Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by Baker Family (administrator) on BAKERFAMILY-PC on 14-04-2015 17:39:41
Running from C:\Users\Baker Family\Desktop
Loaded Profiles: Baker Family (Available profiles: Baker Family)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SavUI.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [LifeChat] => C:\Program Files\Microsoft LifeChat\LifeChat.exe [371712 2009-09-24] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2013-03-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-08] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\...\Run: [Fatal1tySTU] => [X]
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1303872 2015-03-12] (Lavasoft)
BootExecute: autocheck autochk * bddel.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3966097637-85055233-1928392602-1000 -> DefaultScope {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL =
securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10140_CJ_150413&q={searchTerms}SearchScopes: HKU\S-1-5-21-3966097637-85055233-1928392602-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL =
securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10140_CJ_150413&q={searchTerms}BHO: NoeNoizeBrowse -> {d94c203a-367c-4f5f-b044-57734bbe56e0} -> C:\Program Files (x86)\NoeNoizeBrowse\AtEoOgGHndkreF.x64.dll [2015-04-12] ()
Toolbar: HKU\S-1-5-21-3966097637-85055233-1928392602-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [373864] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [373864] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [373864] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [373864] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [373864] (Lavasoft Limited)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\Baker Family\AppData\Roaming\Mozilla\Firefox\Profiles\lfena6n4.default
FF NewTab: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_CJ_150413
FF DefaultSearchEngine: Ad-Aware SecureSearch
FF SelectedSearchEngine: Ad-Aware SecureSearch
FF Homepage: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_CJ_150413
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-23] ()
FF Plugin-x32: @apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3966097637-85055233-1928392602-1000: @nsroblox.roblox.com/launcher -> C:\Users\Baker Family\AppData\Local\Roblox\Versions\version-d0c46c562fb34e08\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3966097637-85055233-1928392602-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Baker Family\AppData\Local\Roblox\Versions\version-d0c46c562fb34e08\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3966097637-85055233-1928392602-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Baker Family\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Baker Family\AppData\Roaming\Mozilla\Firefox\Profiles\lfena6n4.default\searchplugins\securesearch.xml [2015-04-14]
FF Extension: ActiveDeals - C:\Users\Baker Family\AppData\Roaming\Mozilla\Firefox\Profiles\lfena6n4.default\Extensions\xaluwexxjbplznbten@chvzpsoheekizf.edu [2015-04-12]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Baker Family\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Baker Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-07]
CHR Extension: (Tumblr Timestamps) - C:\Users\Baker Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\anllaofeeadeggfpiaicgkioibfbjepe [2015-03-29]
CHR Extension: (Google Docs) - C:\Users\Baker Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-07]
CHR Extension: (Google Drive) - C:\Users\Baker Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-07]
CHR Extension: (Huntsy) - C:\Users\Baker Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\beppnhcndodholdbcplojckpodgbgakb [2015-04-12]
CHR Extension: (YouTube) - C:\Users\Baker Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-07]
CHR Extension: (Google Cast) - C:\Users\Baker Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-03-24]
CHR Extension: (Google Search) - C:\Users\Baker Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-07]
CHR Extension: (Google Sheets) - C:\Users\Baker Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Baker Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-24]
CHR Extension: (Google Wallet) - C:\Users\Baker Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-07]
CHR Extension: (Gmail) - C:\Users\Baker Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-07]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ASRockIOMon; C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe [454656 2013-07-25] () [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-12-08] (EasyAntiCheat Ltd)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-11] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-20] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-03-12] (Lavasoft Limited)
S3 Origin Client Service; G:\Origin\OriginClientService.exe [1903472 2015-01-13] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-04-05] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2015-01-21] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2015-01-21] ()
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-03-12] ()
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [143928 2012-11-03] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe [2294112 2012-11-03] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe [334288 2012-11-03] (Symantec Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-12-08] (ASRock Incorporation)
S3 AsrHidFilter; C:\Windows\System32\DRIVERS\AsrHidFilter.sys [20232 2013-09-09] (ASRock Inc.)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2013-08-02] (ASRock Inc.)
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2015-01-06] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2015-01-06] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2015-01-06] (BitDefender)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2015-01-06] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2015-01-06] (BitDefender LLC)
S1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20150309.013\BHDrvx64.sys [1622744 2015-02-03] (Symantec Corporation)
R1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553}; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [168096 2012-11-03] (Symantec Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-02-04] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-12] (Symantec Corporation)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20150410.011\IDSvia64.sys [637656 2014-11-19] (Symantec Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20150413.001\ENG64.SYS [129752 2015-04-08] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20150413.001\EX64.SYS [2137304 2015-04-08] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSP64.SYS [776352 2012-11-03] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSPX64.SYS [37496 2012-11-03] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys [34352 2012-11-03] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [493216 2012-11-03] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [1133216 2012-11-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-12-06] (Symantec Corporation)
S1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [224416 2012-11-03] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [432800 2012-11-03] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [154904 2014-12-06] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [95616 2012-11-03] (Symantec Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-14 17:39 - 2015-04-14 17:39 - 00020078 _____ () C:\Users\Baker Family\Desktop\FRST.txt
2015-04-14 17:38 - 2015-04-14 17:39 - 02096640 _____ (Farbar) C:\Users\Baker Family\Desktop\FRST64.exe
2015-04-14 08:51 - 2015-04-14 08:51 - 00027624 _____ () C:\Windows\system32\bddel.exe
2015-04-14 08:51 - 2015-04-14 08:51 - 00002656 _____ () C:\Windows\system32\bddel.dat
2015-04-14 08:50 - 2015-04-14 08:50 - 00000000 ____D () C:\ProgramData\BitDefender
2015-04-14 08:33 - 2015-04-14 08:33 - 00000000 ____D () C:\Users\Baker Family\AppData\Local\Lavasoft
2015-04-14 08:32 - 2015-04-14 08:35 - 00002328 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-04-14 08:32 - 2015-04-14 08:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-04-14 08:32 - 2015-04-14 08:32 - 00000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2015-04-14 08:32 - 2015-01-06 12:47 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2015-04-14 08:32 - 2015-01-06 12:47 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2015-04-14 08:32 - 2015-01-06 12:47 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2015-04-14 08:32 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2015-04-14 08:32 - 2015-01-06 12:47 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2015-04-14 08:32 - 2015-01-06 12:47 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2015-04-14 08:32 - 2015-01-06 12:47 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2015-04-14 08:32 - 2015-01-06 12:37 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2015-04-14 08:31 - 2015-04-14 08:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-04-14 08:31 - 2015-04-14 08:31 - 00000000 ____D () C:\Program Files\Lavasoft
2015-04-14 08:30 - 2015-04-14 08:32 - 00000000 ____D () C:\Users\Baker Family\AppData\Roaming\Lavasoft
2015-04-14 08:30 - 2015-04-14 08:30 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-04-14 08:29 - 2015-04-14 08:32 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-04-13 18:29 - 2015-04-13 18:31 - 00000000 ____D () C:\AdwCleaner
2015-04-13 17:45 - 2015-04-14 17:39 - 00000000 ____D () C:\FRST
2015-04-12 16:27 - 2015-04-12 16:27 - 00000000 ____D () C:\ProgramData\{fb1548c2-4c88-cc9a-fb15-548c24c82309}
2015-04-12 13:59 - 2015-04-12 14:00 - 00000000 ____D () C:\Program Files (x86)\Huntsy
2015-04-12 13:59 - 2015-04-12 13:59 - 00000000 ____D () C:\ProgramData\{f33859b4-5312-bc5c-f338-859b453166d1}
2015-04-12 13:59 - 2015-04-12 13:59 - 00000000 ____D () C:\Program Files (x86)\NoeNoizeBrowse
2015-04-12 13:59 - 2015-04-12 13:59 - 00000000 ____D () C:\Program Files (x86)\ActiveDiscount
2015-04-11 15:06 - 2015-04-11 15:06 - 00001760 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-11 15:06 - 2015-04-11 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-11 15:06 - 2015-04-11 15:06 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-11 15:06 - 2015-04-11 15:06 - 00000000 ____D () C:\Program Files\iTunes
2015-04-11 15:06 - 2015-04-11 15:06 - 00000000 ____D () C:\Program Files\iPod
2015-04-11 15:06 - 2015-04-11 15:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-05 23:53 - 2015-04-05 23:53 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 23:53 - 2015-04-05 23:53 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 20:45 - 2015-04-12 13:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-01 11:26 - 2015-04-01 11:26 - 00003028 _____ () C:\Windows\System32\Tasks\LifeChatTask
2015-04-01 11:26 - 2015-04-01 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Headset
2015-04-01 11:26 - 2015-04-01 11:26 - 00000000 ____D () C:\Program Files\Microsoft LifeChat
2015-04-01 11:26 - 2015-04-01 11:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft LifeChat
2015-03-31 18:55 - 2015-03-31 18:55 - 00000000 ____D () C:\Users\Baker Family\AppData\Roaming\9624
2015-03-29 16:40 - 2015-04-04 14:49 - 00000000 ____D () C:\Users\Baker Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online
2015-03-29 16:40 - 2015-03-29 16:40 - 00000000 ____D () C:\Users\Baker Family\AppData\Roaming\Pokémon Trading Card Game Online
2015-03-29 12:25 - 2015-04-09 18:38 - 00000000 ____D () C:\Program Files (x86)\Tumblr Timestamps
2015-03-29 12:24 - 2015-04-14 08:51 - 00000000 ____D () C:\ProgramData\{1ea20c19-83c9-0d22-1ea2-20c1983c3066}
2015-03-29 12:24 - 2015-04-12 13:59 - 00000000 ____D () C:\ProgramData\13648378827604309891
2015-03-29 12:24 - 2015-03-29 12:24 - 00000000 ____D () C:\ProgramData\fddcpaokegjkcdfccmkfeecfpkfhkhcp
2015-03-25 19:15 - 2015-03-11 14:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 19:15 - 2015-03-11 14:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 19:15 - 2015-03-11 14:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 19:15 - 2015-03-11 14:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 19:15 - 2015-03-11 14:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 19:15 - 2015-03-11 14:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 19:15 - 2015-03-11 14:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 19:15 - 2015-03-11 14:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-14 14:52 - 2014-12-09 17:27 - 00011719 _____ () C:\Windows\SysWOW64\Gms.log
2015-04-14 14:52 - 2014-12-06 12:32 - 01986748 _____ () C:\Windows\WindowsUpdate.log
2015-04-14 14:02 - 2014-12-07 09:50 - 00003978 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F0E18AB5-A333-4278-AF42-90E243345E3F}
2015-04-14 09:22 - 2014-12-06 19:31 - 00000000 ____D () C:\ProgramData\Symantec
2015-04-14 08:49 - 2014-12-07 11:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-14 08:31 - 2009-07-14 14:51 - 00051168 _____ () C:\Windows\setupact.log
2015-04-14 08:29 - 2009-07-14 14:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-14 08:29 - 2009-07-14 14:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-14 08:28 - 2009-07-14 15:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-14 08:23 - 2015-01-03 06:38 - 00000000 ___RD () C:\Users\Baker Family\iCloudDrive
2015-04-14 08:23 - 2014-12-08 18:30 - 00003066 _____ () C:\Windows\System32\Tasks\AsrKM
2015-04-14 08:23 - 2014-12-08 18:30 - 00003010 _____ () C:\Windows\System32\Tasks\AsrSP.exe
2015-04-14 08:22 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-13 21:46 - 2015-02-17 09:46 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-04-13 18:31 - 2015-01-23 20:26 - 00002432 _____ () C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-5.job
2015-04-13 18:31 - 2014-12-06 15:28 - 00001193 _____ () C:\Users\Baker Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-13 18:31 - 2014-12-06 15:28 - 00001010 _____ () C:\Users\Baker Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-04-13 17:31 - 2014-12-08 18:16 - 00013593 _____ () C:\Windows\BRRBCOM.INI
2015-04-13 17:25 - 2015-01-23 20:26 - 00002432 _____ () C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-5_user.job
2015-04-13 17:25 - 2015-01-23 20:25 - 00005168 _____ () C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-7.job
2015-04-13 17:25 - 2015-01-23 20:25 - 00004144 _____ () C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-4.job
2015-04-13 17:25 - 2015-01-23 20:25 - 00003088 _____ () C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-1.job
2015-04-13 17:25 - 2015-01-23 20:25 - 00002098 _____ () C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-10_user.job
2015-04-13 17:25 - 2015-01-23 20:25 - 00002096 _____ () C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-2.job
2015-04-11 15:06 - 2014-12-29 14:40 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-10 17:35 - 2015-01-27 14:44 - 00001381 _____ () C:\Users\Baker Family\Desktop\ROBLOX Studio.lnk
2015-04-10 17:35 - 2015-01-27 14:44 - 00000000 ____D () C:\Users\Baker Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-04-10 17:24 - 2015-01-27 14:45 - 00001369 _____ () C:\Users\Baker Family\Desktop\ROBLOX Player.lnk
2015-04-07 07:35 - 2014-12-07 13:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-01 06:56 - 2009-07-14 15:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-31 19:11 - 2014-12-07 18:29 - 00000000 ____D () C:\Users\Baker Family\AppData\Roaming\DVDFab9
2015-03-31 18:58 - 2014-12-06 15:28 - 00000000 ____D () C:\Users\Baker Family\AppData\Local\VirtualStore
2015-03-31 06:57 - 2014-12-07 11:38 - 00000000 ____D () C:\Program Files\Google
2015-03-31 06:57 - 2014-12-07 11:38 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-31 06:57 - 2010-11-21 13:47 - 00027882 _____ () C:\Windows\PFRO.log
2015-03-30 21:28 - 2014-12-07 11:38 - 00000000 ____D () C:\Users\Baker Family\AppData\Local\Google
2015-03-30 21:28 - 2014-12-07 11:38 - 00000000 ____D () C:\ProgramData\Google
2015-03-26 06:20 - 2014-12-11 02:17 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 06:20 - 2014-12-07 12:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 07:39 - 2015-02-17 09:45 - 00000000 ____D () C:\Users\Baker Family\AppData\Roaming\TS3Client
2015-03-23 16:59 - 2014-12-07 11:37 - 00000000 ____D () C:\Users\Baker Family\AppData\Local\Adobe
2015-03-23 16:58 - 2014-12-07 11:38 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-23 16:58 - 2014-12-07 11:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-23 16:58 - 2014-12-07 11:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-21 07:03 - 2015-01-12 07:59 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
==================== Files in the root of some directories =======
2015-04-14 08:32 - 2015-04-14 08:32 - 0000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2014-12-06 19:21 - 2014-12-06 19:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Baker Family\AppData\Local\Temp\4460.exe
C:\Users\Baker Family\AppData\Local\Temp\c07bc887-a1d8-4edc-8e52-c94726c99716.exe
C:\Users\Baker Family\AppData\Local\Temp\F3C0.exe
C:\Users\Baker Family\AppData\Local\Temp\Quarantine.exe
C:\Users\Baker Family\AppData\Local\Temp\SpOrder.dll
C:\Users\Baker Family\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-04 15:22
==================== End Of Log ============================