fujymo

yes

Naat, Since turning this computer back on I have been hit several times with the bots Multi_CriminalClick_MugaVuga (seen 702 times) and Multi_CriminalClick_ClickThrough (seen 27 times) according to my ISP. Here is the log from Eset that I reran this evening. I ran it the same way you had me run it previously and I did not have Eset clean the machine. Thanks, Fujymo C:\Users\Kelsey\Documents\New folder (16)\Kelsey\Application Data\OpenCandy\OpenCandy_8BE687B727BB407E82AD8273F063C0A6\LatestDLMgr.exe a variant of Win32/OpenCandy.A potentially unsafe application C:\Users\Kelsey\Documents\New folder (16)\Kelsey\Application Data\Sun\Java\Deployment\cache\6.0\40\34584228-447fdf71 Java/Agent.AC trojan

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014 Ran by Kelsey at 2014-11-03 18:20:39 Running from C:\Users\Kelsey\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Security Suite (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) clear.fi SDK - MVP 2 (x32 Version: 2.0.1505 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.0.1502 - CyberLink Corp.) Hidden Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2108.00 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.5.2108.00 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated) Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent) Acer Instant Update Service (HKLM\...\{682EC6E8-A300-45FD-8F09-0F3A6EA334D6}) (Version: 1.00.3004 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 20.11.1107.1418 - Acer Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden Algebra 2 Teaching Textbook (HKLM-x32\...\Algebra 2 Teaching Textbook) (Version: - Teaching Textbooks Inc.) Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon) Any Video Converter 3.4.2 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.) AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.) Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 15.0.7.2 - Broadcom Corporation) Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation) Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.82.120 - Broadcom Corporation) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ‎Canon Inc.‬) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬) Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.00 - Canon Inc.) Canon MG6300 series On-screen Manual (HKLM-x32\...\Canon MG6300 series On-screen Manual) (Version: 7.5.0 - Canon Inc.) Canon MG6300 series User Registration (HKLM-x32\...\Canon MG6300 series User Registration) (Version: - Canon Inc.‎) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.) Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3004 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3004 - Acer Incorporated) Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation) Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc) Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.) Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.) Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation) Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.710 - Oracle) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Acer Inc.) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office XP Professional (HKLM-x32\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation) Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation) Microsoft Office XP Standard (HKLM-x32\...\{90120409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.) newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.9052 - ooVoo LLC.) Oovoo Toolbar (HKLM-x32\...\{4F564F32-5637-4300-76A7-A758B70C1200}) (Version: 12.18.0.3119 - APN, LLC) Oregon Trail® 5 (HKLM-x32\...\Oregon Trail® 5) (Version: - ) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden Preset Manager 2.0 (HKLM-x32\...\{FCFE3F81-C977-4D31-877B-2778BB2A02DE}) (Version: 2.0.114 - Sony) QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.) Saddle Up (HKLM-x32\...\{D33531F0-F0F0-4FA9-B3EC-88CB69F178D0}) (Version: 1.00.000 - ) Sculptris Alpha 6 (HKLM-x32\...\InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}) (Version: 0.6 - Pixologic) Sculptris Alpha 6 (x32 Version: 0.6 - Pixologic) Hidden Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) Sony Vegas Pro Pre-Cracked By Exµs 11.0 (HKLM-x32\...\Sony Vegas Pro Pre-Cracked By Exµs) (Version: 11.0 - TheMrExus) Spirit (remove only) (HKLM-x32\...\spirit-9.06) (Version: - ) Star Stable (HKLM-x32\...\{2B03B553-4983-4005-99C4-31DFC25B4BB9}) (Version: 1.00.0000 - Star Stable Entertainment AB) Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.41.5 - Synaptics Incorporated) Torch (HKCU\...\Torch) (Version: 2.0.0.1705 - Torch Media Inc.) <==== ATTENTION Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vegas Pro 12.0 (64-bit) (HKLM\...\{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}) (Version: 12.0.394 - Sony) Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated) WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2610 - Broadcom Corporation) WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WolfQuest (HKLM-x32\...\{9E6AD6CF-1EFF-43E4-86C4-5C00254C3D8E}) (Version: 2.5.1 - eduweb) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1872342984-4112894413-1070716142-1000_Classes\CLSID\{F9E1BD9A-84B5-4D12-9195-0B3E7D86FD35}\InprocServer32 -> C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\ddrawex.dll (Microsoft Corporation) ==================== Restore Points ========================= 31-10-2014 14:48:05 End of disinfection 31-10-2014 16:11:40 Windows Update 31-10-2014 16:15:15 Windows Update 01-11-2014 07:00:20 Windows Update 03-11-2014 21:28:13 Windows Modules Installer 03-11-2014 21:28:55 Windows Modules Installer 03-11-2014 21:29:28 Windows Modules Installer ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {3030FA2F-45C5-46D5-B505-A33032F8DFCB} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.) Task: {33D3F771-3083-4424-B0B4-55D25AC7F73F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000UA => C:\Users\Kelsey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-22] (Facebook Inc.) Task: {3C5D07A1-5A10-41D3-9975-075BB4F487CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-28] (Google Inc.) Task: {3CB1C6AB-8B75-4164-BD89-00C32D6724B3} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink) Task: {3D3E648A-FEB9-4427-AD86-6AB7A5025BFF} - System32\Tasks\{38D3D146-0693-4E13-8D09-82BAC2740842} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=12002 Task: {46136510-9678-4783-917A-739E3233C4BE} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {4BBC4444-881A-43A9-9371-771A59050A9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-28] (Google Inc.) Task: {6C480530-41CA-496D-8D3A-588B237C64C2} - System32\Tasks\{3D65047E-5053-4816-866D-E87256CFAE09} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=12002 Task: {6D4FAB21-5DD4-495C-BD84-EA0BCC688CBD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000Core => C:\Users\Kelsey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-22] (Facebook Inc.) Task: {6EB34418-0517-4B19-BF83-9F07FACDB029} - System32\Tasks\{89EDE0C0-5811-4347-A7F9-472F7EFD2382} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=12002 Task: {81E04DED-8673-4FDA-975A-33794614CD62} - System32\Tasks\{9A53F2BC-FE26-4617-9D39-939F8B5B5089} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=12002 Task: {867F38CC-D890-4D51-B6CD-2BE294D0D33C} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated) Task: {C7318021-867F-4F04-84ED-FC27DADF8491} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation) Task: {C9234B97-5AB5-4162-977F-96E0567133E2} - System32\Tasks\{90A55BAF-6154-492D-A20B-03FF4E2DC7AC} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=12002 Task: {D041E6F6-34C0-4EE8-AF47-33E0369E35E6} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {DB284CE3-3EFC-4EA8-8C07-134C8234E144} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.) Task: {F4E50B09-91D1-41A6-9F8B-6A802CCA1290} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-03] (Adobe Systems Incorporated) Task: {FF469E3F-8237-48DE-9407-08511F97861C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000Core.job => C:\Users\Kelsey\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000UA.job => C:\Users\Kelsey\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-01-21 18:45 - 2009-01-21 18:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll 2012-05-14 05:29 - 2012-03-26 19:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-04-06 22:29 - 2012-04-06 22:29 - 00040552 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe 2012-04-06 22:29 - 2012-04-06 22:29 - 00022120 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe 2012-01-05 16:22 - 2012-01-05 16:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2012-01-05 16:22 - 2012-01-05 16:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2012-01-05 16:22 - 2012-01-05 16:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll 2014-10-15 03:04 - 2014-10-15 03:04 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll 2012-04-02 23:54 - 2012-02-01 18:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2012-06-10 09:09 - 2012-02-07 20:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2014-10-29 09:40 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll 2014-10-29 09:40 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll 2014-10-29 09:40 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll 2014-10-29 09:40 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1872342984-4112894413-1070716142-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-1872342984-4112894413-1070716142-501 - Limited - Disabled) Kelsey (S-1-5-21-1872342984-4112894413-1070716142-1000 - Administrator - Enabled) => C:\Users\Kelsey ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/03/2014 06:12:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CNQMUPDT.EXE, version: 2.0.0.0, time stamp: 0x4f7a7000 Faulting module name: CNMDWLD.DLL, version: 1.0.0.0, time stamp: 0x4f5eedc8 Exception code: 0xc0000005 Fault offset: 0x000023c6 Faulting process id: 0x15ec Faulting application start time: 0xCNQMUPDT.EXE0 Faulting application path: CNQMUPDT.EXE1 Faulting module path: CNQMUPDT.EXE2 Report Id: CNQMUPDT.EXE3 Error: (11/03/2014 04:33:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/03/2014 04:27:12 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101). Error: (11/01/2014 06:15:22 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/31/2014 11:20:50 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/31/2014 09:55:48 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/31/2014 08:16:11 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/31/2014 06:30:56 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/31/2014 05:12:18 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/30/2014 03:29:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (11/03/2014 05:32:25 PM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (11/03/2014 05:32:24 PM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (11/03/2014 05:32:23 PM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (11/03/2014 05:32:22 PM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (11/03/2014 05:32:21 PM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (11/03/2014 05:32:20 PM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (11/03/2014 05:32:19 PM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (11/03/2014 05:27:17 PM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (11/03/2014 05:27:16 PM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (11/03/2014 05:27:14 PM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Microsoft Office Sessions: ========================= Error: (11/03/2014 06:12:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: CNQMUPDT.EXE2.0.0.04f7a7000CNMDWLD.DLL1.0.0.04f5eedc8c0000005000023c615ec01cff7bb8abadea9C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXEC:\Program Files (x86)\Canon\Quick Menu\CNMDWLD.DLLd0d53cd2-63ae-11e4-a260-b888e308cbd6 Error: (11/03/2014 04:33:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/03/2014 04:27:12 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101 Error: (11/01/2014 06:15:22 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (10/31/2014 11:20:50 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/31/2014 09:55:48 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/31/2014 08:16:11 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/31/2014 06:30:56 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (10/31/2014 05:12:18 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (10/30/2014 03:29:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel® Core i3-2370M CPU @ 2.40GHz Percentage of memory in use: 60% Total physical RAM: 3932.36 MB Available physical RAM: 1547.04 MB Total Pagefile: 7862.9 MB Available Pagefile: 5244.65 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:447.66 GB) (Free:245.91 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0D7A3097) Partition 1: (Not Active) - (Size=18 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=447.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================

Naat, Thanks for getting back to me. The other day after we finished everything appeared fine(logged in under Administrator). I logged off and later I turned the computer back on (logged in under my daughters profile) and the computer was very slow and was notified from my isp I had a bot issue. I had three computers on at the time and I ran the online eset scan on all three and this computer showed the opencandy and what appeared to be some malware with the name of java in it. It took about 6 hours to run eset and when I turned tried to get back on the computer locked up and needed a reboot. Also I checked the bots and was hit by three different bots with over 600 hits. Two were named Multi_criminalclick-clickThrough and Multi_criminalClick_muga vuga and I do not recall the third. I have had this computer turned off since that evening and have not had any other issues with bots. The other computers eset scan --one was clean and the other had one item a google.d toolbar that was removed with by eset. Also, Not sure if it will make a difference there are two different profiles on this computer --one the administrators and the other is my daughters. All previous scans were under the administrator and this one with farbar was logged in to my daughters. Hope this answers your questions. Thanks, Fujymo Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014 Ran by Kelsey (administrator) on KELSEY-PC on 03-11-2014 18:18:56 Running from C:\Users\Kelsey\Desktop Loaded Profile: Kelsey (Available profiles: Kelsey & Administrator) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Facebook Inc.) C:\Users\Kelsey\AppData\Local\Facebook\Update\FacebookUpdate.exe (ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\splwow64.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-13] (Synaptics Incorporated) HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7138816 2012-06-10] (Broadcom Corporation) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated) HKLM\...\Run: [instantUpdate] => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe [124520 2012-04-06] () HKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation) HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 HKLM-x32\...\Run: [ROC_ROC_JULY_P1] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.) HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-1872342984-4112894413-1070716142-1000\...\Run: [Messenger] => "C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe" HKU\S-1-5-21-1872342984-4112894413-1070716142-1000\...\Run: [Facebook Update] => C:\Users\Kelsey\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-22] (Facebook Inc.) HKU\S-1-5-21-1872342984-4112894413-1070716142-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload HKU\S-1-5-21-1872342984-4112894413-1070716142-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-1872342984-4112894413-1070716142-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run HKU\S-1-5-21-1872342984-4112894413-1070716142-1000\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36142656 2014-01-19] (ooVoo LLC) HKU\S-1-5-21-1872342984-4112894413-1070716142-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.) HKU\S-1-5-21-1872342984-4112894413-1070716142-1000\...\MountPoints2: G - G:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-1872342984-4112894413-1070716142-1000\...\MountPoints2: {078618d7-e99a-11e2-b5b0-b888e308cbd6} - G:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-1872342984-4112894413-1070716142-1000\...\MountPoints2: {2170e676-e9f9-11e1-95b8-b888e308cbd6} - F:\ToolLauncher-Bootstrap.exe HKU\S-1-5-21-1872342984-4112894413-1070716142-1000\...\MountPoints2: {589fb80a-7cfc-11e2-b932-b888e308cbd6} - E:\setup.exe -a HKU\S-1-5-21-1872342984-4112894413-1070716142-1000\...\MountPoints2: {5e1c8332-283d-11e4-a95e-b888e308cbd6} - F:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-1872342984-4112894413-1070716142-1000\...\MountPoints2: {c3b95f76-6c17-11e3-8c05-08edb9f5aed9} - E:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-1872342984-4112894413-1070716142-1000\...\MountPoints2: {c3b95fc2-6c17-11e3-8c05-b888e308cbd6} - E:\setup.exe -a HKU\S-1-5-21-1872342984-4112894413-1070716142-1000\...\MountPoints2: {d878b479-3e79-11e3-a96e-b888e308cbd6} - G:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-18\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect" Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Startup: C:\Users\Kelsey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK ShortcutTarget: Registration .LNK -> D:\Register\RegistrationReminder.exe (No File) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com URLSearchHook: HKCU - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www2.mystart.com/results.php?pr=vmn&id=yolobartb&v=1_0&ent=ch&q={searchTerms} SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www2.mystart.com/results.php?pr=vmn&id=yolobartb&v=1_0&ent=ch&q={searchTerms} SearchScopes: HKCU - {81427802-CA95-41E2-B8AC-C24A4C85AD2D} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=5A950643-60D3-4866-BCBA-39A6C5E78623&apn_sauid=2FF921A5-86C5-48F1-A57C-6F616E1B1A3F SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=435&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9619834563404068&q={searchTerms} BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Kelsey\AppData\Roaming\Mozilla\Firefox\Profiles\y2zbk1kq.default FF Homepage: https://www.google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kelsey\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kelsey\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Users\Kelsey\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation) FF Extension: Star Stable Online - C:\Users\Kelsey\AppData\Roaming\Mozilla\Firefox\Profiles\y2zbk1kq.default\Extensions\plugin@starstable.com [2013-08-11] FF Extension: Oovoo Toolbar - C:\Users\Kelsey\AppData\Roaming\Mozilla\Firefox\Profiles\y2zbk1kq.default\Extensions\toolbar_OVO2V7C@apn.ask.com.xpi [2014-02-24] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-10-31] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-11-03] Chrome: ======= CHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN19057378936681136&ctid=CT3289075&SearchSource=48&UP=SPE09339B4-BA0E-4C3A-AEF0-CFFF4AE10D94&SSPV=" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll () CHR Plugin: (Norton Confidential) - C:\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll No File CHR Plugin: (Star Stable Online) - C:\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnlmdkpemkkigkgelegknllpmfclakkk\1.0.0.4_0\npstudioruntime.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Unity Player) - C:\Users\Kelsey\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Profile: C:\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-27] CHR Extension: (Norton Identity Safe) - C:\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-19] CHR Extension: (Google Wallet) - C:\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-28] CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Kelsey\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation) R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5824512 2012-06-10] (Broadcom Corporation) [File not signed] S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-03-21] (Broadcom Corporation.) R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-03] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-10-03] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141101.001\IDSvia64.sys [633560 2014-08-27] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-01] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141103.003\ENG64.SYS [129752 2014-10-03] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141103.003\EX64.SYS [2137304 2014-10-03] (Symantec Corporation) R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-02-13] (Synaptics Incorporated) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation) S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-27] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-03 18:18 - 2014-11-03 18:19 - 00028672 _____ () C:\Users\Kelsey\Desktop\FRST.txt 2014-11-03 18:18 - 2014-11-03 18:18 - 02114560 _____ (Farbar) C:\Users\Kelsey\Desktop\FRST64.exe 2014-11-03 18:09 - 2014-11-03 18:09 - 00055469 _____ () C:\Users\Kelsey\FRST.txt 2014-11-03 18:08 - 2014-11-03 18:09 - 00035266 _____ () C:\Users\Kelsey\Addition.txt 2014-11-03 18:07 - 2014-11-03 18:08 - 00035266 _____ () C:\Users\Administrator\Downloads\Addition.txt 2014-11-03 18:05 - 2014-11-03 18:08 - 00055469 _____ () C:\Users\Administrator\Downloads\FRST.txt 2014-11-03 18:04 - 2014-11-03 18:19 - 00000000 ____D () C:\FRST 2014-11-03 18:04 - 2014-11-03 18:04 - 02114560 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe 2014-11-01 04:03 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-11-01 04:03 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-31 23:14 - 2014-10-31 23:14 - 00000000 __SHD () C:\Users\Kelsey\AppData\Local\EmieUserList 2014-10-31 23:14 - 2014-10-31 23:14 - 00000000 __SHD () C:\Users\Kelsey\AppData\Local\EmieSiteList 2014-10-31 11:16 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-10-31 11:16 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-10-31 11:16 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-10-31 11:16 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-10-31 11:16 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-10-31 11:16 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-10-31 11:16 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-10-31 11:16 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-10-31 11:16 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2014-10-31 11:16 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2014-10-31 11:16 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-10-31 11:16 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-10-31 11:16 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-10-31 11:16 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-31 11:16 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2014-10-31 11:16 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-31 09:45 - 2014-10-31 09:49 - 00001522 _____ () C:\DelFix.txt 2014-10-31 09:37 - 2014-10-31 09:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-29 09:09 - 2014-10-29 09:10 - 01150232 _____ () C:\Windows\Minidump\102914-70138-01.dmp 2014-10-21 12:26 - 2014-11-03 18:11 - 00000000 ___HD () C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A} 2014-10-21 10:26 - 2014-10-21 10:26 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple 2014-10-20 16:27 - 2014-10-31 09:45 - 00000000 ____D () C:\AdwCleaner 2014-10-20 13:10 - 2014-10-20 13:10 - 00000000 ____D () C:\Windows\ERUNT 2014-10-19 20:37 - 2014-10-19 20:37 - 00891976 _____ () C:\Windows\Minidump\101914-34866-01.dmp 2014-10-19 09:46 - 2014-10-19 09:46 - 01097688 _____ () C:\Windows\Minidump\101914-43820-01.dmp 2014-10-15 22:18 - 2014-11-01 02:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-15 22:17 - 2014-10-18 06:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-15 22:17 - 2014-10-18 06:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-15 22:17 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-15 22:17 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-15 22:11 - 2014-10-15 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-15 22:11 - 2014-09-26 17:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-15 22:11 - 2014-09-26 17:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-15 22:11 - 2014-09-26 17:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-15 22:11 - 2014-09-26 17:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-15 22:10 - 2014-10-15 22:11 - 00004685 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log 2014-10-15 22:10 - 2014-10-15 22:10 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList 2014-10-15 22:10 - 2014-10-15 22:10 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList 2014-10-15 17:32 - 2014-10-15 17:32 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite 2014-10-15 00:51 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-15 00:50 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2014-10-15 00:50 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2014-10-15 00:50 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-10-15 00:50 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2014-10-15 00:50 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2014-10-15 00:50 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2014-10-15 00:50 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2014-10-15 00:50 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2014-10-15 00:50 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2014-10-15 00:50 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2014-10-15 00:50 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2014-10-15 00:50 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2014-10-15 00:50 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2014-10-15 00:50 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-10-15 00:50 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-10-15 00:50 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-10-15 00:50 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-10-15 00:50 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-10-15 00:50 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-10-15 00:50 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-10-15 00:50 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-10-15 00:50 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-10-15 00:50 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-10-15 00:50 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-10-15 00:50 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-10-15 00:50 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-10-15 00:50 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2014-10-15 00:50 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-10-15 00:50 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-10-15 00:50 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-10-15 00:50 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2014-10-15 00:50 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2014-10-15 00:50 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2014-10-15 00:50 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-10-15 00:50 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-10-15 00:50 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-10-15 00:50 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2014-10-15 00:50 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-10-15 00:50 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-10-15 00:50 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2014-10-15 00:50 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-10-15 00:50 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2014-10-15 00:50 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2014-10-15 00:50 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2014-10-15 00:50 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2014-10-15 00:50 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2014-10-15 00:50 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2014-10-15 00:50 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-10-15 00:50 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2014-10-15 00:50 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-10-15 00:50 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2014-10-15 00:50 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2014-10-15 00:50 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-10-15 00:50 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-10-15 00:50 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-10-15 00:50 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-10-15 00:50 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2014-10-15 00:50 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2014-10-15 00:50 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2014-10-15 00:50 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2014-10-15 00:50 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-10-15 00:50 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-10-15 00:50 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-10-15 00:50 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-10-15 00:50 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-10-15 00:50 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-10-15 00:50 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-10-15 00:50 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2014-10-15 00:50 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2014-10-15 00:50 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-15 00:50 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-15 00:50 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-15 00:50 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-15 00:50 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-15 00:50 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-15 00:49 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-15 00:49 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-15 00:49 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-15 00:49 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-15 00:49 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-15 00:49 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-15 00:49 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-15 00:49 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-15 00:49 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-15 00:49 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-15 00:49 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-15 00:49 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-15 00:49 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-15 00:49 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-15 00:49 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-15 00:49 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-15 00:49 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-15 00:49 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-15 00:49 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-15 00:49 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-15 00:49 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-15 00:49 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-15 00:49 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-15 00:49 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-15 00:49 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-15 00:49 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-15 00:49 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-15 00:49 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-15 00:49 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-15 00:49 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-15 00:49 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-15 00:49 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-15 00:49 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-15 00:49 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-15 00:49 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-15 00:49 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-15 00:49 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-15 00:49 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-15 00:49 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-15 00:49 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-15 00:49 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-15 00:49 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-15 00:49 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-15 00:49 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-15 00:49 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-15 00:49 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-15 00:49 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-15 00:49 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-15 00:49 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-15 00:49 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-15 00:49 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-15 00:49 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-15 00:49 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-15 00:49 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-15 00:49 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-15 00:49 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-15 00:49 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-15 00:49 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-15 00:49 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-15 00:49 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-15 00:49 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-15 00:49 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-15 00:49 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-15 00:48 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-15 00:48 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-15 00:48 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-15 00:48 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-15 00:48 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-15 00:48 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-15 00:48 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-15 00:48 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-15 00:48 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-15 00:48 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-15 00:48 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-15 00:48 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-15 00:48 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-07 19:22 - 2014-10-07 20:50 - 86934059 _____ () C:\Users\Kelsey\Documents\How lobg will I love you.wmv 2014-10-05 21:17 - 2014-10-05 21:17 - 00040464 _____ () C:\Users\Kelsey\Documents\oh death.veg ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-03 18:14 - 2012-08-13 20:18 - 00000000 ____D () C:\Users\Kelsey\AppData\Local\Adobe 2014-11-03 18:14 - 2012-08-11 17:40 - 00000000 ____D () C:\Users\Kelsey 2014-11-03 18:14 - 2012-06-10 08:57 - 01155053 _____ () C:\Windows\WindowsUpdate.log 2014-11-03 18:14 - 2012-04-03 00:16 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-03 18:13 - 2012-04-03 00:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-03 18:13 - 2012-04-03 00:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-03 18:13 - 2012-04-03 00:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-03 18:12 - 2012-08-26 15:50 - 00000000 ____D () C:\Users\Kelsey\AppData\Local\CrashDumps 2014-11-03 18:11 - 2012-11-28 12:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-03 17:38 - 2012-11-28 12:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-03 17:01 - 2013-02-22 22:49 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000UA.job 2014-11-03 16:45 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-03 16:45 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-03 16:37 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-03 16:32 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-03 16:32 - 2009-07-13 23:51 - 00146085 _____ () C:\Windows\setupact.log 2014-11-03 08:34 - 2013-02-22 22:49 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000Core.job 2014-11-03 08:33 - 2012-08-27 18:30 - 00000000 ____D () C:\Users\Kelsey\AppData\Roaming\Skype 2014-10-31 11:19 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-31 09:54 - 2012-08-11 19:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-31 09:54 - 2010-11-20 22:47 - 00736778 _____ () C:\Windows\PFRO.log 2014-10-29 09:40 - 2012-11-28 12:01 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-29 09:09 - 2013-03-14 17:02 - 00000000 ____D () C:\Windows\Minidump 2014-10-29 09:09 - 2013-03-14 16:51 - 466080250 _____ () C:\Windows\MEMORY.DMP 2014-10-28 18:06 - 2013-12-02 20:21 - 00000000 ____D () C:\ProgramData\Samsung 2014-10-28 18:06 - 2012-04-02 23:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-10-27 08:24 - 2012-11-11 11:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps 2014-10-25 03:10 - 2014-02-07 20:19 - 00000000 ____D () C:\Program Files (x86)\ooVoo 2014-10-24 18:15 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-10-23 11:21 - 2013-01-14 20:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-10-21 19:34 - 2012-11-28 12:01 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-21 19:33 - 2012-11-28 12:01 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-20 16:31 - 2013-03-11 21:23 - 00000000 ____D () C:\Users\Kelsey\AppData\Local\CRE 2014-10-18 06:32 - 2013-01-22 21:51 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-15 22:31 - 2012-11-08 20:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla 2014-10-15 22:18 - 2012-08-16 20:32 - 00000000 ____D () C:\ProgramData\HP 2014-10-15 22:17 - 2013-01-22 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-15 22:12 - 2014-02-06 22:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-15 22:11 - 2012-08-12 16:24 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-15 22:03 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-10-15 17:30 - 2014-01-31 10:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite 2014-10-15 17:30 - 2014-01-27 16:47 - 00002444 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk 2014-10-15 17:30 - 2012-08-11 17:56 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-10-15 17:30 - 2012-08-11 17:56 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64 2014-10-15 03:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2014-10-15 02:51 - 2009-07-13 23:45 - 00282368 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-15 02:47 - 2014-05-08 12:02 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-15 02:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-10-15 02:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-10-15 02:12 - 2013-08-14 12:48 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-15 02:01 - 2013-02-06 23:02 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-05 21:21 - 2014-03-14 18:34 - 00076024 _____ () C:\Users\Kelsey\Documents\pippin.veg.bak 2014-10-05 21:21 - 2014-03-14 18:34 - 00076024 _____ () C:\Users\Kelsey\Documents\pippin.veg 2014-10-04 21:51 - 2014-08-24 17:36 - 00000000 ____D () C:\Users\Kelsey\Documents\pro rodeo ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-29 10:39 ==================== End Of Log ============================

Thanks for the help!!! And I have bought you a beer, Enjoy

Naat, I updated firefox and when I updated JAVA it said I already had the latest version. Attaches is the log on Delfix. Thanks, Fujymo # DelFix v10.8 - Logfile created 31/10/2014 at 10:45:31 # Updated 29/07/2014 by Xplode # Username : Administrator - KELSEY-PC # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\zoek_backup Deleted : C:\AdwCleaner Deleted : C:\Users\Administrator\Desktop\FRST-OlderVersion Deleted : C:\zoek-results.log Deleted : C:\zoek-results2014-10-21-170844.log Deleted : C:\Users\Administrator\Desktop\AdwCleaner[s0].txt Deleted : C:\Users\Administrator\Desktop\Fixlog.txt Deleted : C:\Users\Administrator\Desktop\FRST64.exe Deleted : C:\Users\Administrator\Desktop\JRT (1).exe Deleted : C:\Users\Administrator\Desktop\JRT.txt Deleted : C:\Users\Administrator\Desktop\JRT1.txt Deleted : C:\Users\Administrator\Desktop\JRT_NEW.exe Deleted : C:\Users\Administrator\Desktop\log.txt Deleted : C:\Users\Administrator\Desktop\SecurityCheck.exe Deleted : C:\Users\Administrator\Desktop\zoek-results.txt Deleted : C:\Users\Administrator\Downloads\adwcleaner_4.002.exe Deleted : C:\Users\Administrator\Downloads\JRT.exe Deleted : HKLM\SOFTWARE\AdwCleaner ~ Cleaning system restore ... Deleted : RP #602 [zoek.exe restore point | 10/29/2014 21:46:24] Deleted : RP #603 [Windows Update | 10/30/2014 12:29:15] Deleted : RP #604 [Windows Update | 10/31/2014 07:00:50] Deleted : RP #605 [Windows Update | 10/31/2014 14:43:31] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########

Naat, Here are the logs you requested. Thanks for the help. Fujymo Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014 01 Ran by Administrator at 2014-10-31 09:11:42 Run:1 Running from C:\Users\Administrator\Desktop Loaded Profile: Administrator (Available profiles: Kelsey & Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CloseProcesses: C:\Users\Kelsey\Documents\New folder (16)\My Documents\Downloads\video_downloader.exe C:\Users\Kelsey\Documents\New folder (16)\My Documents\Downloads\GraboidVideoSetup-2.4-Complete.exe C:\Users\Kelsey\Documents\New folder (16)\My Documents\Downloads\avc-free.exe C:\Users\Kelsey\Documents\New folder (16)\Kelsey\Local Settings\Application Data\OpenCandy AlternateDataStreams: C:\ProgramData\Temp:888AFB86 AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 EmptyTemp: end ***************** Processes closed successfully. C:\Users\Kelsey\Documents\New folder (16)\My Documents\Downloads\video_downloader.exe => Moved successfully. C:\Users\Kelsey\Documents\New folder (16)\My Documents\Downloads\GraboidVideoSetup-2.4-Complete.exe => Moved successfully. C:\Users\Kelsey\Documents\New folder (16)\My Documents\Downloads\avc-free.exe => Moved successfully. C:\Users\Kelsey\Documents\New folder (16)\Kelsey\Local Settings\Application Data\OpenCandy => Moved successfully. C:\ProgramData\Temp => ":888AFB86" ADS removed successfully. C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully. EmptyTemp: => Removed 993.2 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== Results of screen317's Security Check version 0.99.89 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Security Suite WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` JavaFX 2.1.1 Java 7 Update 71 Java version out of Date! Adobe Flash Player 15.0.0.152 Adobe Reader XI Mozilla Firefox 32.0.3 Firefox out of Date! Google Chrome 38.0.2125.104 Google Chrome 38.0.2125.111 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamscheduler.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4% ````````````````````End of Log``````````````````````

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014 01 Ran by Administrator at 2014-10-31 07:32:52 Running from C:\Users\Administrator\Desktop\malware Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) clear.fi SDK - MVP 2 (x32 Version: 2.0.1505 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.0.1502 - CyberLink Corp.) Hidden Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2108.00 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.5.2108.00 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated) Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent) Acer Instant Update Service (HKLM\...\{682EC6E8-A300-45FD-8F09-0F3A6EA334D6}) (Version: 1.00.3004 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 20.11.1107.1418 - Acer Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden Algebra 2 Teaching Textbook (HKLM-x32\...\Algebra 2 Teaching Textbook) (Version: - Teaching Textbooks Inc.) Any Video Converter 3.4.2 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.) AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.) Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 15.0.7.2 - Broadcom Corporation) Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation) Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.82.120 - Broadcom Corporation) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ‎Canon Inc.‬) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬) Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.00 - Canon Inc.) Canon MG6300 series On-screen Manual (HKLM-x32\...\Canon MG6300 series On-screen Manual) (Version: 7.5.0 - Canon Inc.) Canon MG6300 series User Registration (HKLM-x32\...\Canon MG6300 series User Registration) (Version: - Canon Inc.‎) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.) Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3004 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3004 - Acer Incorporated) Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation) Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc) Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.) Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.) Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation) Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.710 - Oracle) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Acer Inc.) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office XP Professional (HKLM-x32\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation) Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation) Microsoft Office XP Standard (HKLM-x32\...\{90120409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.) newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.9052 - ooVoo LLC.) Oovoo Toolbar (HKLM-x32\...\{4F564F32-5637-4300-76A7-A758B70C1200}) (Version: 12.18.0.3119 - APN, LLC) Oregon Trail® 5 (HKLM-x32\...\Oregon Trail® 5) (Version: - ) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden Preset Manager 2.0 (HKLM-x32\...\{FCFE3F81-C977-4D31-877B-2778BB2A02DE}) (Version: 2.0.114 - Sony) QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.) Saddle Up (HKLM-x32\...\{D33531F0-F0F0-4FA9-B3EC-88CB69F178D0}) (Version: 1.00.000 - ) Sculptris Alpha 6 (HKLM-x32\...\InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}) (Version: 0.6 - Pixologic) Sculptris Alpha 6 (x32 Version: 0.6 - Pixologic) Hidden Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) Sony Vegas Pro Pre-Cracked By Exµs 11.0 (HKLM-x32\...\Sony Vegas Pro Pre-Cracked By Exµs) (Version: 11.0 - TheMrExus) Spirit (remove only) (HKLM-x32\...\spirit-9.06) (Version: - ) Star Stable (HKLM-x32\...\{2B03B553-4983-4005-99C4-31DFC25B4BB9}) (Version: 1.00.0000 - Star Stable Entertainment AB) Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.41.5 - Synaptics Incorporated) Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vegas Pro 12.0 (64-bit) (HKLM\...\{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}) (Version: 12.0.394 - Sony) Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated) WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2610 - Broadcom Corporation) WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WolfQuest (HKLM-x32\...\{9E6AD6CF-1EFF-43E4-86C4-5C00254C3D8E}) (Version: 2.5.1 - eduweb) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1872342984-4112894413-1070716142-500_Classes\CLSID\{F9E1BD9A-84B5-4D12-9195-0B3E7D86FD35}\InprocServer32 -> C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\ddrawex.dll (Microsoft Corporation) ==================== Restore Points ========================= 29-10-2014 21:46:24 zoek.exe restore point 30-10-2014 12:29:15 Windows Update 31-10-2014 07:00:50 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {3030FA2F-45C5-46D5-B505-A33032F8DFCB} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.) Task: {33D3F771-3083-4424-B0B4-55D25AC7F73F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000UA => C:\Users\Kelsey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-22] (Facebook Inc.) Task: {3C5D07A1-5A10-41D3-9975-075BB4F487CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-28] (Google Inc.) Task: {3CB1C6AB-8B75-4164-BD89-00C32D6724B3} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink) Task: {3D3E648A-FEB9-4427-AD86-6AB7A5025BFF} - System32\Tasks\{38D3D146-0693-4E13-8D09-82BAC2740842} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=12002 Task: {46136510-9678-4783-917A-739E3233C4BE} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {4BBC4444-881A-43A9-9371-771A59050A9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-28] (Google Inc.) Task: {6C480530-41CA-496D-8D3A-588B237C64C2} - System32\Tasks\{3D65047E-5053-4816-866D-E87256CFAE09} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=12002 Task: {6D4FAB21-5DD4-495C-BD84-EA0BCC688CBD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000Core => C:\Users\Kelsey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-22] (Facebook Inc.) Task: {6EB34418-0517-4B19-BF83-9F07FACDB029} - System32\Tasks\{89EDE0C0-5811-4347-A7F9-472F7EFD2382} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=12002 Task: {81E04DED-8673-4FDA-975A-33794614CD62} - System32\Tasks\{9A53F2BC-FE26-4617-9D39-939F8B5B5089} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=12002 Task: {867F38CC-D890-4D51-B6CD-2BE294D0D33C} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated) Task: {C7318021-867F-4F04-84ED-FC27DADF8491} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation) Task: {C9234B97-5AB5-4162-977F-96E0567133E2} - System32\Tasks\{90A55BAF-6154-492D-A20B-03FF4E2DC7AC} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=12002 Task: {D041E6F6-34C0-4EE8-AF47-33E0369E35E6} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {DB284CE3-3EFC-4EA8-8C07-134C8234E144} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.) Task: {F4E50B09-91D1-41A6-9F8B-6A802CCA1290} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated) Task: {FF469E3F-8237-48DE-9407-08511F97861C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000Core.job => C:\Users\Kelsey\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000UA.job => C:\Users\Kelsey\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-05-14 06:29 - 2012-03-26 20:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-04-06 23:29 - 2012-04-06 23:29 - 00040552 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe 2012-04-06 23:29 - 2012-04-06 23:29 - 00022120 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe 2012-01-05 17:22 - 2012-01-05 17:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2012-01-05 17:22 - 2012-01-05 17:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2012-01-05 17:22 - 2012-01-05 17:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll 2014-10-15 04:04 - 2014-10-15 04:04 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll 2012-04-03 00:54 - 2012-02-01 19:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2014-10-29 10:40 - 2014-10-22 00:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll 2014-10-29 10:40 - 2014-10-22 00:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll 2014-10-29 10:40 - 2014-10-22 00:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll 2014-10-29 10:40 - 2014-10-22 00:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll 2012-06-10 10:09 - 2012-02-07 21:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:888AFB86 AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1872342984-4112894413-1070716142-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-1872342984-4112894413-1070716142-501 - Limited - Disabled) Kelsey (S-1-5-21-1872342984-4112894413-1070716142-1000 - Administrator - Enabled) => C:\Users\Kelsey ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/31/2014 07:30:56 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/31/2014 06:12:18 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/30/2014 04:29:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/30/2014 08:34:01 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/29/2014 10:10:22 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/28/2014 07:58:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (10/31/2014 04:55:45 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 40. The internal error state is 252. Error: (10/31/2014 04:44:10 AM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (10/31/2014 04:44:09 AM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (10/31/2014 04:44:07 AM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (10/31/2014 04:43:51 AM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (10/31/2014 04:43:50 AM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (10/31/2014 04:43:49 AM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (10/31/2014 04:43:48 AM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (10/31/2014 04:43:47 AM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (10/31/2014 04:43:46 AM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Microsoft Office Sessions: ========================= Error: (10/31/2014 07:30:56 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (10/31/2014 06:12:18 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (10/30/2014 04:29:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/30/2014 08:34:01 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/29/2014 10:10:22 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/28/2014 07:58:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel® Core i3-2370M CPU @ 2.40GHz Percentage of memory in use: 49% Total physical RAM: 3932.36 MB Available physical RAM: 1981.95 MB Total Pagefile: 7862.9 MB Available Pagefile: 4773.21 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:447.66 GB) (Free:246.73 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0D7A3097) Partition 1: (Not Active) - (Size=18 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=447.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================

Naathim, The scans you requested are attached. The MWB is still not producing a log that is populated wit the info. The info below is the log that is autosaved from the program. I will add that the last two days my isp has texted and let me know a BOT is on my "network:" and the two that are saying I have are Multi_criminalclick-clickThrough and Multi_criminalClick_muga vuga. Not sure if this is related. Thanks. Fujymo 2014/10/30 14:53:02 -0400 mbam-log-2014-10-30 (14-53-01).xml yes 2.00.3.1025 v2014.10.30.11 v2014.10.22.01 free disabled disabled disabled Windows 7 Service Pack 1 x64 Administrator NTFS threat completed 382788 5267 0 0 17 4 1 0 0 0 enabled enabled enabled enabled enabled disabled enabled enabled enabled HKU\S-1-5-21-1872342984-4112894413-1070716142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}PUP.Optional.SearchProtect.Asuccessbf028e891e5ed3635acb57530af80af6 HKU\S-1-5-21-1872342984-4112894413-1070716142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}PUP.Optional.DefaultTab.Asuccess7b460611017b0630caffdfd109f919e7 HKU\S-1-5-21-1872342984-4112894413-1070716142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7F6AFBF1-E065-4627-A2FD-810366367D01}PUP.Optional.DefaultTab.Asuccess7b460611017b0630caffdfd109f919e7 HKU\S-1-5-21-1872342984-4112894413-1070716142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7F6AFBF1-E065-4627-A2FD-810366367D01}PUP.Optional.DefaultTab.Asuccess7b460611017b0630caffdfd109f919e7 HKU\S-1-5-21-1872342984-4112894413-1070716142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}PUP.Optional.VMNToolBar.Asuccess259c72a5601c78be9a5c31b33bc7ec14 HKU\S-1-5-21-1872342984-4112894413-1070716142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}PUP.Optional.VMNToolBar.Asuccess259c72a5601c78be9a5c31b33bc7ec14 HKU\S-1-5-21-1872342984-4112894413-1070716142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}PUP.Optional.FrostwireTB.Asuccess794831e6bdbf78be854d8c5a0af86997 HKU\S-1-5-21-1872342984-4112894413-1070716142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}PUP.Optional.FrostwireTB.Asuccess794831e6bdbf78be854d8c5a0af86997 HKU\S-1-5-21-1872342984-4112894413-1070716142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}PUP.Optional.WeCare.Asuccess20a18b8c6d0f69cdcce7f3ef9b6713ed HKU\S-1-5-21-1872342984-4112894413-1070716142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}PUP.Optional.Yontoo.Asuccesse4dd8a8d413bc57121fc9912de24e020 HKU\S-1-5-21-1872342984-4112894413-1070716142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}PUP.Optional.Yontoo.Asuccesse4dd8a8d413bc57121fc9912de24e020 HKU\S-1-5-21-1872342984-4112894413-1070716142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DatamngrPUP.Optional.DataMngr.Asuccess7d4405126e0e290d4a16492cf014a15f HKU\S-1-5-21-1872342984-4112894413-1070716142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_ToolbarPUP.Optional.DataMngr.Asuccess2899e82f44384beb70ef462f2cd84db3 HKU\S-1-5-21-1872342984-4112894413-1070716142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wecarereminderPUP.Optional.WeCaresuccessd5ec1502d4a8bf77d2a7b085fc0724dc HKU\S-1-5-21-1872342984-4112894413-1070716142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FFPUP.Optional.Conduit.Asuccess774a8d8a354783b3a54e1367b84c15eb HKU\S-1-5-21-1872342984-4112894413-1070716142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}PUP.Optional.WeCaresuccess239ea96eacd0dd59463c0431a360738d HKU\S-1-5-21-1872342984-4112894413-1070716142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal DownloaderPUP.Optional.Softonic.Asuccesse4ddb661eb9191a5760e4806d231b24e HKU\S-1-5-21-1872342984-4112894413-1070716142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER{D4027C7F-154A-4066-A1AD-4243D8127440}PUP.Optional.FrostwireTB.Asuccess ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # product=EOS # version=8 # IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700) # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=0e0c5003f41cf243b22bff3a7319546e # engine=20861 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-10-31 07:30:23 # local_time=2014-10-31 03:30:23 (-0500, US Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Norton 360' # compatibility_mode=3598 16777213 87 100 0 165316718 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 40334860 166284072 0 0 # scanned=211413 # found=12 # cleaned=0 # scan_time=21272 sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\APISupport\APISupport.dll.vir" sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir" sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir" sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\APISupport\APISupport.dll.vir" sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir" sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir" sh=6585D690EEE297567F9B6E2DE433109A84DA6454 ft=1 fh=66260f416679b5b2 vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\Users\Kelsey\Documents\New folder (16)\Kelsey\Application Data\OpenCandy\OpenCandy_8BE687B727BB407E82AD8273F063C0A6\LatestDLMgr.exe" sh=C14232D2E7BB7FF60E32CE389D4B73E684DBA659 ft=0 fh=0000000000000000 vn="Java/Agent.AC trojan" ac=I fn="C:\Users\Kelsey\Documents\New folder (16)\Kelsey\Application Data\Sun\Java\Deployment\cache\6.0\40\34584228-447fdf71" sh=5963FC8ED12B7902A616D2FAEE223985DF8E98CF ft=1 fh=c5b874e34252e4ff vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\Users\Kelsey\Documents\New folder (16)\Kelsey\Local Settings\Application Data\OpenCandy\OpenCandy_{585EA172-F4EE-41FE-A2E4-E36889F2BEB7}.dll" sh=D0954D6A2F0FF19AD381908BE64BD4C2ADABDAFB ft=1 fh=adf2c5ef5efc693d vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Kelsey\Documents\New folder (16)\My Documents\Downloads\avc-free.exe" sh=9898A833B4FCEEE4C5ECCCE20BD3BDAE2BD3E4D7 ft=1 fh=cbb089e9588b93c6 vn="Win32/Graboid potentially unsafe application" ac=I fn="C:\Users\Kelsey\Documents\New folder (16)\My Documents\Downloads\GraboidVideoSetup-2.4-Complete.exe" sh=ED578A939AE93BEB6A92220946C6BD573E34F33E ft=1 fh=94ed5204fb17a7a5 vn="multiple threats" ac=I fn="C:\Users\Kelsey\Documents\New folder (16)\My Documents\Downloads\video_downloader.exe" ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # product=EOS # version=8 # IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700) # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=0e0c5003f41cf243b22bff3a7319546e # engine=20861 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-10-31 07:30:23 # local_time=2014-10-31 03:30:23 (-0500, US Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Norton 360' # compatibility_mode=3598 16777213 87 100 0 165316718 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 40334860 166284072 0 0 # scanned=211413 # found=12 # cleaned=0 # scan_time=21272 sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\APISupport\APISupport.dll.vir" sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir" sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir" sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\APISupport\APISupport.dll.vir" sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir" sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir" sh=6585D690EEE297567F9B6E2DE433109A84DA6454 ft=1 fh=66260f416679b5b2 vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\Users\Kelsey\Documents\New folder (16)\Kelsey\Application Data\OpenCandy\OpenCandy_8BE687B727BB407E82AD8273F063C0A6\LatestDLMgr.exe" sh=C14232D2E7BB7FF60E32CE389D4B73E684DBA659 ft=0 fh=0000000000000000 vn="Java/Agent.AC trojan" ac=I fn="C:\Users\Kelsey\Documents\New folder (16)\Kelsey\Application Data\Sun\Java\Deployment\cache\6.0\40\34584228-447fdf71" sh=5963FC8ED12B7902A616D2FAEE223985DF8E98CF ft=1 fh=c5b874e34252e4ff vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\Users\Kelsey\Documents\New folder (16)\Kelsey\Local Settings\Application Data\OpenCandy\OpenCandy_{585EA172-F4EE-41FE-A2E4-E36889F2BEB7}.dll" sh=D0954D6A2F0FF19AD381908BE64BD4C2ADABDAFB ft=1 fh=adf2c5ef5efc693d vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Kelsey\Documents\New folder (16)\My Documents\Downloads\avc-free.exe" sh=9898A833B4FCEEE4C5ECCCE20BD3BDAE2BD3E4D7 ft=1 fh=cbb089e9588b93c6 vn="Win32/Graboid potentially unsafe application" ac=I fn="C:\Users\Kelsey\Documents\New folder (16)\My Documents\Downloads\GraboidVideoSetup-2.4-Complete.exe" sh=ED578A939AE93BEB6A92220946C6BD573E34F33E ft=1 fh=94ed5204fb17a7a5 vn="multiple threats" ac=I fn="C:\Users\Kelsey\Documents\New folder (16)\My Documents\Downloads\video_downloader.exe" ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # product=EOS # version=8 # IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700) # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=0e0c5003f41cf243b22bff3a7319546e # engine=20861 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-10-31 07:30:23 # local_time=2014-10-31 03:30:23 (-0500, US Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Norton 360' # compatibility_mode=3598 16777213 87 100 0 165316718 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 40334860 166284072 0 0 # scanned=211413 # found=12 # cleaned=0 # scan_time=21272 sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\APISupport\APISupport.dll.vir" sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir" sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir" sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\APISupport\APISupport.dll.vir" sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir" sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir" sh=6585D690EEE297567F9B6E2DE433109A84DA6454 ft=1 fh=66260f416679b5b2 vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\Users\Kelsey\Documents\New folder (16)\Kelsey\Application Data\OpenCandy\OpenCandy_8BE687B727BB407E82AD8273F063C0A6\LatestDLMgr.exe" sh=C14232D2E7BB7FF60E32CE389D4B73E684DBA659 ft=0 fh=0000000000000000 vn="Java/Agent.AC trojan" ac=I fn="C:\Users\Kelsey\Documents\New folder (16)\Kelsey\Application Data\Sun\Java\Deployment\cache\6.0\40\34584228-447fdf71" sh=5963FC8ED12B7902A616D2FAEE223985DF8E98CF ft=1 fh=c5b874e34252e4ff vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\Users\Kelsey\Documents\New folder (16)\Kelsey\Local Settings\Application Data\OpenCandy\OpenCandy_{585EA172-F4EE-41FE-A2E4-E36889F2BEB7}.dll" sh=D0954D6A2F0FF19AD381908BE64BD4C2ADABDAFB ft=1 fh=adf2c5ef5efc693d vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Kelsey\Documents\New folder (16)\My Documents\Downloads\avc-free.exe" sh=9898A833B4FCEEE4C5ECCCE20BD3BDAE2BD3E4D7 ft=1 fh=cbb089e9588b93c6 vn="Win32/Graboid potentially unsafe application" ac=I fn="C:\Users\Kelsey\Documents\New folder (16)\My Documents\Downloads\GraboidVideoSetup-2.4-Complete.exe" sh=ED578A939AE93BEB6A92220946C6BD573E34F33E ft=1 fh=94ed5204fb17a7a5 vn="multiple threats" ac=I fn="C:\Users\Kelsey\Documents\New folder (16)\My Documents\Downloads\video_downloader.exe" Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01 Ran by Administrator (administrator) on KELSEY-PC on 31-10-2014 07:31:20 Running from C:\Users\Administrator\Desktop\malware Loaded Profile: Administrator (Available profiles: Kelsey & Administrator) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Microsoft Corporation) C:\Windows\splwow64.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-14] (Synaptics Incorporated) HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7138816 2012-06-10] (Broadcom Corporation) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated) HKLM\...\Run: [instantUpdate] => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe [124520 2012-04-06] () HKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation) HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 HKLM-x32\...\Run: [ROC_ROC_JULY_P1] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.) HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-1872342984-4112894413-1070716142-500\...\MountPoints2: {d878b479-3e79-11e3-a96e-b888e308cbd6} - G:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-18\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect" Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Startup: C:\Users\Kelsey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK ShortcutTarget: Registration .LNK -> D:\Register\RegistrationReminder.exe (No File) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ffxsbfk0.default FF Homepage: hxxp://www.bing.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-10-30] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20] CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation) R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5824512 2012-06-10] (Broadcom Corporation) [File not signed] S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-03-21] (Broadcom Corporation.) R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141016.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-03] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-10-03] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141030.001\IDSvia64.sys [633560 2014-08-27] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-31] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141030.019\ENG64.SYS [129752 2014-10-03] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141030.019\EX64.SYS [2137304 2014-10-03] (Symantec Corporation) R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-02-14] (Synaptics Incorporated) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation) S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-27] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-31 07:29 - 2014-10-31 07:29 - 00002461 _____ () C:\Users\Administrator\Desktop\eset12.txt 2014-10-30 21:47 - 2014-10-30 21:47 - 00004402 _____ () C:\Users\Administrator\Desktop\mbaw10-30.txt 2014-10-30 16:35 - 2014-10-30 16:35 - 00000049 _____ () C:\Users\Administrator\Desktop\1234564.txt 2014-10-30 16:24 - 2014-10-30 16:24 - 00001071 _____ () C:\Users\Administrator\Desktop\mawb.txt 2014-10-29 17:46 - 2014-10-21 13:08 - 00060238 _____ () C:\zoek-results2014-10-21-170844.log 2014-10-29 10:09 - 2014-10-29 10:10 - 01150232 _____ () C:\Windows\Minidump\102914-70138-01.dmp 2014-10-28 19:50 - 2014-10-28 19:50 - 01998336 _____ () C:\Users\Administrator\Downloads\adwcleaner_4.002.exe 2014-10-28 19:48 - 2014-10-28 19:48 - 00000641 _____ () C:\Users\Administrator\Desktop\JRT.txt 2014-10-28 19:33 - 2014-10-28 19:33 - 00000641 _____ () C:\Users\Administrator\Desktop\JRT1.txt 2014-10-28 19:15 - 2014-10-28 19:15 - 01706144 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT (1).exe 2014-10-28 19:15 - 2014-10-21 14:25 - 01706144 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT_NEW.exe 2014-10-28 19:06 - 2014-10-28 19:07 - 01706144 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe 2014-10-21 13:26 - 2014-10-30 16:36 - 00000000 ___HD () C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A} 2014-10-21 13:10 - 2014-10-21 13:10 - 00060238 _____ () C:\Users\Administrator\Desktop\zoek-results.txt 2014-10-21 11:26 - 2014-10-21 11:26 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple 2014-10-21 10:03 - 2014-10-29 17:50 - 00054059 _____ () C:\zoek-results.log 2014-10-21 09:56 - 2014-10-21 10:32 - 00000000 ____D () C:\zoek_backup 2014-10-20 18:29 - 2014-10-20 18:29 - 00012879 _____ () C:\Users\Administrator\Desktop\AdwCleaner[s0].txt 2014-10-20 17:27 - 2014-10-28 19:55 - 00000000 ____D () C:\AdwCleaner 2014-10-20 14:10 - 2014-10-20 14:10 - 00000000 ____D () C:\Windows\ERUNT 2014-10-20 09:15 - 2014-10-20 09:15 - 00021232 _____ () C:\Users\Administrator\Desktop\1.txt 2014-10-20 09:14 - 2014-10-20 09:14 - 00021232 _____ () C:\Users\Administrator\Desktop\ListChkdskResult.txt 2014-10-20 09:13 - 2014-10-20 09:13 - 00197679 _____ () C:\Users\Administrator\Desktop\ListChkdskResult.exe 2014-10-19 21:37 - 2014-10-19 21:37 - 00891976 _____ () C:\Windows\Minidump\101914-34866-01.dmp 2014-10-19 10:46 - 2014-10-19 10:46 - 01097688 _____ () C:\Windows\Minidump\101914-43820-01.dmp 2014-10-18 19:21 - 2014-10-18 17:38 - 00002514 _____ () C:\Users\Administrator\Desktop\log.xml 2014-10-18 17:38 - 2014-10-18 19:22 - 00001065 _____ () C:\Users\Administrator\Desktop\1234.txt 2014-10-16 12:41 - 2014-10-31 07:31 - 00000000 ____D () C:\FRST 2014-10-16 12:39 - 2014-10-31 07:31 - 00000000 ____D () C:\Users\Administrator\Desktop\malware 2014-10-15 23:18 - 2014-10-31 03:18 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-15 23:17 - 2014-10-18 07:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-15 23:17 - 2014-10-18 07:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-15 23:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-15 23:17 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-15 23:11 - 2014-10-15 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-15 23:11 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-15 23:11 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-15 23:11 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-15 23:11 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-15 23:10 - 2014-10-15 23:11 - 00004685 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log 2014-10-15 23:10 - 2014-10-15 23:10 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList 2014-10-15 23:10 - 2014-10-15 23:10 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList 2014-10-15 18:32 - 2014-10-15 18:32 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite 2014-10-15 01:51 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-15 01:50 - 2014-08-18 23:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2014-10-15 01:50 - 2014-08-18 23:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2014-10-15 01:50 - 2014-08-18 23:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-10-15 01:50 - 2014-08-18 23:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2014-10-15 01:50 - 2014-08-18 23:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2014-10-15 01:50 - 2014-08-18 23:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2014-10-15 01:50 - 2014-08-18 23:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2014-10-15 01:50 - 2014-08-18 23:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2014-10-15 01:50 - 2014-08-18 23:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2014-10-15 01:50 - 2014-08-18 23:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2014-10-15 01:50 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2014-10-15 01:50 - 2014-08-18 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2014-10-15 01:50 - 2014-08-18 22:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2014-10-15 01:50 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-10-15 01:50 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-10-15 01:50 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-10-15 01:50 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-10-15 01:50 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-10-15 01:50 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-10-15 01:50 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-10-15 01:50 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-10-15 01:50 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-10-15 01:50 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-10-15 01:50 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-10-15 01:50 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-10-15 01:50 - 2014-07-06 22:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-10-15 01:50 - 2014-07-06 22:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2014-10-15 01:50 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-10-15 01:50 - 2014-07-06 22:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-10-15 01:50 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-10-15 01:50 - 2014-07-06 22:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2014-10-15 01:50 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2014-10-15 01:50 - 2014-07-06 22:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-10-15 01:50 - 2014-07-06 22:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-10-15 01:50 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-10-15 01:50 - 2014-07-06 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2014-10-15 01:50 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2014-10-15 01:50 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2014-10-15 01:50 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-10-15 01:50 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-10-15 01:50 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-10-15 01:50 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-10-15 01:50 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-10-15 01:50 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-10-15 01:50 - 2014-06-27 20:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-10-15 01:50 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2014-10-15 01:50 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2014-10-15 01:50 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-15 01:50 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-15 01:50 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-15 01:50 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-15 01:50 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-15 01:50 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-15 01:49 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-15 01:49 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-15 01:49 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-15 01:49 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-15 01:49 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-15 01:49 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-15 01:49 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-15 01:49 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-15 01:49 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-15 01:49 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-15 01:49 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-15 01:49 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-15 01:49 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-15 01:49 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-15 01:49 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-15 01:49 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-15 01:49 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-15 01:49 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-15 01:49 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-15 01:49 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-15 01:49 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-15 01:49 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-15 01:49 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-15 01:49 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-15 01:49 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-15 01:49 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-15 01:49 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-15 01:49 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-15 01:49 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-15 01:49 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-15 01:49 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-15 01:49 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-15 01:49 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-15 01:49 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-15 01:49 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-15 01:49 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-15 01:49 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-15 01:49 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-15 01:49 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-15 01:49 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-15 01:49 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-15 01:49 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-15 01:49 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-15 01:49 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-15 01:49 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-15 01:49 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-15 01:49 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-15 01:49 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-15 01:49 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-15 01:49 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-15 01:49 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-15 01:49 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-15 01:49 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-15 01:49 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-15 01:49 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-15 01:49 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-15 01:49 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-15 01:49 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-15 01:49 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-15 01:49 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-15 01:49 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-15 01:49 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-15 01:49 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-15 01:48 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-15 01:48 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-15 01:48 - 2014-07-16 22:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-15 01:48 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-15 01:48 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-15 01:48 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-15 01:48 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-15 01:48 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-15 01:48 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-15 01:48 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-15 01:48 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-15 01:48 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-15 01:48 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-15 01:48 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-15 01:48 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-15 01:48 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-15 01:48 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-15 01:48 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-07 20:22 - 2014-10-07 21:50 - 86934059 _____ () C:\Users\Kelsey\Documents\How lobg will I love you.wmv 2014-10-05 22:17 - 2014-10-05 22:17 - 00040464 _____ () C:\Users\Kelsey\Documents\oh death.veg ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-31 06:38 - 2012-11-28 13:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-31 06:37 - 2012-04-03 01:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-31 05:01 - 2013-02-22 23:49 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000UA.job 2014-10-31 04:52 - 2012-06-10 09:57 - 01916923 _____ () C:\Windows\WindowsUpdate.log 2014-10-30 23:01 - 2013-02-22 23:49 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000Core.job 2014-10-30 20:45 - 2012-11-28 13:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-30 16:36 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-30 16:36 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-30 16:28 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-30 16:28 - 2009-07-14 00:51 - 00145861 _____ () C:\Windows\setupact.log 2014-10-30 14:50 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-30 08:33 - 2010-11-20 23:47 - 00735318 _____ () C:\Windows\PFRO.log 2014-10-29 10:40 - 2012-11-28 13:01 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-29 10:09 - 2013-03-14 18:02 - 00000000 ____D () C:\Windows\Minidump 2014-10-29 10:09 - 2013-03-14 17:51 - 466080250 _____ () C:\Windows\MEMORY.DMP 2014-10-28 19:06 - 2013-12-02 21:21 - 00000000 ____D () C:\ProgramData\Samsung 2014-10-28 19:06 - 2012-04-03 00:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-10-27 09:24 - 2012-11-11 12:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps 2014-10-25 04:10 - 2014-02-07 21:19 - 00000000 ____D () C:\Program Files (x86)\ooVoo 2014-10-24 19:15 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-10-24 19:09 - 2014-06-10 16:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-23 12:21 - 2013-01-14 21:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-10-21 20:34 - 2012-11-28 13:01 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-21 20:33 - 2012-11-28 13:01 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-20 17:31 - 2013-03-11 22:23 - 00000000 ____D () C:\Users\Kelsey\AppData\Local\CRE 2014-10-18 07:32 - 2013-01-22 22:51 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-15 23:31 - 2012-11-08 21:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla 2014-10-15 23:18 - 2012-08-16 21:32 - 00000000 ____D () C:\ProgramData\HP 2014-10-15 23:17 - 2013-01-22 22:51 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-15 23:12 - 2014-02-06 23:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-15 23:11 - 2012-08-12 17:24 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-15 23:03 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-10-15 18:30 - 2014-01-31 11:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite 2014-10-15 18:30 - 2014-01-27 17:47 - 00002444 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk 2014-10-15 18:30 - 2012-08-11 18:56 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-10-15 18:30 - 2012-08-11 18:56 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64 2014-10-15 04:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-10-15 03:51 - 2009-07-14 00:45 - 00282368 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-15 03:47 - 2014-05-08 13:02 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-15 03:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-10-15 03:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-10-15 03:12 - 2013-08-14 13:48 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-15 03:01 - 2013-02-07 00:02 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-14 09:14 - 2012-08-27 19:30 - 00000000 ____D () C:\Users\Kelsey\AppData\Roaming\Skype 2014-10-13 21:29 - 2012-08-26 16:50 - 00000000 ____D () C:\Users\Kelsey\AppData\Local\CrashDumps 2014-10-05 22:21 - 2014-03-14 19:34 - 00076024 _____ () C:\Users\Kelsey\Documents\pippin.veg.bak 2014-10-05 22:21 - 2014-03-14 19:34 - 00076024 _____ () C:\Users\Kelsey\Documents\pippin.veg 2014-10-04 22:51 - 2014-08-24 18:36 - 00000000 ____D () C:\Users\Kelsey\Documents\pro rodeo 2014-10-01 11:11 - 2013-01-22 22:51 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-29 11:39 ==================== End Of Log ============================ NEXT PAGE

At this time I do not see any evidence on Strongvault on the computer Thanks, Fujymo

Here is the file you requested. Thanks again. Fujymo Zoek.exe v5.0.0.0 Updated 28-10-2014 Tool run by Administrator on Wed 10/29/2014 at 17:44:10.34. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Administrator\Downloads\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2014-10-21-170844.log 60238 bytes ==== System Restore Info ====================== 10/29/2014 5:46:45 PM Zoek.exe System Restore Point Created Succesfully. ==== Folders Found ====================== 2014-10-20 21:30:34 2014-10-20 21:30:34 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Kelsey\AppData\Local\Strongvault 2014-10-20 21:30:34 2014-10-20 21:30:34 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Kelsey\AppData\Roaming\Strongvault 2014-10-20 21:30:34 2014-10-20 21:30:34 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Kelsey\AppData\Roaming\Strongvault\Strongvault Online Backup 2012-12-24 04:56:17 2014-09-22 20:26:12 -------- d-----w- C:\Users\Kelsey\AppData\Local\Strongvault Online Backup ==== Files Found ====================== --- C:\AdwCleaner\Quarantine\C\Users\Kelsey\AppData\Local\Strongvault\mod.StrongVaultApp0.dat.vir --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 11022 Created time: 2012-12-24 04:56:18 Modified time: 2013-04-10 21:39:58 MD5: FAA5C67923CAD24B7C82C170463FC47D SHA1: 36F474D85FCA000AE5087BCEA2BCB042AE61F34F --- C:\AdwCleaner\Quarantine\C\Users\Kelsey\AppData\Local\Strongvault\StrongVaultK.dat.vir --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 24128313 Created time: 2012-12-24 04:56:28 Modified time: 2013-04-10 21:15:54 MD5: 3E8EC0E3BC4DBBBFFFC395F9730BED6A SHA1: 3AF63A73845BC6242B27ECFFEB6F0D96B2D7CACE --- C:\AdwCleaner\Quarantine\C\Users\Kelsey\AppData\Local\Strongvault\StrongVaultU.dat.vir --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 80942 Created time: 2012-12-24 04:56:28 Modified time: 2013-04-08 23:07:04 MD5: 805AC06BA6116CEB7DFBE064F6EE3C69 SHA1: F77AB91A57769F56C36C49BC4D559EEADB268929 --- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\strongvault.lnk --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 11800 Created time: 2014-10-28 23:04:47 Modified time: 2014-10-28 23:04:47 MD5: 1390AC0B4D786FE86DC91F1B44519A9B SHA1: A8039DC6425CC96EB0BDE66297CBBC1F189BD76A ==== Registry Search Results for "strongvault" ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5E33D30D-D896-4D92-B033-5F45819B2937}] "InstallLocation"="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5E33D30D-D896-4D92-B033-5F45819B2937}] "InstallSource"="C:\\Program Files (x86)\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5E33D30D-D896-4D92-B033-5F45819B2937}] "Publisher"="Strongvault Online Backup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5E33D30D-D896-4D92-B033-5F45819B2937}] "URLInfoAbout"="http://www.strongvaultfree.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5E33D30D-D896-4D92-B033-5F45819B2937}] "DisplayName"="Strongvault Online Backup" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000507-0000-0010-8000-00AA006D2EA4}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000507-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000050B-0000-0010-8000-00AA006D2EA4}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000050B-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000514-0000-0010-8000-00AA006D2EA4}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000514-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000535-0000-0010-8000-00AA006D2EA4}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000535-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000560-0000-0010-8000-00AA006D2EA4}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000560-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{231D1CF6-C578-411D-9B9B-48264355805D}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedCry.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D171AB1-5132-43C5-9591-96F98911791E}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XFileNet.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D171AB1-5132-43C5-9591-96F98911791E}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XFileNet.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C656C6-0515-11E0-B88E-001D60AF2322}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\AsynchWSCall.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C656DA-0515-11E0-B88E-001D60AF2322}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\BackupEngine.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C656DB-0515-11E0-B88E-001D60AF2322}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\BackupEngine.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C656E3-0515-11E0-B88E-001D60AF2322}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\AxLocalBackup.ocx" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C656E6-0515-11E0-B88E-001D60AF2322}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\AxLocalBackup.ocx" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C656E8-0515-11E0-B88E-001D60AF2322}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\AxLocalBackup.ocx" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedZip.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705B3-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705B3-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705CB-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Integration.Scheduler.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705CB-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Integration.Scheduler.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705D6-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Integration.UploadAgent.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705D6-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Integration.UploadAgent.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705DA-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Integration.UploadAgent.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705DA-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Integration.UploadAgent.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705EA-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\VSBackupNet.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705EA-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\VSBackupNet.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705EC-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705EC-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705EE-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705EE-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F0-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F0-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F3-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F3-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F5-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F5-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F7-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F7-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F9-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F9-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57170605-0509-11E0-B88E-001D60AF2322}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\AxUtilities.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57170608-0509-11E0-B88E-001D60AF2322}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\VSBackupVista.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5717060C-0509-11E0-B88E-001D60AF2322}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\CtxMenu.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ADE76BA-7AF7-44BF-B0C5-A946534F1EBA}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ARProgBar.ocx" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EC04D5B-19A8-45EE-BCB0-6FE0067F9468}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedCry.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90FDB7BD-EB76-4AC9-8385-D1EE80BBCDCD}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedCry.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A02A65C1-50E4-4E5D-B9D0-625D5DEBC671}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedCry.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0A61B00-96A6-457F-AA5E-AFA5167852E5}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedCry.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBA63CAC-9913-4A13-9212-E97BB70C05C9}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedCry.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3271080-C57A-4520-8066-337AD212D7E0}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedCry.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55F0A34-4286-4094-905E-75CBD8BF0776}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\sosbutton.ocx" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8C78E98-0116-4491-9272-C7F8B0A02E0D}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Integration.Radialpoint.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8C78E98-0116-4491-9272-C7F8B0A02E0D}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Integration.Radialpoint.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3E95E1D-D003-42A0-91FD-465DC624BC7A}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedCry.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D865F1E7-BAC6-4ECA-B37B-0A5DDFF2D031}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedCry.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedZip.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E994B1F9-F7D0-11D6-A2A1-0010DC1D796E}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\SMButton.ocx" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|AxInterop.LocalBackupLib.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|ClientApi.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|Common.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|Integration.Ace.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|Integration.Radialpoint.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|Integration.Scheduler.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|Integration.UploadAgent.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|Integration.ZipLib.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|Interop.ADODB.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|Interop.ADOX.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|Interop.LocalBackupLib.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|Interop.Shell32.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|Interop.VSBackupVista.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|Interop.VSS.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|Interop.VSS2003.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|Interop.XceedEncryptionLib.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|SMessaging.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|SOS.Contracts.BackupServer.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|SOS.Contracts.Infiniscale.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|SOS.Contracts.Shared.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|SOSLibrary.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|SOSLiveProtect.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|SStorage.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|VSBackupNet.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|Xceed.Compression.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|Xceed.Compression.Formats.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Kelsey|AppData|Local|Strongvault Online Backup|XFileNet.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D03D33E5698D29D40B33F55418B99273] "ProductName"="Strongvault Online Backup" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D03D33E5698D29D40B33F55418B99273\SourceList] "PackageName"="Setup_Strongvault.msi" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000051B-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000051C-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000051D-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000051E-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000051F-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000520-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000521-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000523-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000524-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000525-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000526-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000527-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000528-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000529-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000052A-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000052B-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000052C-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000052E-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000052F-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000530-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000531-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000532-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000533-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000540-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000541-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000542-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000543-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000544-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000545-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000546-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000547-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000548-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000549-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000054A-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000054B-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000552-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000553-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000554-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000570-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000571-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000573-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000574-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000576-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000577-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000057A-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000057B-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000057C-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000057D-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000057E-0000-0010-8000-00AA006D2EA4}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{2AC1B0DF-D478-3140-999B-BEB56A4AA112}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{43EA8D11-CE4A-355B-83DB-A414D5D3A431}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{49735749-147A-300B-8986-004FC837C083}\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XFileNet.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{4CDEE1C3-5A1B-350E-A3F9-F9F7F7C95CAC}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADOX.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{63033C5B-3DD7-3B07-ADF8-15EEE68AA14F}\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\VSBackupNet.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{793FC64C-92D4-36C2-8D76-29ADE5ACC998}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADOX.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{7E632ADF-9D4A-374C-AD52-25A9213987EE}\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\VSBackupNet.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{7F564B7C-5B6C-3AB9-B8FD-109554AE454B}\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{898CF1A5-06A2-30B5-8088-F9E7A66A4143}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADOX.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9080C45E-594C-3768-A294-C1B261ECD5F9}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADOX.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9558E2B7-51E3-315A-A409-2F1E30A23EFA}\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9B09BB39-AEDE-3F55-AAF4-804064565E97}\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{A56187C5-D690-4037-AE32-A00EDC376AC3}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{A700FB12-17FC-3877-A874-00C31AFED422}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADOX.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{A9BA0EB6-3DA2-3A7A-B296-7FF4F611FD80}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADOX.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{BFBCF6E9-EE8C-366E-8DD2-34AFB7637D06}\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XFileNet.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{C0CAD8CE-F322-3633-865B-FE9CF09B81BA}\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{D3BDD942-66D3-3156-B238-DE8B9720F37F}\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{D95DA0A3-AB54-356D-9050-B986DBD6A11A}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADOX.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{DD4CB1CF-E6F7-3A03-A77E-ED44939DD4CF}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADOX.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{DFF05178-341C-396F-A898-50DDBC699024}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADOX.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{E221116A-32CE-36C4-990E-4E731DF815F5}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADOX.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{E8F7B742-5831-3A24-8C7F-30A77C99DA9B}\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{F757B661-E287-3E2F-AF82-74FD2DF87F46}\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{FFC6D718-C67D-34B7-A64F-5B2235F83C11}\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOS Online Backup\shell\open\command] @="\"C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\SStorage.exe\" \"%1\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44C656C7-0515-11E0-B88E-001D60AF2322}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44C656CB-0515-11E0-B88E-001D60AF2322}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{492E7335-C8AC-4F5F-B307-B8176C3954BE}\1.0\0\win64] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\vsscopy.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{492E7335-C8AC-4F5F-B307-B8176C3954BE}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{55A560A7-E3F9-4790-8D22-F3A97009AC8F}\1.1\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{571705B0-0509-11E0-B88E-001D60AF2322}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{571705C9-0509-11E0-B88E-001D60AF2322}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{571705CF-0509-11E0-B88E-001D60AF2322}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{57170602-0509-11E0-B88E-001D60AF2322}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{57170609-0509-11E0-B88E-001D60AF2322}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9760A2BE-C7C2-4690-AAC8-E64EFEDF1BB5}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BF0830DA-D0C3-4FBE-814C-56444666D9F0}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D8F0BDA9-3F22-4FA0-B695-8DEC09CAD0EB}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}\5.2\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E994B1F7-F7D0-11D6-A2A1-0010DC1D796E}\13.1\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE757A1F-B0AC-40BC-9E72-B8651740F53E}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000507-0000-0010-8000-00AA006D2EA4}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000507-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0000050B-0000-0010-8000-00AA006D2EA4}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0000050B-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000514-0000-0010-8000-00AA006D2EA4}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000514-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000535-0000-0010-8000-00AA006D2EA4}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000535-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000560-0000-0010-8000-00AA006D2EA4}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000560-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Interop.ADODB.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{231D1CF6-C578-411D-9B9B-48264355805D}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedCry.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2D171AB1-5132-43C5-9591-96F98911791E}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XFileNet.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2D171AB1-5132-43C5-9591-96F98911791E}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XFileNet.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{44C656C6-0515-11E0-B88E-001D60AF2322}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\AsynchWSCall.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{44C656DA-0515-11E0-B88E-001D60AF2322}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\BackupEngine.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{44C656DB-0515-11E0-B88E-001D60AF2322}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\BackupEngine.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{44C656E3-0515-11E0-B88E-001D60AF2322}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\AxLocalBackup.ocx" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{44C656E6-0515-11E0-B88E-001D60AF2322}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\AxLocalBackup.ocx" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{44C656E8-0515-11E0-B88E-001D60AF2322}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\AxLocalBackup.ocx" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedZip.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705B3-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705B3-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705CB-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Integration.Scheduler.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705CB-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Integration.Scheduler.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705D6-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Integration.UploadAgent.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705D6-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Integration.UploadAgent.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705DA-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Integration.UploadAgent.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705DA-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Integration.UploadAgent.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705EA-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\VSBackupNet.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705EA-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\VSBackupNet.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705EC-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705EC-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705EE-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705EE-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705F0-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705F0-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705F3-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705F3-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705F5-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705F5-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705F7-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705F7-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705F9-0509-11E0-B88E-001D60AF2322}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{571705F9-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ClientApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{57170605-0509-11E0-B88E-001D60AF2322}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\AxUtilities.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{57170608-0509-11E0-B88E-001D60AF2322}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\VSBackupVista.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5717060C-0509-11E0-B88E-001D60AF2322}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\CtxMenu.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7ADE76BA-7AF7-44BF-B0C5-A946534F1EBA}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\ARProgBar.ocx" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7EC04D5B-19A8-45EE-BCB0-6FE0067F9468}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedCry.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{90FDB7BD-EB76-4AC9-8385-D1EE80BBCDCD}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedCry.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A02A65C1-50E4-4E5D-B9D0-625D5DEBC671}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedCry.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A0A61B00-96A6-457F-AA5E-AFA5167852E5}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedCry.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BBA63CAC-9913-4A13-9212-E97BB70C05C9}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedCry.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3271080-C57A-4520-8066-337AD212D7E0}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedCry.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C55F0A34-4286-4094-905E-75CBD8BF0776}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\sosbutton.ocx" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8C78E98-0116-4491-9272-C7F8B0A02E0D}\InprocServer32] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Integration.Radialpoint.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8C78E98-0116-4491-9272-C7F8B0A02E0D}\InprocServer32\5.0.2.34] "CodeBase"="file:///C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\Integration.Radialpoint.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D3E95E1D-D003-42A0-91FD-465DC624BC7A}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedCry.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D865F1E7-BAC6-4ECA-B37B-0A5DDFF2D031}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedCry.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\XceedZip.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E994B1F9-F7D0-11D6-A2A1-0010DC1D796E}\InprocServer32] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\SMButton.ocx" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{44C656C7-0515-11E0-B88E-001D60AF2322}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{44C656CB-0515-11E0-B88E-001D60AF2322}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{492E7335-C8AC-4F5F-B307-B8176C3954BE}\1.0\0\win64] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\vsscopy.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{492E7335-C8AC-4F5F-B307-B8176C3954BE}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{55A560A7-E3F9-4790-8D22-F3A97009AC8F}\1.1\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{571705B0-0509-11E0-B88E-001D60AF2322}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{571705C9-0509-11E0-B88E-001D60AF2322}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{571705CF-0509-11E0-B88E-001D60AF2322}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{57170602-0509-11E0-B88E-001D60AF2322}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{57170609-0509-11E0-B88E-001D60AF2322}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9760A2BE-C7C2-4690-AAC8-E64EFEDF1BB5}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{BF0830DA-D0C3-4FBE-814C-56444666D9F0}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D8F0BDA9-3F22-4FA0-B695-8DEC09CAD0EB}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}\5.2\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E994B1F7-F7D0-11D6-A2A1-0010DC1D796E}\13.1\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE757A1F-B0AC-40BC-9E72-B8651740F53E}\1.0\HELPDIR] @="C:\\Users\\Kelsey\\AppData\\Local\\Strongvault Online Backup\\" ==== C:\zoek_backup content ====================== C:\zoek_backup (files=11 folders=8 21998 bytes) ==== EOF on Wed 10/29/2014 at 17:50:31.04 ======================

Naaathim, The Strongvault appears to be hidden in the app data and is not found when trying to delete the program in the Uninstall a program section. Here are the two files you requested. Thanks again for the help. Fujymo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.3 (10.21.2014:1) OS: Windows 7 Home Premium x64 Ran by Administrator on Tue 10/28/2014 at 19:20:00.55 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 10/28/2014 at 19:33:12.56 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v4.002 - Report created 28/10/2014 at 19:55:45 # DB v2014-10-26.6 # Updated 27/10/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Administrator - KELSEY-PC # Running from : C:\Users\Administrator\Downloads\adwcleaner_4.002.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17344 -\\ Mozilla Firefox v32.0.3 (x86 en-US) -\\ Google Chrome v38.0.2125.104 ************************* AdwCleaner[R0].txt - [13153 octets] - [20/10/2014 17:27:48] AdwCleaner[R1].txt - [1039 octets] - [28/10/2014 19:51:36] AdwCleaner[s0].txt - [12879 octets] - [20/10/2014 17:30:33] AdwCleaner[s1].txt - [957 octets] - [28/10/2014 19:55:45] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1016 octets] ##########

Naathim, Thanks for the patience. Attached are the two logs from Farbar. I will also add the computer is getting multiple attacks from Ip addresses and websites that norton is stopping. Thanks, Fujymo Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 Ran by Administrator (administrator) on KELSEY-PC on 27-10-2014 09:33:29 Running from C:\Users\Administrator\Desktop\malware Loaded Profile: Administrator (Available profiles: Kelsey & Administrator) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Microsoft Corporation) C:\Windows\splwow64.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-14] (Synaptics Incorporated) HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7138816 2012-06-10] (Broadcom Corporation) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated) HKLM\...\Run: [instantUpdate] => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe [124520 2012-04-06] () HKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation) HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 HKLM-x32\...\Run: [ROC_ROC_JULY_P1] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.) HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-1872342984-4112894413-1070716142-500\...\MountPoints2: {d878b479-3e79-11e3-a96e-b888e308cbd6} - G:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-18\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect" Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Startup: C:\Users\Kelsey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK ShortcutTarget: Registration .LNK -> D:\Register\RegistrationReminder.exe (No File) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ffxsbfk0.default FF Homepage: hxxp://www.bing.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-10-21] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20] CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation) R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5824512 2012-06-10] (Broadcom Corporation) [File not signed] S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-03-21] (Broadcom Corporation.) R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141016.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-10-03] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141024.001\IDSvia64.sys [633560 2014-08-27] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) U4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-27] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141026.020\ENG64.SYS [129752 2014-10-03] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141026.020\EX64.SYS [2137304 2014-10-03] (Symantec Corporation) R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-02-14] (Synaptics Incorporated) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation) S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-27] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-21 13:26 - 2014-10-27 09:23 - 00000000 ___HD () C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A} 2014-10-21 13:10 - 2014-10-21 13:10 - 00060238 _____ () C:\Users\Administrator\Desktop\zoek-results.txt 2014-10-21 11:26 - 2014-10-21 11:26 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple 2014-10-21 10:35 - 2014-10-21 09:56 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-10-21 10:03 - 2014-10-21 13:08 - 00060238 _____ () C:\zoek-results.log 2014-10-21 09:56 - 2014-10-21 10:32 - 00000000 ____D () C:\zoek_backup 2014-10-20 18:29 - 2014-10-20 18:29 - 00012879 _____ () C:\Users\Administrator\Desktop\AdwCleaner[s0].txt 2014-10-20 17:27 - 2014-10-20 17:31 - 00000000 ____D () C:\AdwCleaner 2014-10-20 17:26 - 2014-10-20 17:26 - 01976320 _____ () C:\Users\Administrator\Desktop\AdwCleaner.exe 2014-10-20 14:25 - 2014-10-20 14:25 - 00008591 _____ () C:\Users\Administrator\Desktop\JRT.txt 2014-10-20 14:10 - 2014-10-20 14:10 - 00000000 ____D () C:\Windows\ERUNT 2014-10-20 14:09 - 2014-10-20 14:09 - 01705698 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe 2014-10-20 09:15 - 2014-10-20 09:15 - 00021232 _____ () C:\Users\Administrator\Desktop\1.txt 2014-10-20 09:14 - 2014-10-20 09:14 - 00021232 _____ () C:\Users\Administrator\Desktop\ListChkdskResult.txt 2014-10-20 09:13 - 2014-10-20 09:13 - 00197679 _____ () C:\Users\Administrator\Desktop\ListChkdskResult.exe 2014-10-19 21:37 - 2014-10-19 21:37 - 00891976 _____ () C:\Windows\Minidump\101914-34866-01.dmp 2014-10-19 10:46 - 2014-10-19 10:46 - 01097688 _____ () C:\Windows\Minidump\101914-43820-01.dmp 2014-10-18 19:21 - 2014-10-18 17:38 - 00002514 _____ () C:\Users\Administrator\Desktop\log.xml 2014-10-18 17:38 - 2014-10-18 19:22 - 00001065 _____ () C:\Users\Administrator\Desktop\1234.txt 2014-10-16 12:41 - 2014-10-27 09:33 - 00000000 ____D () C:\FRST 2014-10-16 12:39 - 2014-10-27 09:33 - 00000000 ____D () C:\Users\Administrator\Desktop\malware 2014-10-15 23:18 - 2014-10-27 09:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-15 23:17 - 2014-10-18 07:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-15 23:17 - 2014-10-18 07:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-15 23:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-15 23:17 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-15 23:11 - 2014-10-15 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-15 23:11 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-15 23:11 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-15 23:11 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-15 23:11 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-15 23:10 - 2014-10-15 23:11 - 00004685 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log 2014-10-15 23:10 - 2014-10-15 23:10 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList 2014-10-15 23:10 - 2014-10-15 23:10 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList 2014-10-15 18:32 - 2014-10-15 18:32 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite 2014-10-15 01:51 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-15 01:50 - 2014-08-18 23:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2014-10-15 01:50 - 2014-08-18 23:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2014-10-15 01:50 - 2014-08-18 23:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-10-15 01:50 - 2014-08-18 23:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2014-10-15 01:50 - 2014-08-18 23:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2014-10-15 01:50 - 2014-08-18 23:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2014-10-15 01:50 - 2014-08-18 23:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2014-10-15 01:50 - 2014-08-18 23:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2014-10-15 01:50 - 2014-08-18 23:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2014-10-15 01:50 - 2014-08-18 23:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2014-10-15 01:50 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2014-10-15 01:50 - 2014-08-18 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2014-10-15 01:50 - 2014-08-18 22:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2014-10-15 01:50 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-10-15 01:50 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-10-15 01:50 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-10-15 01:50 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-10-15 01:50 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-10-15 01:50 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-10-15 01:50 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-10-15 01:50 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-10-15 01:50 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-10-15 01:50 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-10-15 01:50 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-10-15 01:50 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-10-15 01:50 - 2014-07-06 22:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-10-15 01:50 - 2014-07-06 22:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2014-10-15 01:50 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-10-15 01:50 - 2014-07-06 22:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-10-15 01:50 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-10-15 01:50 - 2014-07-06 22:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2014-10-15 01:50 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2014-10-15 01:50 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2014-10-15 01:50 - 2014-07-06 22:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-10-15 01:50 - 2014-07-06 22:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-10-15 01:50 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-10-15 01:50 - 2014-07-06 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2014-10-15 01:50 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2014-10-15 01:50 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2014-10-15 01:50 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2014-10-15 01:50 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-10-15 01:50 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-10-15 01:50 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-10-15 01:50 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-10-15 01:50 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-10-15 01:50 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-10-15 01:50 - 2014-06-27 20:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-10-15 01:50 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2014-10-15 01:50 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2014-10-15 01:50 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-15 01:50 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-15 01:50 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-15 01:50 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-15 01:50 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-15 01:50 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-15 01:49 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-15 01:49 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-15 01:49 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-15 01:49 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-15 01:49 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-15 01:49 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-15 01:49 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-15 01:49 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-15 01:49 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-15 01:49 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-15 01:49 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-15 01:49 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-15 01:49 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-15 01:49 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-15 01:49 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-15 01:49 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-15 01:49 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-15 01:49 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-15 01:49 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-15 01:49 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-15 01:49 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-15 01:49 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-15 01:49 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-15 01:49 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-15 01:49 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-15 01:49 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-15 01:49 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-15 01:49 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-15 01:49 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-15 01:49 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-15 01:49 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-15 01:49 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-15 01:49 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-15 01:49 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-15 01:49 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-15 01:49 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-15 01:49 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-15 01:49 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-15 01:49 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-15 01:49 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-15 01:49 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-15 01:49 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-15 01:49 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-15 01:49 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-15 01:49 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-15 01:49 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-15 01:49 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-15 01:49 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-15 01:49 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-15 01:49 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-15 01:49 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-15 01:49 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-15 01:49 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-15 01:49 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-15 01:49 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-15 01:49 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-15 01:49 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-15 01:49 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-15 01:49 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-15 01:49 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-15 01:49 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-15 01:49 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-15 01:49 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-15 01:48 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-15 01:48 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-15 01:48 - 2014-07-16 22:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-15 01:48 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-15 01:48 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-15 01:48 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-15 01:48 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-15 01:48 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-15 01:48 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-15 01:48 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-15 01:48 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-15 01:48 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-15 01:48 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-15 01:48 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-15 01:48 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-15 01:48 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-15 01:48 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-15 01:48 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-07 20:22 - 2014-10-07 21:50 - 86934059 _____ () C:\Users\Kelsey\Documents\How lobg will I love you.wmv 2014-10-05 22:17 - 2014-10-05 22:17 - 00040464 _____ () C:\Users\Kelsey\Documents\oh death.veg 2014-09-30 23:20 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-09-30 23:20 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-30 00:31 - 2014-09-30 00:52 - 154102745 _____ () C:\Users\Kelsey\Downloads\Heartland Season 8 - Episode 1 - There and Back Again.mp4 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-27 09:24 - 2012-11-11 12:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps 2014-10-27 09:23 - 2012-06-10 09:57 - 01765044 _____ () C:\Windows\WindowsUpdate.log 2014-10-27 09:16 - 2013-02-22 23:49 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000Core.job 2014-10-27 09:14 - 2012-11-28 13:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-27 09:08 - 2012-11-28 13:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-27 09:07 - 2013-02-22 23:49 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000UA.job 2014-10-27 09:07 - 2012-04-03 01:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-26 17:43 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-26 17:43 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-25 23:50 - 2009-07-14 00:51 - 00145581 _____ () C:\Windows\setupact.log 2014-10-25 04:10 - 2014-02-07 21:19 - 00000000 ____D () C:\Program Files (x86)\ooVoo 2014-10-24 19:15 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-10-24 19:09 - 2014-06-10 16:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-23 12:21 - 2013-01-14 21:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-10-22 20:48 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-21 20:34 - 2012-11-28 13:01 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-21 20:33 - 2012-11-28 13:01 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-21 13:05 - 2010-11-20 23:47 - 00731982 _____ () C:\Windows\PFRO.log 2014-10-21 13:05 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-20 17:31 - 2013-03-11 22:23 - 00000000 ____D () C:\Users\Kelsey\AppData\Local\CRE 2014-10-19 21:37 - 2013-03-14 18:02 - 00000000 ____D () C:\Windows\Minidump 2014-10-19 21:37 - 2013-03-14 17:51 - 605806138 _____ () C:\Windows\MEMORY.DMP 2014-10-19 21:15 - 2013-10-03 21:54 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-10-18 13:39 - 2012-11-28 13:01 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-18 07:32 - 2013-01-22 22:51 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-15 23:31 - 2012-11-08 21:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla 2014-10-15 23:18 - 2012-08-16 21:32 - 00000000 ____D () C:\ProgramData\HP 2014-10-15 23:17 - 2013-01-22 22:51 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-15 23:17 - 2013-01-22 22:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-10-15 23:12 - 2014-02-06 23:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-15 23:11 - 2012-08-12 17:24 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-15 23:03 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-10-15 18:30 - 2014-01-31 11:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite 2014-10-15 18:30 - 2014-01-27 17:47 - 00002444 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk 2014-10-15 18:30 - 2012-08-11 18:56 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-10-15 18:30 - 2012-08-11 18:56 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64 2014-10-15 04:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-10-15 03:51 - 2009-07-14 00:45 - 00282368 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-15 03:47 - 2014-05-08 13:02 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-15 03:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-10-15 03:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-10-15 03:12 - 2013-08-14 13:48 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-15 03:01 - 2013-02-07 00:02 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-14 09:14 - 2012-08-27 19:30 - 00000000 ____D () C:\Users\Kelsey\AppData\Roaming\Skype 2014-10-13 21:29 - 2012-08-26 16:50 - 00000000 ____D () C:\Users\Kelsey\AppData\Local\CrashDumps 2014-10-05 22:21 - 2014-03-14 19:34 - 00076024 _____ () C:\Users\Kelsey\Documents\pippin.veg.bak 2014-10-05 22:21 - 2014-03-14 19:34 - 00076024 _____ () C:\Users\Kelsey\Documents\pippin.veg 2014-10-04 22:51 - 2014-08-24 18:36 - 00000000 ____D () C:\Users\Kelsey\Documents\pro rodeo 2014-10-01 11:11 - 2013-01-22 22:51 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-29 10:25 - 2012-08-11 20:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-29 06:11 - 2014-09-26 15:19 - 00000000 ____D () C:\Users\Kelsey\AppData\Local\{5E1273D6-B7D2-462D-A1C5-BAFA2C6A8F31} ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 00:36 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 Ran by Administrator at 2014-10-27 09:34:59 Running from C:\Users\Administrator\Desktop\malware Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) clear.fi SDK - MVP 2 (x32 Version: 2.0.1505 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.0.1502 - CyberLink Corp.) Hidden Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2108.00 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.5.2108.00 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated) Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent) Acer Instant Update Service (HKLM\...\{682EC6E8-A300-45FD-8F09-0F3A6EA334D6}) (Version: 1.00.3004 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 20.11.1107.1418 - Acer Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden Algebra 2 Teaching Textbook (HKLM-x32\...\Algebra 2 Teaching Textbook) (Version: - Teaching Textbooks Inc.) Any Video Converter 3.4.2 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.) AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.) Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 15.0.7.2 - Broadcom Corporation) Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation) Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.82.120 - Broadcom Corporation) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ‎Canon Inc.‬) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.) Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.00 - Canon Inc.) Canon MG6300 series On-screen Manual (HKLM-x32\...\Canon MG6300 series On-screen Manual) (Version: 7.5.0 - Canon Inc.) Canon MG6300 series User Registration (HKLM-x32\...\Canon MG6300 series User Registration) (Version: - Canon Inc.‎) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.) Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3004 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3004 - Acer Incorporated) Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation) Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc) Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.) Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.) Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation) Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.710 - Oracle) Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Acer Inc.) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office XP Professional (HKLM-x32\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation) Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation) Microsoft Office XP Standard (HKLM-x32\...\{90120409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.) newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.9052 - ooVoo LLC.) Oovoo Toolbar (HKLM-x32\...\{4F564F32-5637-4300-76A7-A758B70C1200}) (Version: 12.18.0.3119 - APN, LLC) Oregon Trail® 5 (HKLM-x32\...\Oregon Trail® 5) (Version: - ) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden Preset Manager 2.0 (HKLM-x32\...\{FCFE3F81-C977-4D31-877B-2778BB2A02DE}) (Version: 2.0.114 - Sony) QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.) Saddle Up (HKLM-x32\...\{D33531F0-F0F0-4FA9-B3EC-88CB69F178D0}) (Version: 1.00.000 - ) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.) Sculptris Alpha 6 (HKLM-x32\...\InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}) (Version: 0.6 - Pixologic) Sculptris Alpha 6 (x32 Version: 0.6 - Pixologic) Hidden Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) Sony Vegas Pro Pre-Cracked By Exµs 11.0 (HKLM-x32\...\Sony Vegas Pro Pre-Cracked By Exµs) (Version: 11.0 - TheMrExus) Spirit (remove only) (HKLM-x32\...\spirit-9.06) (Version: - ) Star Stable (HKLM-x32\...\{2B03B553-4983-4005-99C4-31DFC25B4BB9}) (Version: 1.00.0000 - Star Stable Entertainment AB) Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.41.5 - Synaptics Incorporated) Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vegas Pro 12.0 (64-bit) (HKLM\...\{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}) (Version: 12.0.394 - Sony) Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated) WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2610 - Broadcom Corporation) WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WolfQuest (HKLM-x32\...\{9E6AD6CF-1EFF-43E4-86C4-5C00254C3D8E}) (Version: 2.5.1 - eduweb) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1872342984-4112894413-1070716142-500_Classes\CLSID\{F9E1BD9A-84B5-4D12-9195-0B3E7D86FD35}\InprocServer32 -> C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\ddrawex.dll (Microsoft Corporation) ==================== Restore Points ========================= 23-10-2014 04:00:04 Scheduled Checkpoint 23-10-2014 07:00:12 Windows Update 24-10-2014 07:00:15 Windows Update 25-10-2014 07:00:18 Windows Update 26-10-2014 21:27:15 Windows Update 27-10-2014 13:07:42 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {3030FA2F-45C5-46D5-B505-A33032F8DFCB} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.) Task: {33D3F771-3083-4424-B0B4-55D25AC7F73F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000UA => C:\Users\Kelsey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-22] (Facebook Inc.) Task: {3C5D07A1-5A10-41D3-9975-075BB4F487CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-28] (Google Inc.) Task: {3CB1C6AB-8B75-4164-BD89-00C32D6724B3} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink) Task: {3D3E648A-FEB9-4427-AD86-6AB7A5025BFF} - System32\Tasks\{38D3D146-0693-4E13-8D09-82BAC2740842} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=12002 Task: {46136510-9678-4783-917A-739E3233C4BE} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {4BBC4444-881A-43A9-9371-771A59050A9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-28] (Google Inc.) Task: {6C480530-41CA-496D-8D3A-588B237C64C2} - System32\Tasks\{3D65047E-5053-4816-866D-E87256CFAE09} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=12002 Task: {6D4FAB21-5DD4-495C-BD84-EA0BCC688CBD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000Core => C:\Users\Kelsey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-22] (Facebook Inc.) Task: {6EB34418-0517-4B19-BF83-9F07FACDB029} - System32\Tasks\{89EDE0C0-5811-4347-A7F9-472F7EFD2382} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=12002 Task: {81E04DED-8673-4FDA-975A-33794614CD62} - System32\Tasks\{9A53F2BC-FE26-4617-9D39-939F8B5B5089} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=12002 Task: {867F38CC-D890-4D51-B6CD-2BE294D0D33C} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated) Task: {C7318021-867F-4F04-84ED-FC27DADF8491} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation) Task: {C9234B97-5AB5-4162-977F-96E0567133E2} - System32\Tasks\{90A55BAF-6154-492D-A20B-03FF4E2DC7AC} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=12002 Task: {D041E6F6-34C0-4EE8-AF47-33E0369E35E6} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {DB284CE3-3EFC-4EA8-8C07-134C8234E144} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.) Task: {F4E50B09-91D1-41A6-9F8B-6A802CCA1290} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated) Task: {FF469E3F-8237-48DE-9407-08511F97861C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000Core.job => C:\Users\Kelsey\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000UA.job => C:\Users\Kelsey\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-03 21:55 - 2012-03-28 08:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 2012-05-14 06:29 - 2012-03-26 20:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-04-06 23:29 - 2012-04-06 23:29 - 00040552 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe 2012-04-06 23:29 - 2012-04-06 23:29 - 00022120 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe 2012-01-05 17:22 - 2012-01-05 17:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2012-01-05 17:22 - 2012-01-05 17:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2012-01-05 17:22 - 2012-01-05 17:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll 2014-10-15 04:04 - 2014-10-15 04:04 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll 2012-04-03 00:54 - 2012-02-01 19:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2012-06-10 10:09 - 2012-02-07 21:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2014-10-18 13:38 - 2014-10-09 22:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll 2014-10-18 13:38 - 2014-10-09 22:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll 2014-10-18 13:38 - 2014-10-09 22:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll 2014-10-18 13:38 - 2014-10-09 22:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:888AFB86 AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1872342984-4112894413-1070716142-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-1872342984-4112894413-1070716142-501 - Limited - Disabled) Kelsey (S-1-5-21-1872342984-4112894413-1070716142-1000 - Administrator - Enabled) => C:\Users\Kelsey ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/27/2014 09:24:17 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 32.0.3.5379 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: f54 Start Time: 01cfed7925749bcf Termination Time: 1783 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 81d375a8-5ddc-11e4-a80d-b888e308cbd6 Error: (10/27/2014 09:24:17 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 32.0.3.5379, time stamp: 0x54224e6b Faulting module name: mozalloc.dll, version: 32.0.3.5379, time stamp: 0x54221b67 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting process id: 0x1c68 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (10/27/2014 09:16:21 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/27/2014 09:09:50 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Skype.exe version 6.18.0.106 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: a18 Start Time: 01cfefe050bd25d4 Termination Time: 143 Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe Report Id: 786ac59f-5dda-11e4-a80d-b888e308cbd6 Error: (10/26/2014 05:28:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: PMMUpdate.exe, version: 1.1.41.0, time stamp: 0x4d907542 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24 Exception code: 0xc0000005 Fault offset: 0x0000000000053290 Faulting process id: 0xf60 Faulting application start time: 0xPMMUpdate.exe0 Faulting application path: PMMUpdate.exe1 Faulting module path: PMMUpdate.exe2 Report Id: PMMUpdate.exe3 Error: (10/26/2014 05:26:04 PM) (Source: Google Update) (EventID: 20) (User: Kelsey-PC) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned Error: (10/25/2014 09:54:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SynTPEnh.exe, version: 15.3.41.5, time stamp: 0x4f3abd99 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000008a00000025 Faulting process id: 0xd68 Faulting application start time: 0xSynTPEnh.exe0 Faulting application path: SynTPEnh.exe1 Faulting module path: SynTPEnh.exe2 Report Id: SynTPEnh.exe3 Error: (10/25/2014 03:49:05 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: BackupManagerTray.exe, version: 3.0.0.100, time stamp: 0x4f053c75 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0xfffff900 Faulting process id: 0xd90 Faulting application start time: 0xBackupManagerTray.exe0 Faulting application path: BackupManagerTray.exe1 Faulting module path: BackupManagerTray.exe2 Report Id: BackupManagerTray.exe3 Error: (10/22/2014 08:52:44 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 598 Start Time: 01cfed519c41ea1b Termination Time: 0 Application Path: C:\Windows\Explorer.EXE Report Id: d995aae4-5a4e-11e4-a80d-b888e308cbd6 Error: (10/21/2014 01:07:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (10/27/2014 09:06:26 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service. Error: (10/26/2014 05:26:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service. Error: (10/26/2014 05:26:50 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {A677570A-2BA2-4E9A-B2E2-8A02CD8B4FD3} Error: (10/26/2014 05:26:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. Error: (10/26/2014 05:26:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service. Error: (10/26/2014 05:25:58 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (10/26/2014 05:25:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service. Error: (10/26/2014 05:25:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error: (10/26/2014 05:24:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. Error: (10/26/2014 05:23:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. Microsoft Office Sessions: ========================= Error: (10/27/2014 09:24:17 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: firefox.exe32.0.3.5379f5401cfed7925749bcf1783C:\Program Files (x86)\Mozilla Firefox\firefox.exe81d375a8-5ddc-11e4-a80d-b888e308cbd6 Error: (10/27/2014 09:24:17 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b1c6801cfed79b47cc715C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll8c9278af-5ddc-11e4-a80d-b888e308cbd6 Error: (10/27/2014 09:16:21 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Kelsey\Downloads\esetsmartinstaller_enu.exe Error: (10/27/2014 09:09:50 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Skype.exe6.18.0.106a1801cfefe050bd25d4143C:\Program Files (x86)\Skype\Phone\Skype.exe786ac59f-5dda-11e4-a80d-b888e308cbd6 Error: (10/26/2014 05:28:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: PMMUpdate.exe1.1.41.04d907542ntdll.dll6.1.7601.18247521eaf24c00000050000000000053290f6001cfed5306c238dfC:\Program Files\EgisTec IPS\PMMUpdate.exeC:\Windows\SYSTEM32\ntdll.dllfa6d8f01-5d56-11e4-a80d-b888e308cbd6 Error: (10/26/2014 05:26:04 PM) (Source: Google Update) (EventID: 20) (User: Kelsey-PC) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned Error: (10/25/2014 09:54:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: SynTPEnh.exe15.3.41.54f3abd99unknown0.0.0.000000000c00000050000008a00000025d6801cfed51ae093127C:\Program Files\Synaptics\SynTP\SynTPEnh.exeunknown60d0a688-5c4e-11e4-a80d-b888e308cbd6 Error: (10/25/2014 03:49:05 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: BackupManagerTray.exe3.0.0.1004f053c75unknown0.0.0.000000000c0000005fffff900d9001cfed51af308aa6C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exeunknown63ff5014-5c1b-11e4-a80d-b888e308cbd6 Error: (10/22/2014 08:52:44 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7601.1756759801cfed519c41ea1b0C:\Windows\Explorer.EXEd995aae4-5a4e-11e4-a80d-b888e308cbd6 Error: (10/21/2014 01:07:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel® Core i3-2370M CPU @ 2.40GHz Percentage of memory in use: 52% Total physical RAM: 3932.36 MB Available physical RAM: 1852.34 MB Total Pagefile: 7862.9 MB Available Pagefile: 4519.39 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:447.66 GB) (Free:246.02 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0D7A3097) Partition 1: (Not Active) - (Size=18 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=447.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================

I am out of town I will be back on the computer Sunday night and I will be able to do. Thanks, Fujymo

Naathim, I got a little ahead of myself and started the program under current user. There are two users on the system -- the Administrator and my daughters. It ran under the administrator. I did not want to restart the program with the script without your OK. Let me know if that is what you want done. Attached is the file of the current user. Thanks, Fujymo Zoek.exe v5.0.0.0 Updated 19-10-2014 Tool run by Administrator on Tue 10/21/2014 at 9:57:19.38. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Administrator\Downloads\zoek.exe [scan current user] [script inserted] ==== System Restore Info ====================== 10/21/2014 10:03:35 AM Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== clear.fi SDK- Movie 2 clear.fi SDK - MVP 2 Acer Backup Manager Acer Crystal Eye Webcam Acer ePower Management Acer eRecovery Management Acer Games Acer Instant Update Service Acer Registration Acer ScreenSaver Acer Updater Adobe AIR Adobe Flash Player 15 ActiveX Adobe Flash Player 15 Plugin Adobe Reader XI (11.0.08) Adobe Shockwave Player 12.0 Agatha Christie - Death on the Nile Algebra 2 Teaching Textbook Any Video Converter 3.4.2 Apple Application Support Apple Software Update AVS Update Manager 1.0 AVS4YOU Software Navigator 1.4 Backup Manager V3 Bejeweled 3 Broadcom Card Reader Driver Installer Broadcom NetLink Controller Broadcom Wireless Utility Canon Easy-WebPrint EX Canon IJ Network Scanner Selector EX Canon IJ Network Tool Canon IJ Scan Utility Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MG6300 series MP Drivers Canon MG6300 series On-screen Manual Canon MG6300 series User Registration Canon My Image Garden Canon My Image Garden Design Files Canon My Printer Canon Quick Menu Chronicles of Albian Chuzzle Deluxe Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module clear.fi Media clear.fi Photo Control ActiveX de Windows Live Mesh para conexiones remotas Controle ActiveX do Windows Live Mesh para Conexoes Remotas Contr“le ActiveX Windows Live Mesh pour connexions … distance Cradle of Rome 2 CyberLink MediaEspresso D3DX10 Dolby Home Theater v4 Dora's World Adventure Evernote v. 4.5.2 Facebook Video Calling 3.1.0.521 FATE Final Drive: Nitro Fooz Kids Fooz Kids Platform Galer¡a fotogr fica de Windows Live Galerie de photos Windows Live Google Chrome Google Update Helper Governor of Poker 2 Premium Edition Identity Card Intel® Control Center Intel® Management Engine Components Intel® OpenCL CPU Runtime Intel® Processor Graphics Intel® Rapid Storage Technology Intel® USB 3.0 eXtensible Host Controller Driver Intelr Trusted Connect Service Client Java 7 Update 71 Java Auto Updater JavaFX 2.1.1 Jewel Match 3 Jewel Quest Mysteries: The Seventh Gate Collector's Edition Junk Mail filter update Launch Manager Malwarebytes Anti-Malware version 2.0.3.1025 Mesh Runtime Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office XP Professional Microsoft Office XP Professional with FrontPage Microsoft Office XP Standard Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 More Games from Acer Games Mozilla Firefox 32.0.3 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT Redists MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyWinLocker MyWinLocker 4 MyWinLocker Suite newsXpresso NOOK for PC Norton Online Backup Norton Security Suite NTI Media Maker 9 ooVoo Oovoo Toolbar Oregon Trail® 5 Penguins Plants vs. Zombies - Game of the Year Polar Bowler Polar Golfer Preset Manager 2.0 QuickTime Realtek High Definition Audio Driver Saddle Up Samsung Kies SAMSUNG USB Driver for Mobile Phones Sculptris Alpha 6 Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Shredder Skype Click to Call SkypeT 6.18 Sony Vegas Pro Pre-Cracked By Exæs 11.0 Spirit (remove only) Star Stable Strongvault Online Backup swMSM Synaptics Pointing Device Driver Torchlight Update Installer for WildTangent Games App Vegas Pro 12.0 (64-bit) Virtual Villagers 5 - New Believers Welcome Center WIDCOMM Bluetooth Software WildTangent Games App (Acer Games) Windows Live Communications Platform Windows Live Essentials Windows Live Galeria de Fotos Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.20 (64-bit) WolfQuest Zuma's Revenge ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files (x86)\Launch Manager\LMutilps32.exe C:\Program Files (x86)\Acer\Registration\GREGsvc.exe C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Windows\SysWOW64\cmd.exe ==== Services (whitelist) ====================== Powered by E Dev R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" R2 - [btwdins] - Bluetooth Service - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe R2 - [c2cautoupdatesvc] - Skype Click to Call Updater - "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service R2 - [c2cpnrsvc] - Skype Click to Call PNR Service - "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service R2 - [DsiWMIService] - Dritek WMI Service - C:\Program Files (x86)\Launch Manager\dsiwmis.exe R2 - [ePowerSvc] - ePower Service - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe R2 - [GREGService] - GREGService - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe R2 - [iAStorDataMgrSvc] - Intel® Rapid Storage Technology - "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" R2 - [iJPLMSVC] - Canon Inkjet Printer/Scanner/Fax Extended Survey Program - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE R2 - [intel® Capability Licensing Service Interface] - Intel® Capability Licensing Service Interface - "C:\Program Files\Intel\iCLS Client\HeciServer.exe" R2 - [jhi_service] - Intel® Dynamic Application Loader Host Interface Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe R2 - [Live Updater Service] - Live Updater Service - C:\Program Files\Acer\Acer Updater\UpdaterService.exe R2 - [LMS] - Intel® Management and Security Application Local Management Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe R2 - [MBAMScheduler] - MBAMScheduler - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" R2 - [MBAMService] - MBAMService - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" R2 - [N360] - Norton Security Suite - "C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\diMaster.dll" /prefetch:1 R2 - [NOBU] - Norton Online Backup - "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE R2 - [uNS] - Intel® Management and Security Application User Notification Service - "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" R2 - [wltrysvc] - Broadcom Wireless LAN Tray Service - "C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE" "C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe" R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe" R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding R3 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc S2 - [McAfee SiteAdvisor Service] - McAfee SiteAdvisor Service - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} S3 - [cphs] - Intel® Content Protection HECI Service - C:\Windows\SysWow64\IntelCpHeciSvc.exe S3 - [EgisTec Ticket Service] - EgisTec Ticket Service - "C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe" S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe S3 - [FLEXnet Licensing Service] - FLEXnet Licensing Service - "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe S3 - [GamesAppService] - GamesAppService - "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc S3 - [iEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe S3 - [sNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe S3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe" S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe S4 - [wlcrasvc] - Windows Live Mesh remote connections service - "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\toolbarImages deleted C:\PROGRA~3\boost_interprocess deleted C:\Users\Public\sdelevURL.tmp deleted C:\Windows\SysNative\config\systemprofile\Searches deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3933 MB CPU Info: Intel® Core i3-2370M CPU @ 2.40GHz CPU Speed: 2390.5 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: Intel® HD Graphics 3000 | Intel® HD Graphics 3000 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Broadcom Virtual Wireless Adapter | Broadcom 802.11n Network Adapter | Broadcom NetLink Gigabit Ethernet CD / DVD Drives: 1x (D: | ) D: MATSHITADVD-RAM UJ8C0 Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 447.7GB Hard Disks - Free: C: 224.4GB Manufacturer *: Acer BIOS Info: AT/AT COMPATIBLE | 05/11/12 | ACRSYS - 1 Time Zone: US Eastern Standard Time Motherboard *: Acer VA50_HC_HR Country: United States Language: ENU ==== System Specs (Software) ====================== Anti-Virus: Norton Security Suite On-access scanning disabled (Outdated) Anti-Spyware: Norton Security Suite disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: Norton Security Suite disabled Internet Explorer Version: 11.0.9600.17358 Mozilla Firefox version: 32.0.3 (x86 en-US) Google Chrome version: 38.0.2125.104 Adobe Reader version: 11.0.8.4 Sun Java version: 1.7.0_71 (32-bit) Flash Player version: 15.0.0.152 Shockwave Player version: 12.0.2r122 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\ADMINI~1\AppData\Local\Temp ==== 2014-10-20 18:10:17 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\libiconv2.dll 2014-10-20 18:10:17 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\libintl3.dll 2014-10-20 18:10:17 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\pcre3.dll 2014-10-20 18:10:17 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\regex2.dll 2014-10-20 18:10:17 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\erunt\ERUNT.EXE 2014-10-12 16:54:48 E17B30D3B06DBC63E9E94DAE70290A35 787968 ----a-w- C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-10-16 03:11:43 B9F9FD6188CC732F19DB69CAE5CC597C 272808 ----a-w- C:\Windows\SysWOW64\javaws.exe 2014-10-16 03:11:32 8FA677D5F2AFE2A3F111C50D68A93542 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-16 03:11:32 3594C0ABBFFE10B3CF95714B8B3C89A4 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe 2014-10-16 03:11:32 095826BCBBFA5C09C72463A82612B23C 175528 ----a-w- C:\Windows\SysWOW64\java.exe 2014-10-15 05:50:57 D5D5BBF6AA45D820BAA0BD1303B8AAF6 81560 ----a-w- C:\Windows\SysWOW64\mscories.dll 2014-10-15 05:50:57 A139A5E6B34F136405B030EA04595A20 156824 ----a-w- C:\Windows\SysWOW64\mscorier.dll 2014-10-15 05:50:57 8580484193CE0A0788830FBAB97CF13B 1131664 ----a-w- C:\Windows\SysWOW64\dfshim.dll 2014-10-15 05:50:50 06FC8A93A4FA1F42A3D1D06694F2B339 419992 ----a-w- C:\Windows\SysWOW64\locale.nls 2014-10-15 05:50:48 C7673B3F8BB35221B42D67BF7ADAFDFD 7168 ----a-w- C:\Windows\SysWOW64\KBDYAK.DLL 2014-10-15 05:50:48 730B7C639957EA0BF37C1459831A1E19 6656 ----a-w- C:\Windows\SysWOW64\KBDRU1.DLL 2014-10-15 05:50:48 72222991598E173BBE1429426926C020 7168 ----a-w- C:\Windows\SysWOW64\KBDTAT.DLL 2014-10-15 05:50:48 45B308F20FEF040BD7321E85F69DF5E2 6656 ----a-w- C:\Windows\SysWOW64\KBDRU.DLL 2014-10-15 05:50:48 2BD0519015E899A2FF52210CC5875F88 6656 ----a-w- C:\Windows\SysWOW64\KBDBASH.DLL 2014-10-15 05:50:40 2C5D7D6C3C3E998306F0BFD7FF7114B9 744960 ----a-w- C:\Windows\SysWOW64\blackbox.dll 2014-10-15 05:50:39 C1140AAB50F59C68394CE4C4046A9A8D 988160 ----a-w- C:\Windows\SysWOW64\drmv2clt.dll 2014-10-15 05:50:31 152FCD9B979D70FDB703A28152B634EA 11411456 ----a-w- C:\Windows\SysWOW64\wmp.dll 2014-10-15 05:50:31 089236B6EC2E6C52A1864B79A09D7690 617984 ----a-w- C:\Windows\SysWOW64\wmdrmsdk.dll 2014-10-15 05:50:29 F50F1EBD832CA070E1717C2044806ECF 3208704 ----a-w- C:\Windows\SysWOW64\mf.dll 2014-10-15 05:50:29 1858EF9B8A1E334AC1262D664367F451 406016 ----a-w- C:\Windows\SysWOW64\drmmgrtn.dll 2014-10-15 05:50:28 9153F819C855EBD72417DAE7C176CF50 442880 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll 2014-10-15 05:50:27 776DBF61BA3E8FA64FFA052559A29174 195584 ----a-w- C:\Windows\SysWOW64\AudioSes.dll 2014-10-15 05:50:26 FDA08BEB01B0B0E372088DC21CBA73F3 3970488 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2014-10-15 05:50:22 623E143F2DF17C0106A9988F5D7DC878 143872 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll 2014-10-15 05:50:21 E365C7B3EBB96451D3C9DF6B6B6900C2 179200 ----a-w- C:\Windows\SysWOW64\wintrust.dll 2014-10-15 05:50:21 B18B9BD51C8D86596110B9ABD138B92F 3914680 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2014-10-15 05:50:19 F8028D69DE63F180623D4444A39BAB3E 489984 ----a-w- C:\Windows\SysWOW64\evr.dll 2014-10-15 05:50:17 5C3BA07E215B4F693E7D78D6F4980D98 1329664 ----a-w- C:\Windows\SysWOW64\quartz.dll 2014-10-15 05:50:14 454BF1E3B844306E764ADC0EA7B6E64C 1174528 ----a-w- C:\Windows\SysWOW64\crypt32.dll 2014-10-15 05:50:12 8C147D67D4E75882DA88206DF098229A 354816 ----a-w- C:\Windows\SysWOW64\mfplat.dll 2014-10-15 05:50:12 6BB12A7CA8779D96334B258548B071F5 1005056 ----a-w- C:\Windows\SysWOW64\cryptui.dll 2014-10-15 05:50:11 77F95AE51E834BAFE903912F7EBE825B 374784 ----a-w- C:\Windows\SysWOW64\AudioEng.dll 2014-10-15 05:50:11 6B07EE9C7668D2C704563DA838026828 81408 ----a-w- C:\Windows\SysWOW64\cryptsp.dll 2014-10-15 05:50:10 534177269B23D1999DD1FCA50A396611 504320 ----a-w- C:\Windows\SysWOW64\msscp.dll 2014-10-15 05:50:09 D17954CA6343F43B62637F51996B4E95 23040 ----a-w- C:\Windows\SysWOW64\mfpmp.exe 2014-10-15 05:50:09 9590D4F5699C176217A8CA2330E54D8A 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2014-10-15 05:50:09 60FBCF033FF42A40C916C01A962A8802 50176 ----a-w- C:\Windows\SysWOW64\rrinstaller.exe 2014-10-15 05:50:09 4F1FCBB6A312825B9A84F813E5093AE9 50688 ----a-w- C:\Windows\SysWOW64\appidapi.dll 2014-10-15 05:50:09 4BA17820B97F1CAED69E5BE5F1BC7C96 265216 ----a-w- C:\Windows\SysWOW64\msnetobj.dll 2014-10-15 05:50:09 20257A0BFB824B49055A6EEC29C72C03 103424 ----a-w- C:\Windows\SysWOW64\mfps.dll 2014-10-15 05:50:08 E637A7187CAFB3EEEED0540CBEF27C8B 8192 ----a-w- C:\Windows\SysWOW64\spwmp.dll 2014-10-15 05:50:08 A7DD5C1F29877A473265D4B98B3495ED 12625408 ----a-w- C:\Windows\SysWOW64\wmploc.DLL 2014-10-15 05:50:08 73AC4B12E706CD7D0447976507E50DBE 4096 ----a-w- C:\Windows\SysWOW64\msdxm.ocx 2014-10-15 05:50:08 73AC4B12E706CD7D0447976507E50DBE 4096 ----a-w- C:\Windows\SysWOW64\dxmasf.dll 2014-10-15 05:50:08 52096F5F476733F2E2725CF346FF373B 2048 ----a-w- C:\Windows\SysWOW64\mferror.dll 2014-10-15 05:49:52 DF59F2510EDABBF216FA837D5D964106 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-15 05:49:52 604C67F58747D6A333EA641BCCC2C842 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-10-15 05:49:52 201EAFA3F17BE4990999C28657212D8E 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-10-15 05:49:51 D78C4DB153874DB7AC6AA6A03BE38B66 331448 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2014-10-15 05:49:51 BD66BA5A924DCC8392CFAEB67131A246 597504 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-10-15 05:49:51 97F2F82BF0B4AF86A85FFDD78DFDC87D 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-15 05:49:51 3065FF6794A7FDC882F0DA8B6230AB6E 1190400 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-10-15 05:49:50 F91E55DA404B834648A3B0A2477C10DB 17484800 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-10-15 05:49:50 B89F5D2B3D3BC730FAB93CFCD931742F 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-10-15 05:49:50 B5B1C277E46A5B0E2FC63E5FC5624CE5 365056 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-10-15 05:49:48 8FAA1E45198C4ECEC691326B7F5E71C5 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-10-15 05:49:48 58EC068116BCE16A94B1B2C429A35E41 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-10-15 05:49:47 835807E2AC0A8FA15B9A2EA80E2D5169 2017280 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-10-15 05:49:47 55A400FDB21D157E947A0EE65AEDB1B3 2187264 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-10-15 05:49:46 B74B348D13134D67B4F68ADDDC76A447 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-10-15 05:49:45 EF94FA1F3D90520CCA4AE65D639A9E62 11807232 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-10-15 05:49:45 410BECCA3354D471E45344F0754CC0E4 243200 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-10-15 05:49:45 158690737381C49120165A7F3F5D13EB 440320 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-10-15 05:49:41 FBE852643EDEB9D6D6502AFE6017CD64 678400 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-10-15 05:49:41 DF4BA130BD41F29A894E026E456B8481 454656 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-10-15 05:49:41 D03EB7605435FE24ADE670661A932651 4201472 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-10-15 05:49:41 AA103FEAD721863B86A1B1260948E662 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-10-15 05:49:41 8E8E6E7B4CC27B92F40F74E29C1F6290 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-15 05:49:41 7AE80F921027CF88CB9D0433088A3E55 1810944 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-10-15 05:49:41 6D4DD5706C297234F457B9D9018C493F 61952 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-15 05:49:41 2409C41081D657A3FABE3659BB989AFB 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-10-15 05:49:11 3888D02CE6413C2A06D903DE1C778BF5 2363904 ----a-w- C:\Windows\SysWOW64\msi.dll 2014-10-15 05:49:07 37C395C075E6FA66623C82DE50A8FAED 372736 ----a-w- C:\Windows\SysWOW64\rastls.dll 2014-10-15 05:48:55 3ABACF6D4EBEA5EF3014FEFA1D8FF5F8 3221504 ----a-w- C:\Windows\SysWOW64\mstscax.dll 2014-10-15 05:48:53 FD67683FBA9B2C4BB551780BD8846F64 157696 ----a-w- C:\Windows\SysWOW64\winsta.dll 2014-10-15 05:48:53 0DBD0B4D4766CADEB8C30242A0611395 1051136 ----a-w- C:\Windows\SysWOW64\mstsc.exe 2014-10-15 05:48:52 DB1D6751689B4A7EE2439C64F2ADF1C9 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2014-10-15 05:48:52 97896EE4254176CFDD9010B5B243B89F 131584 ----a-w- C:\Windows\SysWOW64\aaclient.dll 2014-10-15 05:48:52 13829161C1297F4170A5546430147BBD 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2014-10-15 05:48:37 C120855C1133DF8FFD5E0C04A7E70B67 67072 ----a-w- C:\Windows\SysWOW64\packager.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-10-15 05:51:00 5602D4C331FD7938ADE06D9242138922 3198976 ----a-w- C:\Windows\Sysnative\win32k.sys 2014-10-15 05:50:57 50EC828370CB5F5E9FF08B10F1B701C8 73880 ----a-w- C:\Windows\Sysnative\mscories.dll 2014-10-15 05:50:57 5083CC5456FE8A5D21ECF9E32ACC779F 1943696 ----a-w- C:\Windows\Sysnative\dfshim.dll 2014-10-15 05:50:57 2D6C77A3DB3D8EE00FB55834A67E4073 156312 ----a-w- C:\Windows\Sysnative\mscorier.dll 2014-10-15 05:50:50 06FC8A93A4FA1F42A3D1D06694F2B339 419992 ----a-w- C:\Windows\Sysnative\locale.nls 2014-10-15 05:50:48 EA21295A386C6DB2A2A90E657B37C5F4 7168 ----a-w- C:\Windows\Sysnative\KBDYAK.DLL 2014-10-15 05:50:48 BE67D99EDA34A68B827868371B5529AD 7168 ----a-w- C:\Windows\Sysnative\KBDTAT.DLL 2014-10-15 05:50:48 920B5C1CC0BAB6E574297BC3D945DA31 7168 ----a-w- C:\Windows\Sysnative\KBDBASH.DLL 2014-10-15 05:50:48 80EDA24B00478FA795F90DFA09C12E86 7168 ----a-w- C:\Windows\Sysnative\KBDRU1.DLL 2014-10-15 05:50:48 353C4A38042819CA83AEFC6F2E7051CD 6656 ----a-w- C:\Windows\Sysnative\KBDRU.DLL 2014-10-15 05:50:40 EF86A7118A3950F03B364FAC93A08E96 1202176 ----a-w- C:\Windows\Sysnative\drmv2clt.dll 2014-10-15 05:50:40 2F5AF776A7B24C6B82D20B5F3179B235 842240 ----a-w- C:\Windows\Sysnative\blackbox.dll 2014-10-15 05:50:36 73D3B2408952890DE8157EAA014B9A52 14632960 ----a-w- C:\Windows\Sysnative\wmp.dll 2014-10-15 05:50:32 FE4ABDE0BC70BF9F82531FDB416C4B4E 4120576 ----a-w- C:\Windows\Sysnative\mf.dll 2014-10-15 05:50:32 868FE3B478D05A225D27A28E933CE33C 782848 ----a-w- C:\Windows\Sysnative\wmdrmsdk.dll 2014-10-15 05:50:31 87222A707545E783D9FAE7940645A2C3 500224 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll 2014-10-15 05:50:29 999A7FD4D9F8B1656F1167D94743E50A 457400 ----a-w- C:\Windows\Sysnative\ci.dll 2014-10-15 05:50:29 5807843607013D16EEEDC15DA4AA83E7 497664 ----a-w- C:\Windows\Sysnative\drmmgrtn.dll 2014-10-15 05:50:28 DA9AF4793B4874BE0BE28170DB890CDF 440832 ----a-w- C:\Windows\Sysnative\AudioEng.dll 2014-10-15 05:50:28 8F3FE4C327D30629266F1F0650C2E910 1574400 ----a-w- C:\Windows\Sysnative\quartz.dll 2014-10-15 05:50:28 84396ACFCF981E2CBFACD084DF1271B9 616352 ----a-w- C:\Windows\Sysnative\winresume.efi 2014-10-15 05:50:28 00B454421642EF68B7A17D2C153920E2 693176 ----a-w- C:\Windows\Sysnative\winload.efi 2014-10-15 05:50:27 D382414098819BA8A0C2A5F362A710DC 5551032 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2014-10-15 05:50:27 C2664AA33B7127C737FC5612EBEB4DE9 619056 ----a-w- C:\Windows\Sysnative\winload.exe 2014-10-15 05:50:27 7FC292D1527EDFEBA2576B6789DE6AB5 229376 ----a-w- C:\Windows\Sysnative\wintrust.dll 2014-10-15 05:50:27 73D81B5B4B2655CB1B5662E770F755D5 532176 ----a-w- C:\Windows\Sysnative\winresume.exe 2014-10-15 05:50:27 19D511CC455C19DE1ADF60E6C39C85B6 187904 ----a-w- C:\Windows\Sysnative\cryptsvc.dll 2014-10-15 05:50:26 F06D511B37BB101A7951A1837224B7A5 631808 ----a-w- C:\Windows\Sysnative\evr.dll 2014-10-15 05:50:24 6B381E24EC6A6519DC0A67F1DF5EF82C 284672 ----a-w- C:\Windows\Sysnative\EncDump.dll 2014-10-15 05:50:23 08835F1772B58DE4C3AAF604760276A5 1480192 ----a-w- C:\Windows\Sysnative\crypt32.dll 2014-10-15 05:50:21 C92075D9FFC8429E6CA1279EA8D25722 296448 ----a-w- C:\Windows\Sysnative\AudioSes.dll 2014-10-15 05:50:21 81A2008198A6E450E4BC7EF361154C8A 1069056 ----a-w- C:\Windows\Sysnative\cryptui.dll 2014-10-15 05:50:19 2C1B6A64294F2182DC4999F923873974 679424 ----a-w- C:\Windows\Sysnative\audiosrv.dll 2014-10-15 05:50:17 4BE4D8091FBE4DE496B3EFBA206F29AE 432128 ----a-w- C:\Windows\Sysnative\mfplat.dll 2014-10-15 05:50:12 724EE88C7003974720087A4344331FC1 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2014-10-15 05:50:12 256390425414F90FCBC12F525A84EB11 188416 ----a-w- C:\Windows\Sysnative\pcasvc.dll 2014-10-15 05:50:11 D9A61370B40ABAA9F509113504CD8425 82432 ----a-w- C:\Windows\Sysnative\cryptsp.dll 2014-10-15 05:50:11 6F86A81133E8D468DDBE74E2A96CEA03 641024 ----a-w- C:\Windows\Sysnative\msscp.dll 2014-10-15 05:50:10 F71CA01C24FC3798A717B5A6F682F9AD 32256 ----a-w- C:\Windows\Sysnative\appidsvc.dll 2014-10-15 05:50:10 F4F4D51214FEC718D798CA4FF7629FC5 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2014-10-15 05:50:10 D179B4872554CFFD5621FD76E4469C81 325632 ----a-w- C:\Windows\Sysnative\msnetobj.dll 2014-10-15 05:50:10 01C98E5902E428D5C7EA136895FAEF4C 58880 ----a-w- C:\Windows\Sysnative\appidapi.dll 2014-10-15 05:50:09 D79539E35A0F4A1A6E5DC9A268696DC5 146944 ----a-w- C:\Windows\Sysnative\appidpolicyconverter.exe 2014-10-15 05:50:09 C15F3DF9122C70F42AC6D66CBC90918B 63488 ----a-w- C:\Windows\Sysnative\setbcdlocale.dll 2014-10-15 05:50:09 B86AE91A441FA81CFFF2B53F2A1BF123 17920 ----a-w- C:\Windows\Sysnative\appidcertstorecheck.exe 2014-10-15 05:50:09 AB2EB93A982A2C26BA3E4D2D65328804 24576 ----a-w- C:\Windows\Sysnative\mfpmp.exe 2014-10-15 05:50:09 A8DDFADCA566D4EA38C9DA928D14A658 126464 ----a-w- C:\Windows\Sysnative\audiodg.exe 2014-10-15 05:50:09 9797A23F773C0782A0D91BEC44054166 206848 ----a-w- C:\Windows\Sysnative\mfps.dll 2014-10-15 05:50:09 68E09E7CD4DC52F132A4B492ACE8C243 55808 ----a-w- C:\Windows\Sysnative\rrinstaller.exe 2014-10-15 05:50:09 310A2A61A5588D932002F83651188C9E 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2014-10-15 05:50:08 855056F06F3677063DB2CC51899BC216 5120 ----a-w- C:\Windows\Sysnative\msdxm.ocx 2014-10-15 05:50:08 855056F06F3677063DB2CC51899BC216 5120 ----a-w- C:\Windows\Sysnative\dxmasf.dll 2014-10-15 05:50:08 71EF970D853661A6BAFBD45C36714FEC 12625920 ----a-w- C:\Windows\Sysnative\wmploc.DLL 2014-10-15 05:50:08 63578DB847FCC40883CB8F303E785D46 2048 ----a-w- C:\Windows\Sysnative\mferror.dll 2014-10-15 05:50:08 5C90E1F072AF0579620B500DA14588C3 9728 ----a-w- C:\Windows\Sysnative\spwmp.dll 2014-10-15 05:49:55 974F83636F841739FEA5CC6219BFB241 276480 ----a-w- C:\Windows\Sysnative\generaltel.dll 2014-10-15 05:49:54 767D478BB4B2F84B47B3C0956E6A5A05 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-10-15 05:49:54 510D5492BCA9E63E10E3CE0285965722 507392 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-10-15 05:49:51 DD8E9C85F9F428859713055183661956 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-10-15 05:49:51 C109D5136DF0A6CA668C7AD888AA125F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-10-15 05:49:51 739D9C9F220CCEDAFD8212C6B976B60D 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-10-15 05:49:51 4D21F4FDF57DF86FAD9149ED1C071D15 72704 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-10-15 05:49:51 29C0530E0F120AC3E583889DCD6A63DD 710656 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-10-15 05:49:47 87D14AF9A2C3F3D5233B613CFA9C321D 378552 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2014-10-15 05:49:47 0F5A279522FA6A30C9C5A297A1064933 1447936 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-10-15 05:49:46 B07E9AFF50DC007E7D5AC54736AA5A25 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-10-15 05:49:45 E9109E91BB8366759822DC2FC9B5DA8B 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-10-15 05:49:45 DAF317E9F4CEC206D0D443014A427341 446464 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-10-15 05:49:45 45B736E3184B68515FDB71D4083A9BCF 731136 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-10-15 05:49:43 0467A4DDA6B2CE8E27A8178BF035BA18 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-10-15 05:49:42 646C004F58AA4762F92BF7C595216C37 2108416 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-10-15 05:49:42 050FD78BA4EFA62417F61F4C098B5B25 2796032 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-10-15 05:49:41 BE37AA454460539877420951EEA16EF0 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-10-15 05:49:40 98241BE7EB26C41562D33393DD12608F 289280 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-10-15 05:49:40 88D2165E07CEDC3F34CBE1A5A807673D 595968 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-10-15 05:49:40 7E60EE8A68F7270D1E1662CBA275D4FA 13619200 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-10-15 05:49:39 F9FA80C1CB6EAC55A7F534937F6AC4E4 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-10-15 05:49:39 A2105E46DC9CE38A1D57FB124436E1BC 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-10-15 05:49:39 70527367E5779C3537992F0768D9C59A 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2014-10-15 05:49:38 DB101A62F9BF8E7765685950169EF52B 758272 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-10-15 05:49:38 D3B07C2FABEAE749E4E51F1E93CABA23 5829632 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-10-15 05:49:38 328143D6BC5951E1797BD524C4E98CDC 547328 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-10-15 05:49:38 2E5AF1507CBE735B4D7EBFF1908EA0E1 775168 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-10-15 05:49:37 9D98D4F390F0B14A782F3B931E613A1A 2309632 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-10-15 05:49:37 30FB9ABB6C45C3299CFA5F556904DD5F 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2014-10-15 05:49:36 EB710A3AF29BEC4EE7475A1ED5C575DE 195584 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-10-15 05:49:36 15847E14811FEDDF77E934AF4F0BEF45 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-10-15 05:49:35 7415B29AFE2E4494A57358B8C7E78600 23631360 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-10-15 05:49:13 ADD3F2C3E6B89BD16D4BFC61B3658DD9 3241472 ----a-w- C:\Windows\Sysnative\msi.dll 2014-10-15 05:49:07 DD7C31F12936795C0516BB6C59CBCCD8 424448 ----a-w- C:\Windows\Sysnative\rastls.dll 2014-10-15 05:48:54 8516703179C3BDE90A3ED31B9EC16F8D 1118720 ----a-w- C:\Windows\Sysnative\mstsc.exe 2014-10-15 05:48:54 4FC4C50985E5B840F4D72E57286887B8 681984 ----a-w- C:\Windows\Sysnative\termsrv.dll 2014-10-15 05:48:54 467D0E831D6DF8DA16BF856D0537A153 3722240 ----a-w- C:\Windows\Sysnative\mstscax.dll 2014-10-15 05:48:53 C23B6D9D16FD86F446BE607CA18389D9 235520 ----a-w- C:\Windows\Sysnative\winsta.dll 2014-10-15 05:48:53 0374D83D003043E7DE33036294A2EFAE 150528 ----a-w- C:\Windows\Sysnative\rdpcorekmts.dll 2014-10-15 05:48:52 85E03B6E05939845BC924C91AEDE0E24 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2014-10-15 05:48:52 560CF90C026C0FE51CC6820302FF94FE 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2014-10-15 05:48:37 1DB68B8A1E3BDE3C19F1D3612CE436CA 77312 ----a-w- C:\Windows\Sysnative\packager.dll ====== C:\Windows\Sysnative\drivers ===== 2014-10-16 03:18:12 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-10-16 03:17:28 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-10-16 03:17:28 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-10-15 05:50:28 946010CDFA91469351B22E2620CEBCD8 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys 2014-10-15 05:50:09 80B9412C4DE09147581FC935FB4C97AB 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys 2014-10-15 05:48:53 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys 2014-10-15 05:48:52 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2014-10-16 03:11:53 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\Administrator\AppData\Roaming ====== 2014-10-16 03:16:52 -------- d-----w- C:\Users\Administrator\AppData\Local\Programs 2014-10-16 03:10:35 -------- d-sh--w- C:\Users\Administrator\AppData\Local\EmieUserList 2014-10-16 03:10:35 -------- d-sh--w- C:\Users\Administrator\AppData\Local\EmieSiteList ====== C:\Users\Administrator ====== 2014-10-20 21:26:50 590AE97695A21AE8FA5B419BE3E13452 1976320 ----a-w- C:\Users\Administrator\Desktop\AdwCleaner.exe 2014-10-20 18:09:47 3F5D9D75F6523CB30924999EDFDAD28B 1705698 ----a-w- C:\Users\Administrator\Desktop\JRT.exe 2014-10-20 13:13:52 85ADECCA45B8837EBC0E6E1C98E1D105 197679 ----a-w- C:\Users\Administrator\Desktop\ListChkdskResult.exe 2014-10-16 03:11:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java ====== C: exe-files == 2014-10-20 21:26:50 590AE97695A21AE8FA5B419BE3E13452 1976320 ----a-w- C:\Users\Administrator\Desktop\AdwCleaner.exe 2014-10-20 18:10:17 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\erunt\ERUNT.EXE 2014-10-20 18:09:47 3F5D9D75F6523CB30924999EDFDAD28B 1705698 ----a-w- C:\Users\Administrator\Desktop\JRT.exe 2014-10-20 13:13:52 85ADECCA45B8837EBC0E6E1C98E1D105 197679 ----a-w- C:\Users\Administrator\Desktop\ListChkdskResult.exe 2014-10-19 14:49:45 3F512AF8DB108FCA028BA731CE0B4700 224408 ----a-w- C:\Users\Kelsey\AppData\Local\Temp\{AC76BA86-7AD7-1033-7B44-AB0000000001}\FixTransforms.exe 2014-10-18 17:34:13 FDEF10DAABBC25DFCED4A80FBED334C7 938064 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\38.0.2125.104\38.0.2125.104_38.0.2125.101_chrome_updater.exe 2014-10-16 16:41:38 0D41FFFB6EEFDE929CDDF5EDFCC014BD 2111488 ----a-w- C:\Users\Administrator\Desktop\malware\FRST64.exe 2014-10-16 03:11:43 B9F9FD6188CC732F19DB69CAE5CC597C 272808 ----a-w- C:\Windows\SysWOW64\javaws.exe 2014-10-16 03:11:32 3594C0ABBFFE10B3CF95714B8B3C89A4 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe 2014-10-16 03:11:32 095826BCBBFA5C09C72463A82612B23C 175528 ----a-w- C:\Windows\SysWOW64\java.exe 2014-10-16 03:08:54 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\Administrator\AppData\LocalLow\Sun\Java\jre1.7.0_71\lzma.exe 2014-10-15 05:50:27 D382414098819BA8A0C2A5F362A710DC 5551032 ----a-w- C:\Windows\System32\ntoskrnl.exe 2014-10-15 05:50:27 C2664AA33B7127C737FC5612EBEB4DE9 619056 ----a-w- C:\Windows\System32\winload.exe 2014-10-15 05:50:27 C2664AA33B7127C737FC5612EBEB4DE9 619056 ----a-w- C:\Windows\System32\Boot\winload.exe 2014-10-15 05:50:27 73D81B5B4B2655CB1B5662E770F755D5 532176 ----a-w- C:\Windows\System32\winresume.exe 2014-10-15 05:50:27 73D81B5B4B2655CB1B5662E770F755D5 532176 ----a-w- C:\Windows\System32\Boot\winresume.exe 2014-10-15 05:50:26 FDA08BEB01B0B0E372088DC21CBA73F3 3970488 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2014-10-15 05:50:22 C97F0824615473C485B882E5E19CFCC9 497080 ----a-w- C:\Windows\Boot\PCAT\memtest.exe 2014-10-15 05:50:21 B18B9BD51C8D86596110B9ABD138B92F 3914680 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2014-10-15 05:50:10 F4F4D51214FEC718D798CA4FF7629FC5 296960 ----a-w- C:\Windows\System32\rstrui.exe 2014-10-15 05:50:09 D79539E35A0F4A1A6E5DC9A268696DC5 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe 2014-10-15 05:50:09 D5F60B28FB5F9210AD9827FEB47B1AF2 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2014-10-15 05:50:09 D17954CA6343F43B62637F51996B4E95 23040 ----a-w- C:\Windows\SysWOW64\mfpmp.exe 2014-10-15 05:50:09 B86AE91A441FA81CFFF2B53F2A1BF123 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe 2014-10-15 05:50:09 AB2EB93A982A2C26BA3E4D2D65328804 24576 ----a-w- C:\Windows\System32\mfpmp.exe 2014-10-15 05:50:09 A8DDFADCA566D4EA38C9DA928D14A658 126464 ----a-w- C:\Windows\System32\audiodg.exe 2014-10-15 05:50:09 68E09E7CD4DC52F132A4B492ACE8C243 55808 ----a-w- C:\Windows\System32\rrinstaller.exe 2014-10-15 05:50:09 60FBCF033FF42A40C916C01A962A8802 50176 ----a-w- C:\Windows\SysWOW64\rrinstaller.exe 2014-10-15 05:50:09 0786D45A6F41F075E20A18E2F7285BA0 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 2014-10-15 05:50:08 E017E313FB86FDD356D3F15A7024B4F2 102400 ----a-w- C:\Program Files\Windows Media Player\wmpconfig.exe 2014-10-15 05:50:08 B56E64D20C205B219C717496E00303D0 101888 ----a-w- C:\Program Files (x86)\Windows Media Player\wmpconfig.exe 2014-10-15 05:50:08 AC3B58FFD38D515DE923C63C2ACDFD54 102400 ----a-w- C:\Program Files (x86)\Windows Media Player\wmpshare.exe 2014-10-15 05:50:08 686A215E51F5FF66B529AF7AA940EAE3 102912 ----a-w- C:\Program Files\Windows Media Player\wmpshare.exe 2014-10-15 05:49:54 D43F34B4901C499FE13798149879DCD8 161960 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe 2014-10-15 05:49:54 97EBB8C10D4A6CA575E3D916B25A3BEF 46752 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe 2014-10-15 05:49:51 6B9FDB34A5A490FF6A7EDE280062626A 810680 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-10-15 05:49:51 54C9747BB0A64F4D9D401E4648363386 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2014-10-15 05:49:51 29C0530E0F120AC3E583889DCD6A63DD 710656 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-10-15 05:49:48 F9F310F9FB7F294F00ABDD03453D8CEE 812736 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-10-15 05:49:47 649E8F572EC0D929F4EED13A53AC0475 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-10-15 05:49:47 53E24F2DB97EFAF85FE093AA254790EC 470528 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-10-15 05:49:45 E9109E91BB8366759822DC2FC9B5DA8B 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-10-15 05:49:43 C876F8303AA30481A36FE2AACDE77671 483840 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-10-15 05:49:41 AA103FEAD721863B86A1B1260948E662 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-10-15 05:49:39 F9FA80C1CB6EAC55A7F534937F6AC4E4 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-10-15 05:49:36 15847E14811FEDDF77E934AF4F0BEF45 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-10-15 05:48:54 8516703179C3BDE90A3ED31B9EC16F8D 1118720 ----a-w- C:\Windows\System32\mstsc.exe 2014-10-15 05:48:53 0DBD0B4D4766CADEB8C30242A0611395 1051136 ----a-w- C:\Windows\SysWOW64\mstsc.exe === C: other files == 2014-10-20 18:10:16 FC1F36A7844235BACFE12DF3FD486026 14957 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\get.bat 2014-10-20 18:10:16 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\prelim.bat 2014-10-20 18:10:16 E5E1041DE1DBDDF20D704BA894BEAD05 183929 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\misc.bat 2014-10-20 18:10:16 E01FF880FC345F56C61E80C91FA03687 9384 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\runvalues.bat 2014-10-20 18:10:16 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\TDL4.bat 2014-10-20 18:10:16 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\medfos.bat 2014-10-20 18:10:16 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\surfvox.bat 2014-10-20 18:10:16 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\searchlnk.bat 2014-10-20 18:10:16 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\firefox.bat 2014-10-20 18:10:16 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\ev_clear.bat 2014-10-20 18:10:16 4D80C7010E2CE44AB25FA25B013649E4 8085 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\mws.bat 2014-10-20 18:10:16 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\ask.bat 2014-10-20 18:10:16 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\iexplore.bat 2014-10-20 18:10:16 1EFD82B5DDC672FE3D2AFE731898BAF4 14044 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\chrome.bat 2014-10-20 18:10:16 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\delfolders.bat 2014-10-16 03:18:12 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-10-16 03:17:28 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-10-16 03:17:28 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-10-15 18:30:36 5570A74FF9B1EFBC5154DD1E2F05C517 593112 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys 2014-10-15 18:30:35 E163E10191958FF6A2B0B48353F9E9FD 876248 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtsp64.sys 2014-10-15 18:30:35 9F31630D7FC2DD9D5DA1CE359AAD1F46 1148120 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys 2014-10-15 18:30:35 68E7B6708B9EEE021301C483825D05EA 37592 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtspx64.sys 2014-10-15 18:30:35 5C9EE2303CA7F267665D75237862B39C 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys 2014-10-15 18:30:35 20F758E6339A16F97DD83389D582E09A 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symelam.sys 2014-10-15 18:30:34 2C95265BE19F338E1C1090E4E91055BB 266968 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys 2014-10-15 18:30:34 0510396A957E9FD7205BA62D3CAE4528 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys 2014-10-15 05:51:00 5602D4C331FD7938ADE06D9242138922 3198976 ----a-w- C:\Windows\System32\win32k.sys 2014-10-15 05:50:28 946010CDFA91469351B22E2620CEBCD8 663552 ----a-w- C:\Windows\System32\drivers\PEAuth.sys 2014-10-15 05:50:09 80B9412C4DE09147581FC935FB4C97AB 61440 ----a-w- C:\Windows\System32\drivers\appid.sys 2014-10-15 05:48:53 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2014-10-15 05:48:52 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1872342984-4112894413-1070716142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run] "Messenger"="C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe" "Facebook Update"="C:\Users\Kelsey\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup" @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run" "ooVoo.exe"="C:\Program Files (x86)\ooVoo\oovoo.exe /minimized" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" "Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" "BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k" "Dolby Home Theater v4"="C:\Dolby PCEE4\pcee4.exe -autostart" "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" "USB3MON"="C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "ROC_roc_ssl_v12"="C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe / /PROMPT /CMPID=roc_ssl_v12" "ROC_ROC_JULY_P1"="C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe / /PROMPT /CMPID=ROC_JULY_P1" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "CanonQuickMenu"="C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon" "IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "Broadcom Wireless Manager UI"="C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" "Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "InstantUpdate"="C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/24/2014 04:32 PM] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000Core.job --a------ C:\Users\Kelsey\AppData\Local\FC:ebook\Update\FC:ebookUpdate.exe [] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000UA.job --a------ C:\Users\Kelsey\AppData\Local\Facebook\Update\FacebookUpdate.exe [02/22/2013 11:55 PM] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/28/2012 01:01 PM] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/28/2012 01:01 PM] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe] "C:\Windows\SysNative\tasks\EgisUpdate" ["C:\Program Files\EgisTec IPS\EgisUpdate.exe"] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000Core" [C:\Users\Kelsey\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1872342984-4112894413-1070716142-1000UA" [C:\Users\Kelsey\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe"] "C:\Windows\SysNative\tasks\PMMUpdate" ["C:\Program Files\EgisTec IPS\PMMUpdate.exe"] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\UALU notificatin" ["C:\Program Files\Acer\Acer Updater\UALU.exe"] "C:\Windows\SysNative\tasks\{38D3D146-0693-4E13-8D09-82BAC2740842}" ["c:\program files (x86)\mozilla firefox\firefox.exe"] "C:\Windows\SysNative\tasks\{3D65047E-5053-4816-866D-E87256CFAE09}" ["c:\program files (x86)\mozilla firefox\firefox.exe"] "C:\Windows\SysNative\tasks\{89EDE0C0-5811-4347-A7F9-472F7EFD2382}" ["c:\program files (x86)\mozilla firefox\firefox.exe"] "C:\Windows\SysNative\tasks\{90A55BAF-6154-492D-A20B-03FF4E2DC7AC}" ["c:\program files (x86)\mozilla firefox\firefox.exe"] "C:\Windows\SysNative\tasks\{9A53F2BC-FE26-4617-9D39-939F8B5B5089}" ["c:\program files (x86)\mozilla firefox\firefox.exe"] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Norton Security Suite\Norton Error Analyzer" [C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Security Suite\Norton Error Processor" [C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn" [10/20/2014 05:35 PM] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ffxsbfk0.default DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash 7ABE33792F2787D599B6963E71B9E8CD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll - Shockwave Flash 66640A55AEFF3819C94E0A8D40D7E0AD - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions iikflkcanblccfahdhdonehdalibjnif - No path found[] Google Voice Search Hotword (Beta) - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn Norton Identity Safe - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif Google Wallet - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Fix ====================== C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.bing.com/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.bing.com/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Administrator\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=11 folders=8 21998 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\Temp will be emptied at reboot C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\ADMINI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Tue 10/21/2014 at 13:08:44.49 ======================