by Elisha (administrator) on ELISHA on 19-01-2015 22:41:24
Running from C:\Users\Elisha\Desktop
Loaded Profiles: Elisha (Available profiles: Elisha)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\userinit.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5792584 2014-04-21] (Dell Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-647248783-2239493058-3912521117-1002\...\MountPoints2: {59488375-8df7-11e4-8269-c038961c99a8} - "E:\VZW_Software_upgrade_assistant.exe"
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-647248783-2239493058-3912521117-1002 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-647248783-2239493058-3912521117-1002 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2014-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2015-01-19]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-03]
CHR Extension: (Google Docs) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-03]
CHR Extension: (Google Drive) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-03]
CHR Extension: (YouTube) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-03]
CHR Extension: (Google Search) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-03]
CHR Extension: (Google Sheets) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-03]
CHR Extension: (Hatsune Miku Theme9) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcapoelehikcajegemncolnibideepep [2014-12-03]
CHR Extension: (Google Wallet) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-03]
CHR Extension: (Gmail) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\Exts\Chrome.crx [2015-01-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-06-24] () [File not signed]
S2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-24] (Advanced Micro Devices, Inc.) [File not signed]
S2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows ® Win 7 DDK provider)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [203128 2014-12-12] (Dell Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
S2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
S2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424 2013-10-05] (Symantec Corporation)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
S2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S2 AODDriver4.3; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-03] (Qualcomm Atheros Communications, Inc.)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
S1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [591360 2014-08-27] (C-MEDIA)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-28] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-28] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20150119.001\IDSvia64.sys [668888 2015-01-14] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-19] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20150119.003\ENG64.SYS [129752 2014-12-28] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20150119.003\EX64.SYS [2137304 2014-12-28] (Symantec Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-04-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-04-26] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1506000.020\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-12-29] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 OATool; \??\C:\Users\ADMINI~1\AppData\Local\Temp\OAToolx64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-19 22:41 - 2015-01-19 22:42 - 00015067 _____ () C:\Users\Elisha\Desktop\FRST.txt
2015-01-19 19:57 - 2015-01-19 19:57 - 01115648 _____ (Farbar) C:\Users\Elisha\Downloads\frst.exe
2015-01-19 13:55 - 2015-01-19 13:55 - 00000000 ___RD () C:\Users\Elisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-01-17 19:01 - 2015-01-17 19:01 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Elisha\Downloads\tdsskiller.exe
2015-01-17 16:44 - 2015-01-17 16:44 - 00000000 ____D () C:\Users\Elisha\Desktop\mbar
2015-01-17 16:43 - 2015-01-17 16:43 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Elisha\Downloads\mbar-1.08.2.1001.exe
2015-01-14 17:55 - 2015-01-14 17:55 - 00000000 ____D () C:\Users\Elisha\AppData\Roaming\PCDr
2015-01-14 17:54 - 2015-01-14 17:54 - 00000000 ____D () C:\ProgramData\PCDr
2015-01-14 17:32 - 2015-01-15 18:28 - 00000000 ____D () C:\Users\Elisha\Downloads\FRST-OlderVersion
2015-01-14 00:12 - 2015-01-19 22:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 00:11 - 2015-01-19 19:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-14 00:11 - 2015-01-17 18:43 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 00:11 - 2015-01-14 00:11 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-14 00:11 - 2015-01-14 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-14 00:11 - 2015-01-14 00:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 00:11 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-14 00:11 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-14 00:08 - 2015-01-14 00:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Elisha\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-14 00:05 - 2015-01-14 00:05 - 00000813 _____ () C:\Users\Elisha\Desktop\JRT.txt
2015-01-13 23:57 - 2015-01-13 23:57 - 00000000 ____D () C:\Windows\ERUNT
2015-01-13 23:56 - 2015-01-13 23:57 - 01707939 _____ (Thisisu) C:\Users\Elisha\Downloads\JRT (2).exe
2015-01-13 23:55 - 2015-01-13 23:55 - 01707939 _____ (Thisisu) C:\Users\Elisha\Downloads\JRT.exe
2015-01-13 23:55 - 2015-01-13 23:55 - 01707939 _____ (Thisisu) C:\Users\Elisha\Downloads\JRT (1).exe
2015-01-13 23:44 - 2015-01-13 23:49 - 00000000 ____D () C:\AdwCleaner
2015-01-13 23:43 - 2015-01-13 23:43 - 02191360 _____ () C:\Users\Elisha\Downloads\AdwCleaner.exe
2015-01-13 22:24 - 2015-01-15 17:18 - 00000930 _____ () C:\Users\Elisha\Downloads\Addition.txt
2015-01-13 22:23 - 2015-01-15 17:14 - 00034755 _____ () C:\Users\Elisha\Downloads\FRST.txt
2015-01-13 22:21 - 2015-01-19 22:41 - 00000000 ____D () C:\FRST
2015-01-13 22:21 - 2015-01-14 17:32 - 02125312 _____ (Farbar) C:\Users\Elisha\Desktop\FRST64.exe
2015-01-13 19:55 - 2015-01-13 19:55 - 00000046 _____ () C:\Users\Elisha\AppData\Roaming\WB.CFG
2015-01-13 18:54 - 2015-01-13 18:54 - 00791840 _____ (%PROD_NAME%) C:\Users\Elisha\Downloads\microsoft_word (1).exe
2015-01-13 18:54 - 2015-01-13 18:54 - 00000000 ____D () C:\ProgramData\{2809C0CA-788B-114C-C90D-61CE198FB240}
2015-01-13 18:51 - 2015-01-13 18:51 - 00791840 _____ (%PROD_NAME%) C:\Users\Elisha\Downloads\microsoft_word.exe
2015-01-13 16:27 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 16:27 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 16:27 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-13 16:27 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 16:27 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-13 16:27 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-13 16:27 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-13 16:27 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-13 16:27 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-13 16:27 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-13 16:27 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-13 16:27 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-13 16:27 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-13 16:27 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:27 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-13 16:27 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-13 16:27 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-13 16:27 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-13 16:27 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-13 16:27 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-13 16:27 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-13 16:27 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-13 16:27 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-13 16:27 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-13 16:27 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-13 16:27 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-13 16:27 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-13 16:27 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-13 16:27 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-13 16:27 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-13 16:27 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-10 00:10 - 2015-01-10 00:10 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
2015-01-05 18:47 - 2015-01-05 18:47 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2014-12-29 13:01 - 2015-01-10 00:01 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-12-29 13:01 - 2015-01-10 00:01 - 00002419 _____ () C:\Users\Public\Desktop\Norton AntiVirus.lnk
2014-12-29 13:01 - 2015-01-01 01:43 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-12-29 13:01 - 2014-12-29 13:01 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-12-29 13:01 - 2014-12-29 13:01 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\ProgramData\NCOTEMP
2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
2014-12-29 12:59 - 2015-01-10 00:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
2014-12-29 12:59 - 2015-01-10 00:01 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64
2014-12-29 12:59 - 2014-12-29 13:02 - 00000000 ____D () C:\ProgramData\Norton
2014-12-29 12:59 - 2014-12-29 12:59 - 00000000 ____D () C:\Program Files (x86)\Norton AntiVirus
2014-12-29 12:57 - 2014-12-29 12:59 - 218966928 ____N (Symantec Corporation) C:\Users\Elisha\Downloads\NAV-TW-21.1.0-EN-US.exe
2014-12-28 21:47 - 2014-10-30 06:25 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-27 14:06 - 2014-12-27 14:06 - 00000000 ____D () C:\Users\Public\Documents\Verizon2.0_Log
2014-12-27 14:06 - 2014-12-27 14:06 - 00000000 ____D () C:\Users\Elisha\AppData\Roaming\VERIZON
2014-12-27 13:56 - 2014-12-27 13:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-12-22 19:37 - 2014-12-22 19:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-12-21 13:10 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-21 13:10 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-21 01:31 - 2014-12-21 01:33 - 04237884 _____ () C:\Users\Elisha\Downloads\Castle in the Air (9-12) (pdf,rtf,epub,lit,lrf,mobi,fb2,pdb).rar
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-19 22:40 - 2014-10-23 12:35 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-01-19 22:40 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 22:39 - 2014-12-03 20:50 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 22:39 - 2013-08-22 09:46 - 00024150 _____ () C:\Windows\setupact.log
2015-01-19 22:38 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-19 22:02 - 2014-10-23 12:33 - 01121247 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 22:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-19 21:55 - 2014-12-03 20:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 20:28 - 2014-11-28 20:22 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AF14F380-52D9-4DE2-823A-660D94AAEF7A}
2015-01-19 20:16 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2015-01-19 19:54 - 2014-12-03 20:23 - 00004970 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ELISHA-Elisha Elisha
2015-01-19 19:26 - 2014-10-23 12:43 - 00000000 ____D () C:\Program Files (x86)\Dell Update
2015-01-19 19:26 - 2014-10-23 12:43 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-01-19 13:55 - 2014-11-28 20:21 - 00000000 ____D () C:\Users\Elisha\OneDrive
2015-01-19 13:52 - 2014-11-28 20:19 - 00000000 ____D () C:\Users\Elisha
2015-01-18 19:27 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-18 00:10 - 2014-11-28 20:25 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-647248783-2239493058-3912521117-1002
2015-01-17 23:56 - 2014-11-28 20:21 - 00000000 ____D () C:\Users\Elisha\Documents\Bluetooth Folder
2015-01-17 16:51 - 2014-03-18 04:44 - 00021566 _____ () C:\Windows\PFRO.log
2015-01-17 16:43 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-17 13:43 - 2014-11-29 23:35 - 00000000 ____D () C:\Users\Elisha\AppData\Local\CrashDumps
2015-01-16 21:09 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-15 20:34 - 2014-03-18 04:53 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 17:18 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-14 21:18 - 2014-12-02 20:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:09 - 2014-12-02 20:48 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 00:42 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\DesktopTileResources
2015-01-13 23:42 - 2013-08-22 08:25 - 00000194 _____ () C:\Windows\win.ini
2015-01-13 19:34 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-01-13 19:25 - 2014-12-03 20:52 - 00002277 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-13 19:12 - 2014-12-07 21:16 - 00000000 ____D () C:\Users\Elisha\Documents\Outlook Files
2015-01-11 23:54 - 2014-12-01 15:41 - 00000000 ____D () C:\Users\Elisha\AppData\Roaming\Audacity
2015-01-09 15:51 - 2014-12-01 15:40 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-01-05 19:08 - 2014-12-10 17:05 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-05 19:08 - 2014-12-10 17:05 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-29 23:01 - 2014-11-30 15:52 - 00000000 ____D () C:\Users\Elisha\Downloads\website
2014-12-28 22:10 - 2014-10-23 12:45 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-27 17:28 - 2014-11-28 20:19 - 00000000 ____D () C:\Users\Elisha\AppData\Local\Packages
2014-12-23 19:08 - 2014-12-03 20:18 - 00000000 ____D () C:\Program Files\Microsoft Office 15
Some content of TEMP:
====================
C:\Users\Elisha\AppData\Local\Temp\Quarantine.exe
C:\Users\Elisha\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed