Jump to content

yosoy4ever

Honorary Members
  • Posts

    212
  • Joined

  • Last visited

Everything posted by yosoy4ever

  1. Hi Kevin: I got a call back from my internet service provider FRONTIER COMMUNICATIONS and they sent a tech over to my house and he found that my router or modem was bad, something like that ?...they replaced it for free and now I am zooming on my PC...thanks for your help, but I don't think I will need your help...once in awhile I run the malwarebytes program but that never shows any problems or anything that has to be quarantined...thanks, you can close this request out...have a nice day, Susan
  2. Hi...what can I do to check if my PC has a virus ? It all of a sudden is acting very slow and lethargic and this is not usual ? thanks for your help, Susan
  3. CAN SOMEONE PLEASE GET IN TOUCH WITH TWOHEADED EAGLE AND TELL HIM THAT EVERYTHING IS GOING CRAZY WITH MY REQUEST. ??? THANKS, SUSAN
  4. PLEASE HELP ME...SOMETHING CRAZY IS GOING ON HERE....THANK YOU...SUSAN.....PS .....PLEASE CONTACT THE ADMINISTRATOR AND TELL THEM THAT SOMETHING CRAZY IS HAPPENING HERE.AND ALL I AM DOING IS WHAT......EVERYONE IS TELLING ME TO DO..THANKS, SUSAN It looks like you already have a topic open in the Malware Removal Area HERE, please be a little patient and wait for one of the helpers to pick up your topic and the will assist you with your computer needs. Thanks for understanding. Quote Dell Precision T5600, Win7 Ultimate 64bit fully updated, Symantec Endpoint Protection, Watchguard Firewall, Intel Xeon E5-2620 CPU, Dual Six Core Processors, 16GB Ram, E5-2620 @ 2.00GHz, AMD FirePro V4900 with three screens, Raid-1 Dual 2TB Sata 10000 rpm Hard Drives DVD Burner, IE11, Opera, MBAM, MBSB, MBAE Quote this yosoy4ever Advanced Member Honorary Members 208 posts ID: 1 Posted just now · Report post something crazy is going on with this PROBLEM I am having...I just got a NOTICE from the ADMINISTRATOR THAT I AM POSTING TWO PROBLEMS....I AM JUST TRYING TO DO WHAT EVERYONE IS TELLING ME TO DO.....CAN YOU PLEASE STRAIGHTEN THIS ALL OUT ? I CANNOT DOWNLOAD FARBAR..DO YOU UNDERSTAND THAT ? PLEASE TELL ME WHAT IS GOING ON HERE, AND DELETE ANY DUPLICATE REQUEST....I AM VERY CONFUSED IN THAT I AM DOING EVERYTHING THAT "EVERYONE IS TELLING ME TO DO" ?? I AM RECEIVING INFO FROM "FIREFOX" AND THE "ADMINISTRATOR" AND FROM "DOUBLEHEADED EAGLE"....SO I REALLY DON'T KNOW WHO IS IN CHARGE OF MY PROBLEM AND WHO IS WORKING ON IT....CAN YOU PLEASE JUST HELP ME AND GET EVERYONE ON THE SAME PAGE ?? JUST LET ME KNOW WHAT YOU WANT ME TO DO NEXT...I HAVE PROVIDED THE INITIAL SCAN AND KEEP TELLING ANYONE WHO WILL LISTEN......I FOR SOME REASON CANNOT DOWNLOAD FARBAR...SO I NEED ANOTHER STRATEGY OR INSTRUCTIONS HOW TO MAKE SURE THAT I "CAN" DOWNLOAD FARBAR. IS MY PC SO CORRUPT THAT THE DOWNLOAD IS UNABLE TO BE DOWNLOADED ? THANKS FOR IMMEDIATE HELP FROM ONE OF THE THREE PARTIES AT MALWAREBYTES FORUM THAT IS TRYING TO HELP ME...REGARDS AND WAITING FOR FURTHER INSTRUCTIONS.....SUSAN Quote Edit
  5. something crazy is going on with this PROBLEM I am having...I just got a NOTICE from the ADMINISTRATOR THAT I AM POSTING TWO PROBLEMS....I AM JUST TRYING TO DO WHAT EVERYONE IS TELLING ME TO DO.....CAN YOU PLEASE STRAIGHTEN THIS ALL OUT ? I CANNOT DOWNLOAD FARBAR..DO YOU UNDERSTAND THAT ? PLEASE TELL ME WHAT IS GOING ON HERE, AND DELETE ANY DUPLICATE REQUEST....I AM VERY CONFUSED IN THAT I AM DOING EVERYTHING THAT "EVERYONE IS TELLING ME TO DO" ?? I AM RECEIVING INFO FROM "FIREFOX" AND THE "ADMINISTRATOR" AND FROM "DOUBLEHEADED EAGLE"....SO I REALLY DON'T KNOW WHO IS IN CHARGE OF MY PROBLEM AND WHO IS WORKING ON IT....CAN YOU PLEASE JUST HELP ME AND GET EVERYONE ON THE SAME PAGE ?? JUST LET ME KNOW WHAT YOU WANT ME TO DO NEXT...I HAVE PROVIDED THE INITIAL SCAN AND KEEP TELLING ANYONE WHO WILL LISTEN......I FOR SOME REASON CANNOT DOWNLOAD FARBAR...SO I NEED ANOTHER STRATEGY OR INSTRUCTIONS HOW TO MAKE SURE THAT I "CAN" DOWNLOAD FARBAR. IS MY PC SO CORRUPT THAT THE DOWNLOAD IS UNABLE TO BE DOWNLOADED ? THANKS FOR IMMEDIATE HELP FROM ONE OF THE THREE PARTIES AT MALWAREBYTES FORUM THAT IS TRYING TO HELP ME...REGARDS AND WAITING FOR FURTHER INSTRUCTIONS.....SUSAN
  6. I DON'T KNOW WHAT YOU ARE TALKING ABOUT...I POSTED ONE REQUEST AND THEN I WAS TOLD BY SOMEONE ON THE MALWAREBYTES FORUM THAT I HAD POSTED MY PROBLEM ON THE "WRONG" FORUM AND THEY TOLD ME TO RE-MY PROBLEM....WHICH I DID..SO PLEASE, WHATEVER "YOU HAVE TO DO " FIX THIS DOUBLE POST OR WHATEVER AND JUST GET ME HELP WITH MY PROBLEM. AS REGARDS THE RESPONSE FROM TWINHEADED EAGLE...PLEASE LOOK AT THE FIRST LINE OF MY POST.....ABOVE....AND YOU WILL NOTE THAT I WAS UNABLE TO DO THE FARBAR SCAN..... 3 PUP malware threats discovered - PLEASE HELP ME ! Started by edsueond, Saturday at 06:16 PM HERE BELOW IS THE MALWARBYTES scan I did, but I was unable to download the Farbar scan as directed...what do I do next ? thanks, Susan I DON'T KNOW WHAT IS GOING ON WITH THIS FORUM, BUT CAN YOU PLEASE GET EVERYONE ON THE SAME PAGE..AND GET ME SOME HELP...THANKS, Susan
  7. Hi TwinHeaded Eagle...as I wrote ABOVE, I could NOT download the Farbar Recovery Scan Tool ! i tried four times and each time it told me IT WAS NOT RESONSIVE....so I don't know what is wrong NOW with my PC that would not allow me to download what you ask...any suggestions on how to MAKE IT DOWNLOAD ? Let me know asap...thanks, Susan
  8. It seems like EVERY TIME I type in a URL address...it whirs, and whirs for awhile...and then EVENTUALLY gets to the site...It USUALLY just went to these same general sites, like hotmail.com or yahoo.com or ebay.com or msn.com VERY FAST without and WHIRRING.....I am just hopeful that I AM NOT BEING MISDIRECTED TO AND THROUGH another site or malware ?? How can I tell ? I did a speed test and here are the results: Let me know WHAT you think...thanks, Susan DOWNLOAD SPEED 14.27Mbps UPLOAD SPEED 4.7Mbps PACKET LOSS Unknown% LATENCY 31ms JITTER 4ms
  9. Kevinf80 -I ran SOPHOS and it says my COMPUTER IS CLEAN...is that all I can do ? Do you think calling my INTERNET service provider...Frontier Communications in Connecticut USA and complain of SLOW SPEEDS on my pc will help ? it seems from ALL THE SCANS you had me do...the CONDUIT error pop up has been eradicated....which of these SCANS should I continue to use weekly ? thanks for your help in this, I really appreciate it..and hopefully my PC will perform better for me with what you have helped me accomplish....regards and bye....Susan Sunday 8/14/2016 at 11:21 am edst
  10. Kevinf80 - my PC is still acting SLOW, but I am not getting any CONDUIT red X pop ups...so that is a positive. It seems like that ZEMANA might have been the best fix so far as I finally saw that CONDUIT was one of the malewares that was removed !! What happens to my system after the 15 day trial is up ? Let me know if there is anything else you can recommend as well as HOW DO I get rid of all these NEW ICONS on my desktop..thanks for your continued help. Susan
  11. kevinf80 - I next did a DEEP SCAN even though you did not direct me to, and I found additional PROBLEMS....so here is THAT log too...thanks, susan Zemana AntiMalware 2.21.2.465 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2016/8/13 Operating System : Windows 7 64-bit Processor : 2X Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz BIOS Mode : Legacy CUID : 128714BB8CE2635B89832C Scan Type : Deep Scan Duration : 19m 48s Scanned Objects : 136654 Detected Objects : 4 Excluded Objects : 0 Read Level : SCSI Auto Upload : Enabled Detect All Extensions : Disabled Scan Documents : Disabled Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- CouponPrinter.ocx Status : Scanned Object : %systemroot%\couponprinter.ocx MD5 : CE0F193FE18CE21432B435EE4B1A077F Publisher : Coupons, Inc. Size : 444520 Version : 5.0.2.8 Detection : Adware:Win32/Coupons!Ep Cleaning Action : Quarantine Related Objects : File - %systemroot%\couponprinter.ocx npMozCouponPrinter.dll Status : Scanned Object : %programfiles%\google\chrome\application\plugins\npmozcouponprinter.dll MD5 : B12E8BD446DC6CB9F3D4C7F54EB98DD9 Publisher : Coupons, Inc. Size : 247912 Version : 5.0.2.8 Detection : Adware:Win32/Coupons!Es Cleaning Action : Quarantine Related Objects : File - %programfiles%\google\chrome\application\plugins\npmozcouponprinter.dll npMozCouponPrinter.dll Status : Scanned Object : %programw6432%\mozilla firefox\plugins\npmozcouponprinter.dll MD5 : B12E8BD446DC6CB9F3D4C7F54EB98DD9 Publisher : Coupons, Inc. Size : 247912 Version : 5.0.2.8 Detection : Adware:Win32/Coupons!Es Cleaning Action : Quarantine Related Objects : File - %programw6432%\mozilla firefox\plugins\npmozcouponprinter.dll npCouponPrinter.dll Status : Scanned Object : %programw6432%\mozilla firefox\plugins\npcouponprinter.dll MD5 : FCB02678C3397912210F8F68A8CCC121 Publisher : Coupons, Inc. Size : 247912 Version : 5.0.2.8 Detection : Adware:Win32/Coupons!Ep Cleaning Action : Quarantine Related Objects : File - %programw6432%\mozilla firefox\plugins\npcouponprinter.dll Cleaning Result ------------------------------------------------------- Cleaned : 4 Reported as safe : 0 Failed : 0
  12. kevinf80 - i think i figured it out by saving everything to my DESKTOP !! Here is the log you requested. thanks, Susan Fix result of Farbar Recovery Scan Tool (x64) Version: 11-08-2016 01 Ran by admin (2016-08-12 17:37:28) Run:2 Running from C:\Users\admin\Downloads Loaded Profiles: admin (Available Profiles: admin) Boot Mode: Normal ============================================== fixlist content: ***************** Start Hosts: CMD: ipconfig /flushdns EmptyTemp: end ***************** C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 16777216 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6478388 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 0 B Edge => 0 B Chrome => 427088488 B Firefox => 786432 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 0 B systemprofile32 => 128 B LocalService => 0 B NetworkService => 0 B admin => 54259 B RecycleBin => 0 B EmptyTemp: => 430.3 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 17:37:32 ==== Here is the REQUESTED LOG....THANKS and i look forward to your next instruction...Susan Zemana AntiMalware 2.21.2.465 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2016/8/13 Operating System : Windows 7 64-bit Processor : 2X Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz BIOS Mode : Legacy CUID : 128714BB8CE2635B89832C Scan Type : Smart Scan Duration : 2m 36s Scanned Objects : 14933 Detected Objects : 3 Excluded Objects : 0 Read Level : SCSI Auto Upload : Enabled Detect All Extensions : Disabled Scan Documents : Disabled Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- Chrome Startup Url Status : Scanned Object : http://search.conduit.com/?gd=&ctid=CT3328460&octid=EB_ORIGINAL_CTID&ISID=M8FE94CEC-F338-4064-8E29-2C6D07914328&SearchSource=55&CUI=&UM=5&UP=SPB52400FF-87D0-4E70-9789-43B3DE37BB8E&SSPV= MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Related Objects : Browser Setting - Chrome Startup Url CouponPrinterCPS.exe Status : Scanned Object : %userprofile%\downloads\couponprintercps.exe MD5 : 5EAA571CEED177142F8111B1FC68E6E3 Publisher : Coupons, Inc. Size : 3030672 Version : 5.0.1.8 Detection : Adware:Win32/Coupons!Ep Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\couponprintercps.exe couponprinter_x64.ocx Status : Scanned Object : %systemroot%\couponprinter_x64.ocx MD5 : 459D396792ECF523870DBDED8C263E0B Publisher : Coupons, Inc. Size : 659048 Version : 5.0.2.8 Detection : Adware:Win32/Coupons!Ep Cleaning Action : Quarantine Related Objects : File - %systemroot%\couponprinter_x64.ocx Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\@ = C:\Windows\couponprinter_x64.ocx Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}\InprocServer32\@ = C:\Windows\couponprinter_x64.ocx Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\InprocServer32\@ = C:\Windows\couponprinter_x64.ocx Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\@ = C:\Windows\couponprinter_x64.ocx Cleaning Result ------------------------------------------------------- Cleaned : 3 Reported as safe : 0 Failed : 0
  13. kevinf80 - i think i figured it out by saving everything to my DESKTOP !! Here is the log you requested. thanks, Susan Fix result of Farbar Recovery Scan Tool (x64) Version: 11-08-2016 01 Ran by admin (2016-08-12 17:37:28) Run:2 Running from C:\Users\admin\Downloads Loaded Profiles: admin (Available Profiles: admin) Boot Mode: Normal ============================================== fixlist content: ***************** Start Hosts: CMD: ipconfig /flushdns EmptyTemp: end ***************** C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 16777216 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6478388 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 0 B Edge => 0 B Chrome => 427088488 B Firefox => 786432 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 0 B systemprofile32 => 128 B LocalService => 0 B NetworkService => 0 B admin => 54259 B RecycleBin => 0 B EmptyTemp: => 430.3 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 17:37:32 ====
  14. Hello Kevin...is something gone wrong ? I have not heard from you in over 20 hours ? Please let me know what to do next as my PC is still running very, very slow. thanks, Susan
  15. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2016 01 Ran by admin (2016-08-11 11:15:18) Running from C:\Users\admin\Downloads Windows 7 Professional Service Pack 1 (X64) (2015-12-05 20:48:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= admin (S-1-5-21-1349422086-3594093139-2326080880-1000 - Administrator - Enabled) => C:\Users\admin Administrator (S-1-5-21-1349422086-3594093139-2326080880-500 - Administrator - Disabled) Guest (S-1-5-21-1349422086-3594093139-2326080880-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) ANIWZCS2 Service (HKLM-x32\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.8) (Version: 5.0.1.8 - Coupons.com Incorporated) D-Link RangeBooster N DWA-140 (HKLM-x32\...\{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}) (Version: - D-Link) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Mozilla Firefox 47.0 (x64 en-US) (HKLM\...\Mozilla Firefox 47.0 (x64 en-US)) (Version: 47.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla) Norton 360 (HKLM-x32\...\N360) (Version: 22.7.0.76 - Symantec Corporation) Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation) P@H-Protocol (HKLM-x32\...\{A2CB3AFC-E449-408A-BF4F-FE64EB1899D8}) (Version: 3.0.8.7 - Valassis) P@H-Protocol (HKLM-x32\...\{C24A3361-4C8A-4779-A3F3-BCD5BCD574CB}) (Version: 3.0.8.9 - Valassis) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {025F8DF4-64D8-4607-91E2-8DB721E113D4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-02] (Google Inc.) Task: {0FE85E4B-4EFA-4382-975F-B67EA662093C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate [Argument = -crl -hms -pscn 15] Task: {1772C1B6-9A28-478B-A854-0E9FE31F06F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate [Argument = $(Arg0)] Task: {22B11E09-3C3D-4AED-B242-8B023B012CD6} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {26461CE5-7331-4AE8-9FF7-C95903FD36C1} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2016-06-16] (Symantec Corporation) Task: {27848D06-8774-4E6E-A428-1F03608126A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-02] (Google Inc.) Task: {573C0539-0DBF-4B96-A5E3-758135DACF90} - System32\Tasks\SpeedDiskSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe [2015-03-17] () Task: {5932453D-3E20-40D4-B670-F14FCF1D6960} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\WSCStub.exe [2016-06-16] (Symantec Corporation) Task: {8391C23E-1E81-4510-B20B-7717618CA5D0} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec [Argument = /StartRecording] Task: {8DBEC97D-7CA8-496C-8787-B4E92F3BDC92} - System32\Tasks\NUAutoUpdate => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2015-03-17] (Symantec) Task: {AA82EAFE-BD09-4B37-B1FE-DE03F127624D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec [Argument = /RestartRecording] Task: {B071FC9F-B6E6-48F7-90DF-D9DE1E73628A} - System32\Tasks\NUSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe [2015-03-17] (Symantec) Task: {CB0E5F5E-152D-449E-A8C6-E94732975416} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated) Task: {CDFDABC5-84A8-497F-A291-040A410BF7C9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd) Task: {E70F4A64-BA25-4DE8-8FEC-E22F49AD639D} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\NUAutoUpdate.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe Task: C:\Windows\Tasks\NUSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe Task: C:\Windows\Tasks\SpeedDiskSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-01-02 17:59 - 2009-07-08 00:10 - 00151552 _____ () C:\Windows\SysWOW64\ANIWConnService.exe 2016-01-02 17:58 - 2009-06-01 18:23 - 00315392 _____ () C:\Program Files (x86)\D-Link\DWA-140 revB\ANIOApi.dll 2016-01-02 19:17 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\admin\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll 2016-01-02 19:17 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\admin\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll 2016-01-02 17:59 - 2009-06-01 18:23 - 00315392 _____ () C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll 2016-08-04 20:44 - 2016-08-02 19:54 - 17602240 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [169] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1349422086-3594093139-2326080880-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{169A1762-6872-488E-915C-262671078A5B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{02A71B41-5ADA-42B7-9CA0-3FC493B9672B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{5C257304-6275-41F8-893F-3BCC7101FF16}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 09-08-2016 15:30:53 VRQTool v5.0.22.270 09-08-2016 15:37:32 Created by Norton Utilities 09-08-2016 18:48:10 Created by Norton Utilities 10-08-2016 14:39:20 Created by Norton Utilities 10-08-2016 15:29:57 Created by Norton Utilities 10-08-2016 17:47:59 Created by Norton Utilities 10-08-2016 20:38:58 Installed Sophos Virus Removal Tool. ==================== Faulty Device Manager Devices ============= Name: PS/2 Compatible Mouse Description: PS/2 Compatible Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (08/10/2016 05:48:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/10/2016 03:31:03 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/10/2016 02:40:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/09/2016 06:49:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/09/2016 06:47:50 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/09/2016 06:47:50 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/09/2016 06:47:50 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/09/2016 06:47:50 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Error: (08/09/2016 06:47:50 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/09/2016 06:47:50 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) System errors: ============= Error: (08/10/2016 05:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Coupon Printer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (08/10/2016 05:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (08/10/2016 05:46:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Norton Utilities 16 Start Manager Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/10/2016 05:46:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ANIWConn Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/10/2016 05:46:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (08/10/2016 01:57:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ANIWConn Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/09/2016 06:47:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (08/09/2016 06:47:50 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473535. Error: (08/09/2016 03:48:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ANIWConn Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/08/2016 02:02:13 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz Percentage of memory in use: 34% Total physical RAM: 3991.25 MB Available physical RAM: 2605.15 MB Total Virtual: 7980.68 MB Available Virtual: 5452.64 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.79 GB) (Free:200.73 GB) NTFS Drive e: (TOSHIBA) (Removable) (Total:7.21 GB) (Free:6.91 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 6713CB91) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 7.2 GB) (Disk ID: 41AA157C) Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B) ==================== End of Addition.txt ============================ Start Hosts: CMD: ipconfig /flushdns EmptyTemp: end the SOPHUS virus removal tool said: Scan results - your computer is clean; Number of threats found = 0. For some reason I WAS UNABLE TO do the fxlst command you said for me to do above. This is what popped up on my screen...but then I didn't know what to do ...please advise. My PC is STILL ACTING very lethargic and slow...I don't know what else to do....I HAVE not gotten any more of those Symantic error pop ups telling me that CONDUIT is blocking a site...so I need any additional info or assistance you can think of..thanks,,,Susan
  16. --------------------------------------------------------------------------------------- kevingf80 - MY PC is acting very, very slow and that is UNUSUAL. Is Conduit buried in my PC somewhere as I kept getting SYMANTEC ERROR MESSAGES saying something about the websites I was accessing were NOT GOOD and being prohibited by my Norton from me entering it ? Also, when i ran malewarebytes the first time, that is when I saw the CONDUIT notice and QUARANTINED IT....does that GET RID OF IT ? Here are the logs below you requested and I look forward to your next instruction. thanks, Susan Wed. 8/10/16 at 6:13 pm edst Microsoft Windows Malicious Software Removal Tool v5.39, August 2016 (build 5.39.12900.0) Started On Wed Aug 10 17:56:41 2016 Engine: 1.1.12902.0 Signatures: 1.225.2592.0 Run Mode: Interactive Graphical Mode --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.39, August 2016 (build 5.39.12900.0) Started On Wed Aug 10 18:01:00 2016 Engine: 1.1.12902.0 Signatures: 1.225.2592.0 Run Mode: Interactive Graphical Mode # AdwCleaner v5.201 - Logfile created 10/08/2016 at 17:46:13 # Updated 30/06/2016 by ToolsLib # Database : 2016-08-10.2 [Server] # Operating system : Windows 7 Professional Service Pack 1 (X64) # Username : admin - ADMIN-PC # Running from : C:\Users\admin\Downloads\AdwCleaner.exe # Option : Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** [-] Service Deleted : CouponPrinterService ***** [ Folders ] ***** [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons [-] Folder Deleted : C:\Program Files (x86)\Coupons [-] Folder Deleted : C:\Program Files (x86)\Yahoo!\yset [-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil [-] Folder Deleted : C:\Users\admin\AppData\Local\YSearchUtil ***** [ Files ] ***** ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [1655 bytes] - [10/08/2016 17:46:13] C:\AdwCleaner\AdwCleaner[S1].txt - [1652 bytes] - [10/08/2016 17:45:03] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1801 bytes] ##########
  17. kevinf80 - here are the logs you asked for. I look forward to your next instruction. thanks, Susan Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2016 Ran by admin (2016-08-10 15:04:40) Running from C:\Users\admin\Downloads Windows 7 Professional Service Pack 1 (X64) (2015-12-05 20:48:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= admin (S-1-5-21-1349422086-3594093139-2326080880-1000 - Administrator - Enabled) => C:\Users\admin Administrator (S-1-5-21-1349422086-3594093139-2326080880-500 - Administrator - Disabled) Guest (S-1-5-21-1349422086-3594093139-2326080880-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton 360 (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton 360 (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) ANIWZCS2 Service (HKLM-x32\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.8) (Version: 5.0.1.8 - Coupons.com Incorporated) D-Link RangeBooster N DWA-140 (HKLM-x32\...\{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}) (Version: - D-Link) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Mozilla Firefox 47.0 (x64 en-US) (HKLM\...\Mozilla Firefox 47.0 (x64 en-US)) (Version: 47.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla) Norton 360 (HKLM-x32\...\N360) (Version: 22.7.0.76 - Symantec Corporation) Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation) P@H-Protocol (HKLM-x32\...\{A2CB3AFC-E449-408A-BF4F-FE64EB1899D8}) (Version: 3.0.8.7 - Valassis) P@H-Protocol (HKLM-x32\...\{C24A3361-4C8A-4779-A3F3-BCD5BCD574CB}) (Version: 3.0.8.9 - Valassis) Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {025F8DF4-64D8-4607-91E2-8DB721E113D4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-02] (Google Inc.) Task: {22B11E09-3C3D-4AED-B242-8B023B012CD6} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {26461CE5-7331-4AE8-9FF7-C95903FD36C1} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2016-06-16] (Symantec Corporation) Task: {27848D06-8774-4E6E-A428-1F03608126A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-02] (Google Inc.) Task: {573C0539-0DBF-4B96-A5E3-758135DACF90} - System32\Tasks\SpeedDiskSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe [2015-03-17] () Task: {5932453D-3E20-40D4-B670-F14FCF1D6960} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\WSCStub.exe [2016-06-16] (Symantec Corporation) Task: {8DBEC97D-7CA8-496C-8787-B4E92F3BDC92} - System32\Tasks\NUAutoUpdate => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2015-03-17] (Symantec) Task: {B071FC9F-B6E6-48F7-90DF-D9DE1E73628A} - System32\Tasks\NUSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe [2015-03-17] (Symantec) Task: {CB0E5F5E-152D-449E-A8C6-E94732975416} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated) Task: {CDFDABC5-84A8-497F-A291-040A410BF7C9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd) Task: {E70F4A64-BA25-4DE8-8FEC-E22F49AD639D} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\NUAutoUpdate.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe Task: C:\Windows\Tasks\NUSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe Task: C:\Windows\Tasks\SpeedDiskSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-01-02 17:59 - 2009-07-08 00:10 - 00151552 _____ () C:\Windows\SysWOW64\ANIWConnService.exe 2016-01-02 17:58 - 2009-06-01 18:23 - 00315392 _____ () C:\Program Files (x86)\D-Link\DWA-140 revB\ANIOApi.dll 2016-01-02 19:17 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\admin\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll 2016-01-02 19:17 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\admin\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll 2016-01-02 17:59 - 2009-06-01 18:23 - 00315392 _____ () C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll 2016-08-04 20:44 - 2016-08-02 19:54 - 17602240 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [169] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1349422086-3594093139-2326080880-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{169A1762-6872-488E-915C-262671078A5B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{02A71B41-5ADA-42B7-9CA0-3FC493B9672B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{5C257304-6275-41F8-893F-3BCC7101FF16}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 09-08-2016 15:30:53 VRQTool v5.0.22.270 09-08-2016 15:37:32 Created by Norton Utilities 09-08-2016 18:48:10 Created by Norton Utilities 10-08-2016 14:39:20 Created by Norton Utilities ==================== Faulty Device Manager Devices ============= Name: PS/2 Compatible Mouse Description: PS/2 Compatible Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (08/10/2016 02:40:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/09/2016 06:49:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/09/2016 06:47:50 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/09/2016 06:47:50 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/09/2016 06:47:50 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/09/2016 06:47:50 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Error: (08/09/2016 06:47:50 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/09/2016 06:47:50 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (08/09/2016 06:47:50 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/09/2016 06:47:50 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) System errors: ============= Error: (08/10/2016 01:57:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ANIWConn Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/09/2016 06:47:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (08/09/2016 06:47:50 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473535. Error: (08/09/2016 03:48:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ANIWConn Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/08/2016 02:02:13 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (08/08/2016 02:00:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems. Error: (08/08/2016 01:59:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems. Error: (08/06/2016 01:05:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ANIWConn Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/06/2016 01:00:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems. Error: (08/06/2016 12:41:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz Percentage of memory in use: 40% Total physical RAM: 3991.25 MB Available physical RAM: 2372.27 MB Total Virtual: 7980.68 MB Available Virtual: 6024.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.79 GB) (Free:203.14 GB) NTFS Drive e: (TOSHIBA) (Removable) (Total:7.21 GB) (Free:6.91 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 6713CB91) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 7.2 GB) (Disk ID: 41AA157C) Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B) ==================== End of Addition.txt ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-08-2016 Ran by admin (administrator) on ADMIN-PC (10-08-2016 15:04:08) Running from C:\Users\admin\Downloads Loaded Profiles: admin (Available Profiles: admin) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Windows\SysWOW64\ANIWConnService.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\n360.exe (PC Tools) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\n360.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe (Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\conathst.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Wireless Service) C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [D-Link D-Link RangeBooster N DWA-140] => C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe [1708032 2009-09-18] (D-Link Corp.) HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106072 2015-03-17] (Symantec Corporation) HKU\S-1-5-21-1349422086-3594093139-2326080880-1000\...\Policies\Explorer: [NoInstrumentation] 1 ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{B91438F6-BE6F-4A59-829C-1080D4E6D097}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-05] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-05] (Oracle Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-05] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-05] (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) Toolbar: HKU\S-1-5-21-1349422086-3594093139-2326080880-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) DPF: HKLM-x32 {413D6754-BFD4-47FE-9346-319559290BFA} hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_v.cab FireFox: ======== FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\q417jq7i.default-1470770496988 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] () FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-05] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-05] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2016-01-10] (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] () FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-05] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-05] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2016-01-10] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2015-09-18] (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.) FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.4.24\coFFAddon FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.4.24\coFFAddon [2016-06-16] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.4.24\coFFAddon Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-02] CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-02] CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-02] CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-02] CHR Extension: (Norton Security Toolbar) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-07-05] CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-02] CHR Extension: (Norton Home Page for Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-08-09] CHR Extension: (Google Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-02] CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31] CHR Extension: (Norton Identity Safe) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-01-02] CHR Extension: (Google Hangouts) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-01-02] CHR Extension: (Norton Safe) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-03-31] CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-10] CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-02] CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-05] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-20] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-20] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ANIWConnService; C:\Windows\SysWOW64\ANIWConnService.exe [151552 2009-07-08] () [File not signed] R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2015-09-18] (Coupons.com Inc.) S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1150552 2015-03-17] (Symantec Corporation) R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\N360.exe [289080 2016-06-17] (Symantec Corporation) R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [795736 2015-03-17] (PC Tools) S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1163864 2015-03-17] (Symantec Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] () R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\BASHDefs\20160802.002\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1607000.04C\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation) R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-10] (Intel Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\IPSDefs\20160809.001\IDSvia64.sys [876760 2016-07-07] (Symantec Corporation) R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-06] (Ralink Technology Corp.) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1607000.04C\SRTSP64.SYS [773368 2016-07-20] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1607000.04C\SRTSPX64.SYS [48888 2016-06-01] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-01] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-06-15] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1607000.04C\Ironx64.SYS [291056 2016-06-01] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1607000.04C\SYMNETS.SYS [567536 2016-06-01] (Symantec Corporation) S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\SDSDefs\20160616.002\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\SDSDefs\20160616.002\EX64.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-10 15:04 - 2016-08-10 15:04 - 00014892 _____ C:\Users\admin\Downloads\FRST.txt 2016-08-10 15:03 - 2016-08-10 15:04 - 00000000 ____D C:\FRST 2016-08-10 15:03 - 2016-08-10 15:03 - 02393600 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe 2016-08-10 14:34 - 2016-08-10 14:34 - 00001096 _____ C:\mban file on wed 8 10 2016 requested by kevinf80.txt 2016-08-10 14:22 - 2016-08-10 14:22 - 00001031 _____ C:\Users\admin\Documents\rkill log wed 8 10 2016 first run per kevinf80 request.txt 2016-08-10 14:07 - 2016-08-10 14:07 - 22851472 _____ (Malwarebytes ) C:\Users\admin\Downloads\mbam-setup-2.2.1.1043 (1).exe 2016-08-10 14:02 - 2016-08-10 14:02 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\admin\Downloads\rkill (1).exe 2016-08-10 13:57 - 2016-08-10 14:21 - 00002416 _____ C:\Users\admin\Desktop\Rkill.txt 2016-08-10 13:56 - 2016-08-10 13:57 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\admin\Downloads\rkill.exe 2016-08-10 12:31 - 2016-08-10 12:35 - 00000000 ____D C:\Users\admin\AppData\Local\NPE 2016-08-09 18:38 - 2016-08-09 18:38 - 01596968 _____ (LogMeIn, Inc.) C:\Users\admin\Downloads\Support-LogMeInRescue (2).exe 2016-08-09 18:38 - 2016-08-09 18:38 - 01596968 _____ (LogMeIn, Inc.) C:\Users\admin\Downloads\Support-LogMeInRescue (1).exe 2016-08-09 15:48 - 2016-08-09 15:48 - 00007091 _____ C:\Users\admin\Documents\NORTON CHAT RE CONDUIT 8 9 2016.txt 2016-08-09 15:39 - 2016-08-09 15:39 - 00000000 ____D C:\ProgramData\vrq_logs 2016-08-09 15:26 - 2016-08-09 15:26 - 00003710 _____ C:\Users\admin\Documents\bookmark.htm 2016-08-09 15:22 - 2016-08-09 15:22 - 00172270 _____ C:\Users\admin\Documents\bookmarks_8_9_16.html 2016-08-09 15:21 - 2016-08-09 15:21 - 00027345 _____ C:\Users\admin\Documents\bookmarks.html 2016-08-09 15:21 - 2016-08-09 15:21 - 00000000 ____D C:\Users\admin\Desktop\Old Firefox Data 2016-08-09 15:13 - 2016-08-09 15:39 - 00000000 ____D C:\ProgramData\Norton VRQ 2016-08-09 15:12 - 2016-08-09 15:12 - 02524768 _____ (Symantec Corporation ) C:\Users\admin\Downloads\VRQ_Installer.exe 2016-08-09 15:05 - 2016-08-09 15:05 - 01596968 _____ (LogMeIn, Inc.) C:\Users\admin\Downloads\Support-LogMeInRescue.exe 2016-08-08 15:54 - 2016-08-08 15:54 - 00987728 _____ (Google Inc.) C:\Users\admin\Downloads\ChromeSetup.exe 2016-08-08 12:02 - 2016-08-08 12:02 - 00001892 _____ C:\Users\admin\Documents\cc_20160808_120234.reg 2016-08-05 13:03 - 2016-08-05 13:03 - 00055643 _____ C:\Users\admin\Downloads\-documents-form-aa_claim_form.pdf 2016-08-05 13:03 - 2016-08-05 13:03 - 00055643 _____ C:\Users\admin\Downloads\-documents-form-aa_claim_form (1).pdf 2016-08-05 11:26 - 2016-08-05 11:25 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll 2016-08-05 10:45 - 2016-08-05 10:45 - 00003500 _____ C:\Users\admin\Documents\cc_20160805_104522.reg 2016-08-05 10:41 - 2016-08-05 10:41 - 00000442 _____ C:\Users\admin\Documents\DUNN NC WEDDING MAP OCTOBER 2016 ADDRESSES OF IMPORTANCE.txt 2016-08-05 09:57 - 2016-08-05 09:59 - 00000000 ____D C:\95ab966681260710a7072e355e26 2016-08-05 09:31 - 2016-03-16 14:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll 2016-08-05 09:31 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll 2016-08-05 09:31 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll 2016-08-05 09:30 - 2016-05-12 13:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-08-05 09:30 - 2016-05-12 13:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-08-05 09:30 - 2016-05-12 13:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-08-05 09:30 - 2016-05-12 13:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-08-05 09:30 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll 2016-08-05 09:30 - 2016-05-12 13:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-08-05 09:30 - 2016-05-12 13:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-08-05 09:30 - 2016-05-12 13:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-08-05 09:30 - 2016-05-12 13:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-08-05 09:30 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll 2016-08-05 09:30 - 2016-05-12 13:14 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll 2016-08-05 09:30 - 2016-05-12 13:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-08-05 09:30 - 2016-05-12 13:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-08-05 09:30 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL 2016-08-05 09:30 - 2016-05-12 13:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-08-05 09:30 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll 2016-08-05 09:30 - 2016-05-12 13:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-08-05 09:30 - 2016-05-12 13:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-08-05 09:30 - 2016-05-12 13:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-08-05 09:30 - 2016-05-12 13:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-08-05 09:30 - 2016-05-12 13:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-08-05 09:30 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll 2016-08-05 09:30 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll 2016-08-05 09:30 - 2016-05-12 13:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-08-05 09:30 - 2016-05-12 13:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-08-05 09:30 - 2016-05-12 13:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll 2016-08-05 09:30 - 2016-05-12 13:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-08-05 09:30 - 2016-05-12 13:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-08-05 09:30 - 2016-05-12 11:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-08-05 09:30 - 2016-05-12 11:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-08-05 09:30 - 2016-05-12 11:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll 2016-08-05 09:30 - 2016-05-12 11:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-08-05 09:30 - 2016-05-12 11:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-08-05 09:30 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll 2016-08-05 09:30 - 2016-05-12 11:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-08-05 09:30 - 2016-05-12 11:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-08-05 09:30 - 2016-05-12 11:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-08-05 09:30 - 2016-05-12 11:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-08-05 09:30 - 2016-05-12 11:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-08-05 09:30 - 2016-05-12 11:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-08-05 09:30 - 2016-05-12 11:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-08-05 09:30 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll 2016-08-05 09:30 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll 2016-08-05 09:30 - 2016-05-12 11:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-08-05 09:30 - 2016-05-12 11:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-08-05 09:30 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll 2016-08-05 09:30 - 2016-05-12 11:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-08-05 09:30 - 2016-05-12 11:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-08-05 09:30 - 2016-05-12 11:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe 2016-08-05 09:30 - 2016-05-12 11:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-08-05 09:30 - 2016-05-12 10:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2016-08-05 09:30 - 2016-05-12 10:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2016-08-05 09:30 - 2016-05-12 10:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-08-05 09:30 - 2016-05-12 10:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2016-08-05 09:30 - 2016-05-12 10:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-08-05 09:30 - 2016-05-12 10:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-08-05 09:30 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll 2016-08-05 09:30 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-08-05 09:30 - 2016-05-12 10:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe 2016-08-05 09:30 - 2016-05-12 10:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-08-05 09:30 - 2016-05-12 10:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-08-05 09:30 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2016-08-05 09:30 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2016-08-05 09:30 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2016-08-05 09:30 - 2016-04-09 03:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-08-05 09:30 - 2016-04-09 03:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-08-05 09:30 - 2016-04-09 03:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-08-05 09:30 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-08-05 09:30 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-08-05 09:30 - 2016-04-09 02:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-08-05 09:30 - 2016-04-09 02:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-08-05 09:30 - 2016-04-09 02:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-08-05 09:30 - 2016-04-09 02:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-08-05 09:30 - 2016-04-09 02:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-08-05 09:30 - 2016-04-09 02:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-08-05 09:30 - 2016-04-09 02:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-08-05 09:30 - 2016-04-09 02:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 01:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-08-05 09:30 - 2016-04-09 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-08-05 09:30 - 2016-04-09 01:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-08-05 09:30 - 2016-04-09 01:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-08-05 09:30 - 2016-04-09 01:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-08-05 09:30 - 2016-04-09 01:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-08-05 09:30 - 2016-04-09 01:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-08-05 09:30 - 2016-04-09 01:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-08-05 09:30 - 2016-04-09 01:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-08-05 09:30 - 2016-04-09 01:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-08-05 09:30 - 2016-04-09 01:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 01:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 01:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-08-05 09:30 - 2016-04-09 01:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-08-05 09:30 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-08-05 09:30 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-08-05 09:30 - 2016-03-09 15:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll 2016-08-05 09:30 - 2016-03-09 14:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll 2016-08-05 09:30 - 2016-02-09 05:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2016-08-05 09:30 - 2016-02-09 05:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2016-08-05 09:30 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2016-08-05 09:30 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2016-08-05 09:30 - 2016-02-09 05:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2016-08-05 09:30 - 2016-02-09 05:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2016-08-05 09:30 - 2016-02-09 05:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2016-08-05 09:30 - 2016-02-09 05:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2016-08-05 09:30 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2016-08-05 09:30 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2016-08-05 09:29 - 2016-06-25 20:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-08-05 09:29 - 2016-06-25 20:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-08-05 09:29 - 2016-06-25 20:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2016-08-05 09:29 - 2016-06-25 20:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2016-08-05 09:29 - 2016-06-25 20:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll 2016-08-05 09:29 - 2016-06-25 20:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll 2016-08-05 09:29 - 2016-06-25 20:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll 2016-08-05 09:29 - 2016-06-25 15:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2016-08-05 09:29 - 2016-06-25 15:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll 2016-08-05 09:29 - 2016-06-25 15:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe 2016-08-05 09:29 - 2016-06-25 15:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe 2016-08-05 09:29 - 2016-06-25 15:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe 2016-08-05 09:29 - 2016-06-22 09:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2016-08-05 09:29 - 2016-06-17 14:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-08-05 09:29 - 2016-06-17 14:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-08-05 09:29 - 2016-06-17 14:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-08-05 09:29 - 2016-06-17 14:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-08-05 09:29 - 2016-06-17 14:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2016-08-05 09:29 - 2016-06-17 14:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-08-05 09:29 - 2016-06-14 11:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-08-05 09:29 - 2016-05-18 12:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-08-05 09:29 - 2016-05-18 12:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-08-05 09:29 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-08-05 09:29 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2016-08-05 09:29 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-08-05 09:29 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2016-08-05 09:29 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2016-08-05 09:29 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2016-08-05 09:29 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2016-08-05 09:29 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2016-08-05 09:29 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2016-08-05 09:29 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2016-08-05 09:29 - 2016-05-12 13:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-08-05 09:29 - 2016-05-12 11:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-08-05 09:29 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll 2016-08-05 09:29 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll 2016-08-05 09:29 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2016-08-05 09:29 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll 2016-08-05 09:29 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll 2016-08-05 09:29 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll 2016-08-05 09:29 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2016-08-05 09:29 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll 2016-08-05 09:29 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe 2016-08-05 09:29 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe 2016-08-05 09:29 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys 2016-08-05 09:29 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2016-08-05 09:29 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2016-08-05 09:29 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2016-08-05 09:29 - 2016-04-06 11:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2016-08-05 09:29 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll 2016-08-05 09:29 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll 2016-08-05 09:29 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll 2016-08-05 09:29 - 2016-03-09 14:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2016-08-05 09:29 - 2016-03-09 14:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2016-08-05 09:29 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2016-08-05 09:29 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2016-08-05 09:29 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2016-08-05 09:29 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2016-08-05 09:29 - 2016-02-12 14:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-08-05 09:29 - 2016-02-12 14:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-08-05 09:29 - 2016-02-12 14:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-08-05 09:29 - 2016-02-12 14:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2016-08-05 09:29 - 2016-02-12 14:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2016-08-05 09:29 - 2016-02-12 14:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-08-05 09:29 - 2016-02-12 14:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-08-05 09:29 - 2016-02-12 14:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-08-05 09:29 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-08-05 09:29 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-08-05 09:29 - 2016-02-12 14:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2016-08-05 09:29 - 2016-02-12 14:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2016-08-05 09:29 - 2016-02-12 14:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2016-08-05 09:29 - 2016-02-12 14:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2016-08-05 09:29 - 2016-02-12 14:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2016-08-05 09:29 - 2016-02-12 14:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2016-08-05 09:29 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll 2016-08-05 09:29 - 2016-02-05 15:03 - 00147904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys 2016-08-05 09:29 - 2016-02-05 14:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll 2016-08-05 09:29 - 2016-02-05 14:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll 2016-08-05 09:29 - 2016-02-05 13:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll 2016-08-05 09:29 - 2016-02-03 14:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2016-08-05 09:29 - 2016-02-03 14:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-08-05 09:29 - 2016-02-03 14:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2016-08-05 09:29 - 2016-02-03 14:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2016-08-05 09:29 - 2016-02-02 14:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2016-08-05 09:29 - 2016-01-20 20:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys 2016-08-05 09:29 - 2016-01-11 15:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2016-08-05 09:29 - 2015-06-03 16:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2016-08-05 09:18 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2016-08-05 09:13 - 2016-04-14 12:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2016-08-05 09:13 - 2016-04-14 12:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2016-08-05 09:13 - 2016-04-14 12:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-08-05 09:13 - 2016-04-14 12:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2016-08-05 09:13 - 2016-04-14 12:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2016-08-05 09:13 - 2016-04-14 12:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2016-08-05 09:13 - 2016-04-14 11:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2016-08-05 09:13 - 2016-04-14 11:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-08-05 09:13 - 2016-04-14 11:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2016-08-05 09:13 - 2016-04-14 11:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2016-08-05 09:13 - 2016-04-14 11:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2016-08-05 09:13 - 2016-04-14 11:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2016-08-05 09:13 - 2016-02-04 21:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll 2016-08-05 09:13 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll 2016-08-04 21:06 - 2016-08-04 21:06 - 00004421 _____ C:\Users\admin\Documents\IHG CHAT RE LISBON TRIP AND RESERVATION ON SEPT 1 2016 AND REQUESTED CHANGE WITH GODFREY.txt 2016-08-03 18:46 - 2016-08-03 18:46 - 02167752 _____ (Valassis) C:\Users\admin\Downloads\P@H_prod308-lQvqvyb3.exe 2016-07-28 11:54 - 2016-07-28 11:54 - 00013515 _____ C:\Users\admin\Downloads\X414d5120514552504d51303120202020577f93aa262e2d79.pdf 2016-07-28 11:54 - 2016-07-28 11:54 - 00013515 _____ C:\Users\admin\Downloads\X414d5120514552504d51303120202020577f93aa262e2d79 (2).pdf 2016-07-28 11:54 - 2016-07-28 11:54 - 00013515 _____ C:\Users\admin\Downloads\X414d5120514552504d51303120202020577f93aa262e2d79 (1).pdf 2016-07-24 09:42 - 2016-07-24 09:42 - 08136664 _____ (Piriform Ltd) C:\Users\admin\Downloads\ccsetup520.exe 2016-07-22 12:52 - 2016-07-22 12:52 - 00000842 _____ C:\Users\admin\Documents\SEO EXPRESS SCRIPTS JULY 21 2016 INFO FOR HER PRESCRIPTION COSTS DIFFERING.txt 2016-07-13 11:51 - 2016-07-13 11:51 - 07991656 _____ (Piriform Ltd) C:\Users\admin\Downloads\ccsetup519 (2).exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-10 14:46 - 2016-01-02 18:04 - 00003284 _____ C:\Windows\SysWOW64\ANIWZCS{B91438F6-BE6F-4A59-829C-1080D4E6D097} 2016-08-10 14:46 - 2016-01-02 18:04 - 00003284 _____ C:\Users\admin\AppData\Roaming\ANIWZCS{B91438F6-BE6F-4A59-829C-1080D4E6D097} 2016-08-10 14:46 - 2009-07-14 00:45 - 00022288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-08-10 14:46 - 2009-07-14 00:45 - 00022288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-08-10 14:41 - 2016-04-03 13:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-08-10 14:40 - 2016-01-18 12:53 - 00000282 _____ C:\Windows\Tasks\NUSchedule.job 2016-08-10 14:40 - 2016-01-18 12:51 - 00000000 ____D C:\Users\admin\AppData\Roaming\Norton Utilities 16 2016-08-10 14:40 - 2016-01-18 12:50 - 00000000 ____D C:\ProgramData\TEMP 2016-08-10 14:38 - 2016-01-18 13:59 - 00000000 ____D C:\Users\admin\AppData\Local\LogMeIn Rescue Applet 2016-08-10 14:38 - 2016-01-18 12:53 - 00000288 _____ C:\Windows\Tasks\NUAutoUpdate.job 2016-08-10 14:38 - 2016-01-02 15:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-08-10 14:38 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-08-10 14:34 - 2016-01-15 10:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-08-10 14:33 - 2016-01-02 15:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-08-10 12:31 - 2016-01-02 14:08 - 00000000 ____D C:\ProgramData\Norton 2016-08-10 05:53 - 2016-03-03 17:51 - 00000330 _____ C:\Windows\Tasks\SpeedDiskSchedule.job 2016-08-09 18:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf 2016-08-09 14:48 - 2016-01-02 19:13 - 00000000 ____D C:\Windows\System32\Tasks\Remediation 2016-08-06 09:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache 2016-08-05 11:26 - 2016-01-04 12:42 - 00000000 ____D C:\Program Files\Java 2016-08-05 11:26 - 2016-01-03 14:52 - 00000000 ____D C:\Program Files (x86)\Java 2016-08-05 11:26 - 2016-01-02 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-08-05 11:26 - 2016-01-02 18:11 - 00000000 ____D C:\ProgramData\Oracle 2016-08-05 11:25 - 2016-01-04 12:42 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2016-08-05 11:25 - 2016-01-02 18:11 - 00000000 ____D C:\Users\admin\.oracle_jre_usage 2016-08-05 11:24 - 2016-04-03 13:06 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-08-05 10:59 - 2009-07-14 01:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI 2016-08-05 10:51 - 2016-01-21 10:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-08-05 10:51 - 2016-01-21 10:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-08-05 10:51 - 2009-07-14 00:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT 2016-08-05 10:48 - 2016-01-10 06:56 - 00000000 ____D C:\Windows\system32\appraiser 2016-08-05 10:48 - 2011-04-12 03:51 - 00000000 ____D C:\Program Files\Windows Journal 2016-08-05 09:55 - 2016-01-21 10:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-08-05 09:53 - 2016-01-13 20:17 - 00000000 ____D C:\Windows\system32\MRT 2016-08-05 09:41 - 2016-01-13 20:17 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-08-04 20:45 - 2016-01-02 15:42 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-04 20:45 - 2016-01-02 15:42 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-07-28 20:28 - 2016-01-02 15:42 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-07-28 20:28 - 2016-01-02 15:42 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-07-24 09:43 - 2016-01-03 16:26 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-07-22 13:39 - 2016-04-30 13:13 - 01261568 _____ C:\Users\admin\s-1-5-21-1349422086-3594093139-2326080880-1000.rrr 2016-07-22 13:39 - 2016-04-30 13:13 - 00897024 _____ C:\Windows\system32\config\default.rrr 2016-07-22 13:39 - 2016-04-30 13:11 - 64770048 _____ C:\Windows\system32\config\software.rrr 2016-07-22 13:39 - 2015-12-05 16:48 - 00000000 ____D C:\Users\admin 2016-07-14 21:34 - 2016-01-15 10:26 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-07-14 21:34 - 2016-01-15 10:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-07-14 21:34 - 2016-01-15 10:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-07-12 18:34 - 2016-01-15 10:26 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-07-12 18:34 - 2016-01-15 10:26 - 00000000 ____D C:\Windows\system32\Macromed ==================== Files in the root of some directories ======= 2016-01-02 18:00 - 2016-01-02 18:02 - 0000258 _____ () C:\Users\admin\AppData\Roaming\ANICONFIG_{B91438F6-BE6F-4A59-829C-1080D4E6D097}.ini 2016-01-02 18:04 - 2016-08-10 14:46 - 0003284 _____ () C:\Users\admin\AppData\Roaming\ANIWZCS{B91438F6-BE6F-4A59-829C-1080D4E6D097} ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-08-06 09:47 http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 08/10/2016 02:03:06 PM in x64 mode. Windows Version: Windows 7 Professional Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual * TBS [Missing Service] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 08/10/2016 02:03:17 PM Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s) ==================== End of FRST.txt ============================ Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 8/10/2016 Scan Time: 2:14 PM Logfile: mban file on wed 8 10 2016 requested by kevinf80.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.08.10.10 Rootkit Database: v2016.08.09.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: admin Scan Type: Threat Scan Result: Completed Objects Scanned: 288256 Time Elapsed: 12 min, 22 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  18. I ran the malewarebytes scan and was advised that ONE file was found that was suspected maleware and it was Conduit. What do I need to do to eradicate CONDUIT from my PC ? Please let me know if you can HELP ME and I thank you for your help in advance. Susan
  19. Hi..here is the Addition.txt log that was requested. thank you for your help asap. Sue Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015 Ran by NewDesktop_3_2010 (2016-01-01 13:54:00) Running from C:\Users\NewDesktop_3_2010\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2010-03-17 02:05:21) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4200233565-3368421019-1326646657-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-4200233565-3368421019-1326646657-501 - Limited - Disabled) NewDesktop_3_2010 (S-1-5-21-4200233565-3368421019-1326646657-1002 - Administrator - Enabled) => C:\Users\NewDesktop_3_2010 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated) Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Amazon Cloud Player (HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Amazon Amazon Cloud Player) (Version: 2.1.0.381 - Amazon Services LLC) Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC) AnswerWorks 4.0 Runtime - English (HKLM-x32\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies) AnswerWorks 5.0 English Runtime (HKLM-x32\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics) AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft) ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft) ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft) ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft) ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft) ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft) CardRd81 (x32 Version: 4.00.0000.0004 - EASTMAN KODAK Company) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform) CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.4.0 - Conexant) CR2 (x32 Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Driver Download Manager (HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell) Dell System Detect (HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\73f463568823ebbe) (Version: 6.6.0.1 - Dell) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc) Elevated Installer (x32 Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Hidden EPSON Printer Software (HKLM-x32\...\EPSON Printer and Utilities) (Version: - ) ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden ESScore (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden Garmin Express (HKLM-x32\...\{cc3a3e9f-5960-4162-9538-497b3a82b52e}) (Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.) Graboid Video 3.58 (HKLM-x32\...\Graboid Video) (Version: 3.58 - Graboid Inc.) Graboid Video 3.58 Setup (HKLM-x32\...\{bcb1ff51-51a4-4048-b534-3a9b3aa4acce}) (Version: 3.5.8 - FUSENET) IBM ViaVoice Integration With 1-2-3 (HKLM-x32\...\IBM ViaVoice Integration With 123) (Version: - ) IBM ViaVoice Outloud Runtime - US English (HKLM-x32\...\VV_Outloud_En_US) (Version: - ) IBM ViaVoice Technology, Dictation Runtime 5.3 (HKLM-x32\...\DeleteProdRunDictate_US) (Version: - ) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) ItsDeductible Express (HKLM-x32\...\{36495C59-089C-49D1-BD15-9E5BD86DC9A1}) (Version: 1.00.0000 - Intuit) Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Keyboard Lock Status (HKLM-x32\...\{144A1586-E16C-448D-910D-E12ACD65DD98}) (Version: 1.00.0000 - Logitech) Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company) Lotus 1-2-3 (HKLM-x32\...\123Suite V99.0) (Version: - ) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony) Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony) Media Go Video Playback Engine 2.12.105.06300 (HKLM-x32\...\{14BF28ED-011F-64B1-F830-A5D351E6ACDB}) (Version: 2.12.105.06300 - Sony) Memeo AutoSync (HKLM-x32\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version: - Memeo Inc.) Memeo Backup (HKLM-x32\...\{82B2DB92-98CA-4a0e-B1BD-18B6E2D320CB}) (Version: - Memeo Inc.) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Easy Assist v2 (HKLM-x32\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation) Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.4276.0) (Version: 4.0.4276.0 - Microsoft Corporation) Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{64C12304-7010-43F3-A25B-BDC38DE41E46}) (Version: 4.0.4276.0 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 43.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.3 (x86 en-US)) (Version: 43.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.3.5835 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.5.15 - Symantec Corporation) Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation) novaPDF Professional Desktop 7.5 printer (HKLM\...\novaPDF Professional Desktop 7 printer_is1) (Version: - Softland) OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden oneworld Flight Map (HKLM-x32\...\com.innovatallc.FlightMapsDesktop.onw.EN) (Version: 8.2.19 - INNOVATA LLC) oneworld Flight Map (x32 Version: 8.2.19 - INNOVATA LLC) Hidden oneworld Timetables (HKLM-x32\...\ONEWORLD) (Version: - ) ParetoLogic Data Recovery (HKLM-x32\...\{B1C2398C-6FAB-46D1-806C-5942F0829994}) (Version: 1.1.0 - ParetoLogic) PDFZilla V1.2.9 (HKLM-x32\...\PDFZilla_is1) (Version: - PDFZilla, Inc.) PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC) Power E*TRADE Pro (HKLM-x32\...\{7FFF37C7-94A1-4CC0-B9FE-907F7542999D}) (Version: - ) PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.) Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.9.16 - Intuit) Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek) Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio) Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1554 - Memeo Inc.) SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.) staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden TurboTax 2008 (HKLM-x32\...\TurboTax 2008) (Version: - ) TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version: - Intuit, Inc) TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc) TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc) TurboTax Deluxe 2004 (HKLM-x32\...\TurboTax Deluxe 2004) (Version: - ) TurboTax Deluxe 2005 (HKLM-x32\...\TurboTax Deluxe 2005) (Version: - ) TurboTax Deluxe 2007 (HKLM-x32\...\TurboTax Deluxe 2007) (Version: - ) TurboTax Deluxe Deduction Maximizer 2006 (HKLM-x32\...\TurboTax Deluxe Deduction Maximizer 2006) (Version: - ) TurboTax ItsDeductible 2006 (HKLM-x32\...\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}) (Version: 10.00.0000 - Intuit) Twacker 64 (HKLM\...\{1220ED8B-4383-4AD8-8C8D-B39801DF58D3}) (Version: 2.0.1 - TWAIN Working Group) VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team) VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live OneCare safety scanner (HKLM-x32\...\Windows Live OneCare safety scanner) (Version: - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version: - ) Yahoo! Internet Mail (HKLM-x32\...\Yahoo! Mail) (Version: - ) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP) CustomCLSID: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP) CustomCLSID: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00145480-82F8-41DE-9C77-54306EE61ABE} - System32\Tasks\SpeedDiskSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe [2015-03-17] () Task: {0AD636A0-9C90-4384-906A-349CE863D196} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16 Task: {0F49EE9C-82AC-4750-8A30-A5FAB7442C04} - System32\Tasks\{2FFC9F47-8A84-47C8-946F-AD71D943D5EC} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation) Task: {15139ED9-268D-478B-988E-FC4F2D613DFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {1DC2812C-13DF-43D6-B9A7-773FB601E505} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {21B4C4CF-7E9A-4918-9478-9B06D65E9A64} - System32\Tasks\{2F2DD988-9046-4D6D-A6AF-367DB9F1B4B6} => C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\ttax.exe [2008-03-05] (Intuit, Inc.) Task: {2546A9C5-E8F4-43D3-9FAC-F0E9C1D3B02C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-11-23] (Symantec Corporation) Task: {287EEC02-1DED-4B6B-BA15-DBFF56C8E754} - System32\Tasks\{39CE76CA-A8D9-4BC9-8BBC-6BD235E4B3EF} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation) Task: {2EA72069-9960-49C4-8E8A-0F7E8947ABA6} - System32\Tasks\{72CA87D4-B7D0-4568-8D70-4FB453AA42BA} => pcalua.exe -a C:\Users\Administrator\AppData\Local\temp\Temp1_R244364_RoxioBurn_v1.01_120B16F.zip\setup.exe Task: {2F11347E-CDFD-4967-AB94-9CC7456ED365} - System32\Tasks\{0F1B7710-8B1D-4956-8B60-1FF64002665F} => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe [2015-03-17] (Symantec) Task: {2F6F4E97-72DC-4266-8006-19A1D865457C} - System32\Tasks\DISK CLEANUP => C:\Windows\System32\cleanmgr.exe [2009-07-13] (Microsoft Corporation) Task: {32AE6E00-7117-499B-9DDA-DAF3A82050EE} - System32\Tasks\{E44CB91F-1D82-4E8F-85B1-E42E2C911234} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation) Task: {34E8EF47-0965-4E7E-AC56-9493F796B981} - System32\Tasks\{E524A493-536C-4629-8323-9861D258CEFA} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{A2C173E1-FB29-4B31-8ED6-CBEE8025E00A}\setup.exe" -c -runfromtemp -l0x0409 Task: {3806A751-7493-4193-A4B8-B05FFAF16BDF} - System32\Tasks\{200D7197-5970-4169-A4F3-F345CC8452FB} => pcalua.exe -a C:\Users\NewDesktop_3_2010\Desktop\install_easyshare.exe -d C:\Users\NewDesktop_3_2010\Desktop Task: {391DE88E-ABED-44FB-806C-9857EBBD2043} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\WSCStub.exe [2015-11-23] (Symantec Corporation) Task: {3E0EE7E3-7FD4-43C0-8BA1-8822E3EB9C17} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {4032A799-6ED8-42CA-B6A6-BFD792409F4E} - System32\Tasks\{052C4A68-22BF-4B73-9BC4-5F9A88CB2208} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S3JPRFZF\20110310-003-i32[1].exe" -d C:\Users\NewDesktop_3_2010\Desktop Task: {44E9F06F-CE1F-4A35-8FF9-CE17EE1DFCE7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd) Task: {4A233A4F-69AE-4A9F-A514-5CA9499A8192} - System32\Tasks\NUAutoUpdate => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2015-03-17] (Symantec) Task: {59939E4C-4ED7-4842-9E97-7C96A4F9A7FF} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {5D5D921F-7BC2-4D8F-B928-428075DBCB5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {641448D5-EF99-40C2-B28C-9616FA865363} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation) Task: {6C7383E0-3D86-44DE-9701-5577A37E15B5} - System32\Tasks\NUSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe [2015-03-17] (Symantec) Task: {77C9B7B4-7E6C-4378-9FBB-818D7293373B} - System32\Tasks\Google Updater and Installer => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {7BE14C5D-CBAE-4BFF-B406-31E9D1D134F1} - System32\Tasks\{E96EC095-071A-4865-8584-154D5CA9663C} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZEBFJTN\PDFConverterSetup[1].exe" -d C:\Users\NewDesktop_3_2010\Desktop Task: {811A7948-DF59-423C-A413-7597730A68BF} - System32\Tasks\{5B812AEE-82E3-44F3-B113-A31078F9ADF7} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VJ95BZHL\etradePro[1].exe" -d C:\Users\NewDesktop_3_2010\Desktop Task: {867962EE-E055-4A07-92D4-289291D69FED} - System32\Tasks\{3EE07BC5-6785-43D6-8C29-988C7713618C} => C:\Users\NewDesktop_3_2010\Desktop\TFC.exe [2015-10-04] (OldTimer Tools) Task: {8D39C46A-0D4E-4FC3-BCFE-FFC04B4DB97F} - System32\Tasks\{4870BE4F-5098-405E-A2E6-4BA94B64623B} => C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\ttax.exe [2008-03-05] (Intuit, Inc.) Task: {934BDF26-6E27-4BD1-A08A-A17C8CB186A1} - System32\Tasks\{5471A40F-6C3A-4C60-9647-D2C6AF8F6D62} => pcalua.exe -a C:\Users\NEWDES~1\AppData\Local\Temp\jre-8u60-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 Task: {96A0F7C6-E7D4-4FBA-9E6A-DD565F1F112C} - System32\Tasks\{9C7F4169-49BC-4208-AC96-59EA3C25081F} => pcalua.exe -a C:\ProgramData\Kodak\EasyShareSetup\$SETUP_1e0001_1f8b2f\Setup.exe -c /APR-REMOVE Task: {9D0456E8-8F92-44EF-BE22-0C09B05C982B} - System32\Tasks\{8096403C-ECD0-4C43-9BB6-44373E694CAE} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation) Task: {AAE95569-8449-4921-B7F1-B6765939C851} - System32\Tasks\CHECK DISK => C:\Windows\System32\chkdsk.exe [2009-07-13] (Microsoft Corporation) Task: {ACF7FB82-2298-4377-AF18-AC3DEEA4002F} - System32\Tasks\{0F75C653-2955-4F67-9A71-54A93DE4AFD0} => pcalua.exe -a C:\lexmark\drivers\3400\Setup.exe -d C:\lexmark\drivers\3400 Task: {AF7EF77C-3273-4B57-9637-ED0C047F58E4} - System32\Tasks\{A3285852-6708-457A-8B6F-8ABF8468183D} => C:\Users\NewDesktop_3_2010\Desktop\TFC.exe [2015-10-04] (OldTimer Tools) Task: {B484C23B-0289-480A-9B06-EC31C82B050B} - System32\Tasks\{E8619932-F191-4511-8042-210B0625E57B} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation) Task: {B985710A-B0D4-4664-97B0-E916BD97E214} - System32\Tasks\{12A10945-3A63-456C-95FC-D7B2779E39B2} => pcalua.exe -a C:\Users\Administrator\AppData\Local\temp\Temp1_R220849.zip\Setup.exe Task: {B9E16D06-6528-4388-A08E-C5FDFC6061DC} - System32\Tasks\{86CE0476-35FA-4F34-8AEC-DF3B82128371} => C:\Users\NewDesktop_3_2010\Desktop\TFC.exe [2015-10-04] (OldTimer Tools) Task: {BA1FF7D9-A329-4098-B80C-F1B9A286BEBE} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.) Task: {C34208E0-C980-43E1-9798-53FC08DC4EBE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {CA810F46-882E-43B4-8862-68C81B5BF193} - System32\Tasks\{D5A3ED5D-AA7F-4185-A839-051111E9D5E9} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALLYR477\epson12958[1].exe" -d C:\Users\NewDesktop_3_2010\Desktop Task: {CBEB0860-B42A-487F-A00B-63B204D3DA32} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-05-07] () Task: {D8C739D3-6AC8-4D2D-912B-A2D53425EB69} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09] (Oracle Corporation) Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc Task: {ED1D1345-C86C-45ED-A0E5-284C05FF6FDC} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation) Task: {EF4862E3-615E-48EE-B09C-C8B3650C2076} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-24] (Adobe Systems Incorporated) Task: {F241DEB8-B334-4BF9-9F77-1ED6C6EEE8ED} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {F3BE70BA-488A-4ECA-924D-3375E9705395} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\EasyShare Registration Task.job => C:\Windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core.job => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA.job => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\NUAutoUpdate.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe Task: C:\Windows\Tasks\NUSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe Task: C:\Windows\Tasks\SpeedDiskSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-01-22 16:44 - 2006-11-27 03:55 - 00144896 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxcypp6c.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_39df8169-d4f3-4316-951e-4ae7bd26286d => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\intuit.com -> hxxps://ttlc.intuit.com IE trusted site: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\turbotax.com -> hxxps://turbotax.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2015-12-08 16:04 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: ACDaemon => 2 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: CouponPrinterService => 2 MSCONFIG\Services: Garmin Device Interaction Service => 2 MSCONFIG\Services: GoToAssist => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: IntuitUpdateService => 2 MSCONFIG\Services: IntuitUpdateServiceV4 => 2 MSCONFIG\Services: LMIRescue_39df8169-d4f3-4316-951e-4ae7bd26286d => 2 MSCONFIG\Services: lxcy_device => 2 MSCONFIG\Services: MemeoBackgroundService => 2 MSCONFIG\Services: NIS => 2 MSCONFIG\Services: SeagateDashboardService => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: SpeedDiskService => 3 MSCONFIG\Services: sprtsvc_DellSupportCenter => 2 MSCONFIG\Services: UMVPFSrv => 2 MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup MSCONFIG\startupreg: AirDroid 3 => MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\NewDesktop_3_2010\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" MSCONFIG\startupreg: ANIWZCS2Service => MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: Google Update => "C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: lxcymon.exe => MSCONFIG\startupreg: Memeo AutoSync => MSCONFIG\startupreg: Memeo Instant Backup => MSCONFIG\startupreg: Memeo Send => MSCONFIG\startupreg: NortonUtilities => C:\Program Files (x86)\Norton Utilities 14\RMTray.exe /S MSCONFIG\startupreg: Seagate Dashboard => MSCONFIG\startupreg: SSDMonitor => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{39BD6CA7-9CD1-48C1-95C2-10444ED618BF}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{3FB76DFF-EBB9-4BA5-88CA-A6199C0C675F}] => (Allow) svchost.exe FirewallRules: [{B522A32F-6301-45BF-8FBC-5461BC08CB91}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe FirewallRules: [{CAC72440-BBB5-4475-A247-770AC3632843}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe FirewallRules: [{42231713-5B92-49DB-902F-6DA081B9B605}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2006\32bit\ttax.exe FirewallRules: [{534517E8-E27B-4FC1-9500-18B94636FDD5}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2006\32bit\ttax.exe FirewallRules: [{ECBB1604-6636-4DF5-A822-A029228C9AC0}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2006\32bit\updatemgr.exe FirewallRules: [{E255D111-1439-4DD2-8FE0-57BCA86A2A08}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2006\32bit\updatemgr.exe FirewallRules: [{64BCD54E-B280-4429-8909-F2555F1B0AA9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{D9955E32-6C92-4D70-8CC6-C5C7278EF345}] => (Allow) LPort=2869 FirewallRules: [{2EC73EB3-D831-48E1-A91E-D84C9D2FA9D7}] => (Allow) LPort=1900 FirewallRules: [{99F55E0D-3635-4542-889F-6F6A4F8F3047}] => (Allow) C:\Windows\SysWOW64\lxcycoms.exe FirewallRules: [{DF71FD38-ACC0-4DF7-8ACF-A56D52B79DDA}] => (Allow) C:\Windows\SysWOW64\lxcycoms.exe FirewallRules: [{716F09CC-AB70-4AB4-8FE9-CD2F295A6954}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\ttax.exe FirewallRules: [{5CF9E526-F3BA-4A62-A694-E530BE1E4812}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\ttax.exe FirewallRules: [{14F8EC0D-4110-4AEB-BF0C-A5C8000291DB}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\updatemgr.exe FirewallRules: [{F703DADD-5004-4900-8C15-6FFEED46FB95}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\updatemgr.exe FirewallRules: [{B3B99210-BCB7-4332-B3F2-668AFDCDF8F5}] => (Allow) C:\Windows\System32\lxcycoms.exe FirewallRules: [{91813F2D-474C-49BF-BCD6-3266F1EAD0D0}] => (Allow) C:\Windows\System32\lxcycoms.exe FirewallRules: [{C05BD69A-007C-4ECF-91FC-BB487BF68A2C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{1A9763F0-098A-48FE-A8CF-0C0C53D82ADC}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{51189F90-43B2-4450-A804-9A6A04EE68FC}] => (Allow) LPort=135 FirewallRules: [{7F1D20C8-5F66-4EE0-8C92-16C981E1B69D}] => (Allow) LPort=5000 FirewallRules: [{ACA4F026-A28D-44CC-8DF4-FF0111238313}] => (Allow) LPort=5001 FirewallRules: [{5C94E9D1-9323-40C5-BFDB-135626390B9B}] => (Allow) LPort=5002 FirewallRules: [{B20C4E3A-DB0E-46AC-B1FE-E67B391B6000}] => (Allow) LPort=5003 FirewallRules: [{99D24B1D-1646-4C47-BB3D-0D60E7C8F5E4}] => (Allow) LPort=5004 FirewallRules: [{6E6A81C8-D294-4E5D-B64E-DC1879FF9393}] => (Allow) LPort=5005 FirewallRules: [{2F9F6FFF-333C-4C32-A9B2-339CC3603096}] => (Allow) LPort=5006 FirewallRules: [{AA724DE6-A804-4BE0-A2B3-574289B0C1A6}] => (Allow) LPort=5007 FirewallRules: [{EE3A7638-F2A4-4C6E-8799-81A3C4861571}] => (Allow) LPort=5008 FirewallRules: [{8DE1D6F9-8A84-4450-BB41-0BF07F5D6EF6}] => (Allow) LPort=5009 FirewallRules: [{33582DBA-10D9-4CAE-92B6-F109E39D9C3A}] => (Allow) LPort=5010 FirewallRules: [{25B8D8B0-7BA9-4DDF-8CE4-F0462DBB3695}] => (Allow) LPort=5011 FirewallRules: [{B034B884-53FE-4DFD-B658-BA1235362057}] => (Allow) LPort=5012 FirewallRules: [{D7B9B4D3-B6CC-4CB1-9265-D229D2907568}] => (Allow) LPort=5013 FirewallRules: [{A331D8FF-50F0-431A-823F-C757CB17BE88}] => (Allow) LPort=5014 FirewallRules: [{D630A0ED-AD2D-47B4-8352-358EFAA7031D}] => (Allow) LPort=5015 FirewallRules: [{61D8C58E-7372-4765-87FA-51DC63673637}] => (Allow) LPort=5016 FirewallRules: [{BDC1EE0B-115A-4695-959A-206BD35362F3}] => (Allow) LPort=5017 FirewallRules: [{31248A67-D96A-48F3-851E-B3DBABB5AAF9}] => (Allow) LPort=5018 FirewallRules: [{1F9EF8BF-FC9E-4139-94DA-1384E0B5A674}] => (Allow) LPort=5019 FirewallRules: [{EA8CD93D-07D7-441F-B0A2-C5F266FD51FC}] => (Allow) LPort=5020 FirewallRules: [{9F7B2D21-2AF5-4BEF-B954-EDE1C4960B44}] => (Allow) C:\Windows\System32\lxcycoms.exe FirewallRules: [{C96262D6-1A02-4018-8EB6-1CA98B1A0983}] => (Allow) C:\Windows\System32\lxcycoms.exe FirewallRules: [{E851DAD5-2E32-43A8-A79C-B3578489CCAF}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\novaclp7.exe FirewallRules: [{C98C6601-AD51-4B46-9E99-D19C8ABE9DE9}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\novaclp7.exe FirewallRules: [{8B0B5B9A-E3EC-4C80-9F58-377E1246D7C0}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\novaclp7.exe FirewallRules: [{32B68B37-E182-47A6-8A15-18C6DC75F9FD}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\novaclp7.exe FirewallRules: [{E5298305-3B14-4CD4-AD7E-0A93C06536C6}] => (Allow) C:\Windows\System32\lxcycoms.exe FirewallRules: [{FD500E61-5AC5-4240-ADD7-444567DE867F}] => (Allow) C:\Windows\System32\lxcycoms.exe FirewallRules: [{BF9BC9F7-B931-4C6E-8CB1-1BB831FD361F}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyjswx.exe FirewallRules: [{68A859B5-F375-4784-9B3A-41790D57C331}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyjswx.exe FirewallRules: [{1415A36C-C099-4AD0-B573-FA2A85DC5F56}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyjswx.exe FirewallRules: [{6081BD0C-563F-407A-8A36-11FBE741F4B5}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyjswx.exe FirewallRules: [{63AF996B-8FFB-4A55-A79D-F7F7C92F565C}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcypswx.exe FirewallRules: [{33D46599-2F64-4615-8BA3-5A17DB0526EA}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcypswx.exe FirewallRules: [{B3093C7B-BBF8-4095-9DBC-693FF75DF6F5}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcypswx.exe FirewallRules: [{8E91EF87-2154-4164-B78C-935AE53EF8A9}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcypswx.exe FirewallRules: [{3A1D3E53-EBD2-4DA5-8636-59929CE8EF1C}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyserv.exe FirewallRules: [{F6FBB5E3-5964-4F17-9DFB-EF36262A508A}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyserv.exe FirewallRules: [{3D1A1F23-6558-47EA-9600-A0C665B03AAA}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyserv.exe FirewallRules: [{334FD2A7-3449-40C3-9B5B-8E6D5F7E34A8}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyserv.exe FirewallRules: [{5F794FAD-852C-4C96-BE66-6B812903A2D3}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcytime.exe FirewallRules: [{86BC4F57-51F5-42D4-8186-7ADEED89A29E}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcytime.exe FirewallRules: [{CC918DB6-4B31-479F-9A8A-484243AA0EBB}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcytime.exe FirewallRules: [{D41DD74D-A95C-4152-9A80-ECCC1CA60280}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcytime.exe FirewallRules: [{3A1A02A4-DF4F-4C48-BAA5-91E0B966BF19}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyupld.exe FirewallRules: [{92B82EB1-F80F-4FF2-BD72-EE4780C3D972}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyupld.exe FirewallRules: [{66197A5B-E56D-44D3-AFFE-A5927A3865D8}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyupld.exe FirewallRules: [{60963516-DBB9-4EAD-83D4-ECD496EFEA43}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyupld.exe FirewallRules: [{9AFAA52C-DE23-4AA2-9B94-4E671668D6B0}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyview.exe FirewallRules: [{B42C4B44-87D3-4F1D-9FBA-CB08800623C9}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyview.exe FirewallRules: [{412186F6-5C17-4038-8D63-8AF4C3FCDA02}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyview.exe FirewallRules: [{1E734410-1944-4391-AAF0-253CC9D75951}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyview.exe FirewallRules: [{247CEFCA-B17B-442E-928C-763B6F93D6D1}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcywavs.exe FirewallRules: [{9DC6AC26-C054-4BE4-9E75-AB85F83FFA62}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcywavs.exe FirewallRules: [{33311D49-141F-4EB6-87AE-BB3DAA3D02D1}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcywavs.exe FirewallRules: [{6231E27D-A48F-4D56-A254-2B59816D04CD}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcywavs.exe FirewallRules: [{7B7F60D8-C9FE-4155-8E41-CCDF6BA92521}] => (Allow) C:\Windows\System32\lxcycoms.exe FirewallRules: [{A835ECE9-7656-4A8C-A4DF-2C89E0D99F2C}] => (Allow) C:\Windows\System32\lxcycoms.exe FirewallRules: [{5E69FBB8-97EA-481B-A3EA-0C336F815B2D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdater.exe FirewallRules: [{248FD0B7-5628-4952-A9D6-F089EB986C9E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe FirewallRules: [{A148050A-81FC-44FD-A370-93D09F22D1C3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe FirewallRules: [{4B6176DC-A4DF-4248-BD04-B53A3C8AD7E9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe FirewallRules: [{A463BD77-CBE2-4E8E-BE61-BF409D520279}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe FirewallRules: [{AF254E55-4E20-4672-B524-58C1806E1D75}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe FirewallRules: [{06FEF072-C562-4D48-A5DF-8463FBFD65AA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe FirewallRules: [{8C7BA47C-8A1C-4459-96F6-8313680385AA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{0C8A477A-2BF8-40AB-89AF-65717192011D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{CFB5F850-469D-4A6C-9A7D-F972E98030E1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{F9AB3CEE-B7C5-4AFB-8327-33D93793268E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{2AD7E69E-0BDA-4EDA-8415-5DF074B586E1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{A3E374B0-A406-4F10-8F64-10B342746169}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{E11B7611-15AD-4676-B54C-64000DBFDA1B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{196279D7-E7B4-490F-8112-00FF7DCE39F4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A71886A4-D743-4A8C-AC7C-0FC5852C278B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{6303DB55-C946-4BAF-824D-08D3F97B0219}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B3F41ED7-9304-42AA-89CF-E76CF303C4FE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D06F4855-81A4-4058-8ECD-B880A83FB6CD}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe ==================== Restore Points ========================= 20-12-2015 15:56:10 Scheduled Checkpoint 26-12-2015 00:00:35 Windows Backup 26-12-2015 10:42:38 Windows Backup 26-12-2015 11:28:39 Windows Backup 26-12-2015 12:59:18 Windows Backup ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/31/2015 07:02:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 43.0.3.5835, time stamp: 0x567b4c13 Faulting module name: mozglue.dll, version: 43.0.3.5835, time stamp: 0x567b3f6a Exception code: 0x80000003 Fault offset: 0x0000ed56 Faulting process id: 0x394 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (12/30/2015 07:02:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 43.0.3.5835, time stamp: 0x567b4c13 Faulting module name: mozglue.dll, version: 43.0.3.5835, time stamp: 0x567b3f6a Exception code: 0x80000003 Fault offset: 0x0000ed56 Faulting process id: 0x1258 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (12/30/2015 09:15:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295 Exception code: 0xc0000005 Fault offset: 0x00000000000200ea Faulting process id: 0x24c Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (12/30/2015 09:14:58 AM) (Source: Wininit) (EventID: 1015) (User: ) Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 255. The machine must now be restarted. Error: (12/30/2015 09:14:56 AM) (Source: Wininit) (EventID: 1015) (User: ) Description: A critical system process, C:\Windows\system32\lsm.exe, failed with status code 255. The machine must now be restarted. Error: (12/30/2015 09:14:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: lsass.exe, version: 6.1.7601.19045, time stamp: 0x56257f12 Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295 Exception code: 0xc0000005 Fault offset: 0x00000000000200ea Faulting process id: 0x248 Faulting application start time: 0xlsass.exe0 Faulting application path: lsass.exe1 Faulting module path: lsass.exe2 Report Id: lsass.exe3 Error: (12/30/2015 09:14:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: lsm.exe, version: 6.1.7601.17514, time stamp: 0x4ce7abf0 Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295 Exception code: 0xc0000005 Fault offset: 0x00000000000200ea Faulting process id: 0x250 Faulting application start time: 0xlsm.exe0 Faulting application path: lsm.exe1 Faulting module path: lsm.exe2 Report Id: lsm.exe3 Error: (12/29/2015 07:02:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 43.0.3.5835, time stamp: 0x567b4c13 Faulting module name: mozglue.dll, version: 43.0.3.5835, time stamp: 0x567b3f6a Exception code: 0x80000003 Fault offset: 0x0000ed56 Faulting process id: 0xffc Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (12/29/2015 08:34:14 AM) (Source: Wininit) (EventID: 1015) (User: ) Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 00000000. The machine must now be restarted. Error: (12/28/2015 07:04:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 43.0.2.5833, time stamp: 0x5678a0b1 Faulting module name: mozglue.dll, version: 43.0.2.5833, time stamp: 0x567893a6 Exception code: 0x80000003 Fault offset: 0x0000ed36 Faulting process id: 0xfec Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 System errors: ============= Error: (12/31/2015 07:26:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). Error: (12/31/2015 07:19:36 PM) (Source: BROWSER) (EventID: 8032) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{2BA5A92D-4DA7-43E0-AB6E-589E2E00600E}. The backup browser is stopping. Error: (12/31/2015 07:00:52 PM) (Source: bowser) (EventID: 8003) (User: ) Description: The master browser has received a server announcement from the computer USER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2BA5A92D-4DA7-43E0-AB6E-589E2E00600E}. The master browser is stopping or an election is being forced. Error: (12/30/2015 09:16:52 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 9:15:40 AM on ‎12/‎30/‎2015 was unexpected. Error: (12/30/2015 09:15:14 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%1722 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (12/30/2015 09:15:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (12/30/2015 09:14:58 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%1722 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (12/30/2015 09:14:58 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%1722 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (12/30/2015 09:14:58 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%1722 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (12/30/2015 09:14:58 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%1722 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). CodeIntegrity: =================================== Date: 2015-01-09 16:27:39.328 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-09 16:27:39.177 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-18 13:05:15.370 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-18 13:05:15.198 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-14 10:16:11.185 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-14 10:16:10.967 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Celeron® CPU 450 @ 2.20GHz Percentage of memory in use: 51% Total physical RAM: 4061.05 MB Available physical RAM: 1962.95 MB Total Virtual: 8120.32 MB Available Virtual: 6020.32 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:587.51 GB) (Free:501.86 GB) NTFS Drive e: (TOSHIBA) (Removable) (Total:7.21 GB) (Free:7.01 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 58000000) Partition 1: (Not Active) - (Size=55 MB) - (Type=DE) Partition 2: (Active) - (Size=8.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=587.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: E3FD5F1D) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 7.2 GB) (Disk ID: 41AA157C) Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B) ==================== End of Addition.txt ============================
  20. Hi...my PC started running very slow and I was getting strange pop ups telling me to UPDATE my Firefox browser. I followed the prompts and supposedly updated my browser. With continual slowness, I ran Malwarebytes and found that my PC was infected with maleware Trojan.Injector.VB and reading about it on a google search, I found that it could have been a FAKE firefox update that caused it. Can you help me to get rid of it on my pc ? Attached is a copy of the logs that were created after I ran malewarebytes two times. I also ran the Fabar Scan and the two logs that were generated, FRST.txt and Addition.txt are shown below, ONE AT A TIME AS THEY WERE TOO LONG, SO THE ADDITION.TXT log will be on a separate post. Please let me know what I need to do nex. thanks. Sue FRIDAY January 1, 2016 2:04 PM est Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015 Ran by NewDesktop_3_2010 (administrator) on NEWDESKTOP_3_10 (01-01-2016 13:52:43) Running from C:\Users\NewDesktop_3_2010\Downloads Loaded Profiles: NewDesktop_3_2010 (Available Profiles: NewDesktop_3_2010 & Administrator & DefaultAppPool) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\alg.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe (PC Tools) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe (Microsoft Corporation) C:\Windows\System32\Locator.exe (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\conathst.exe (Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64(1).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Memeo AutoSync] => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [139264 2013-07-11] (Memeo Inc.) HKLM-x32\...\Run: [Memeo Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-07-28] (Memeo Inc.) HKLM-x32\...\Run: [seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79776 2012-10-15] () Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Policies\Explorer: [NoInstrumentation] 1 ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation) Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk [2010-03-10] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{2BA5A92D-4DA7-43E0-AB6E-589E2E00600E}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/ SearchScopes: HKLM -> {4FA2740A-3248-40EF-91AD-C4115EBE0A3C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> {5B6DF038-D9DD-484B-B484-F20DAD050321} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-05] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-05] (Oracle Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-05] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-05] (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab DPF: HKLM-x32 {15B782AF-55D8-11D1-B477-006097098764} hxxps://lms.aa.com/sumtotal/nas/wbt/d/d1/cab/awswaxd.cab DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab DPF: HKLM-x32 {413D6754-BFD4-47FE-9346-319559290BFA} hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_v.cab DPF: HKLM-x32 {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} hxxp://www.psapoll.com/CopyGuardIE.cab DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab FireFox: ======== FF ProfilePath: C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\Firefox\Profiles\wwna455c.default FF DefaultSearchEngine: Google FF DefaultSearchEngine.US: Google FF Session Restore: -> is enabled. FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-24] () FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-05] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-05] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-24] () FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-05] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-05] (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @talk.google.com/O1DPlugin -> C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @tools.google.com/Google Update;version=3 -> C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @tools.google.com/Google Update;version=9 -> C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll [2012-07-24] (Amazon.com, Inc.) FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC) FF Plugin ProgramFiles/Appdata: C:\Users\NewDesktop_3_2010\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\NewDesktop_3_2010\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF SearchPlugin: C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\Firefox\Profiles\wwna455c.default\searchplugins\norton-safe-search.xml [2015-11-21] FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon [2015-12-18] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR NewTab: Default -> "chrome-extension://ejbdobdndcjhdmljipngpeoekdinlohe/homePageRedirect.html" CHR Profile: C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Ebates Cash Back) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2015-11-18] CHR Extension: (Norton Security Toolbar) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-10-10] CHR Extension: (Norton Home Page for Chrome) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2015-10-06] CHR Extension: (Norton Identity Safe) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-31] CHR Extension: (MyPoints Score) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcglgmippekbdbmniknikdgkmnnpdnmh [2015-11-14] CHR Extension: (Google Hangouts) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-12-23] CHR Extension: (Norton Safe) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-06-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-25] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-25] CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found> CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1150552 2015-03-17] (Symantec Corporation) S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [715784 2015-05-07] (Garmin Ltd. or its subsidiaries) S4 LMIRescue_39df8169-d4f3-4316-951e-4ae7bd26286d; C:\Users\NewDesktop_3_2010\AppData\Local\LogMeIn Rescue Applet\LMIR0008.tmp\LMI_Rescue_srv.exe [3088688 2015-06-14] (LogMeIn, Inc.) R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation) S4 lxcy_device; C:\Windows\system32\lxcycoms.exe [566192 2006-11-29] ( ) S4 lxcy_device; C:\Windows\SysWOW64\lxcycoms.exe [566192 2006-11-29] ( ) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe [282016 2015-11-20] (Symantec Corporation) R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [795736 2015-03-17] (PC Tools) S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1163864 2015-03-17] (Symantec Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\BASHDefs\20151218.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605050.00F\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\IPSDefs\20151231.001\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151231.038\ENG64.SYS [138488 2015-10-26] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151231.038\EX64.SYS [2148080 2015-10-26] (Symantec Corporation) S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.) R0 PxHlpa64; C:\Windows\SysWOW64\Drivers\PxHlpa64.sys [26720 2004-09-23] (Sonic Solutions) [File not signed] R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605050.00F\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-10-03] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605050.00F\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-01 13:51 - 2016-01-01 13:51 - 02370560 _____ (Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64(1).exe 2016-01-01 11:41 - 2016-01-01 11:41 - 00001124 _____ C:\Users\NewDesktop_3_2010\Documents\info on trojan.injector.vb maleware 2nd run detected 12 31 2015.txt 2016-01-01 09:59 - 2016-01-01 09:59 - 00001200 _____ C:\Users\NewDesktop_3_2010\Documents\info on trojan.injector.vb maleware detected 12 31 2015.txt 2015-12-29 18:27 - 2015-12-29 18:27 - 00004147 _____ C:\Users\NewDesktop_3_2010\Documents\IHG ACCELERATE PROGRAM COMPLETION PHONE CALL 12 29 2015.txt 2015-12-29 12:22 - 2015-12-29 12:22 - 00107286 _____ C:\Users\NewDesktop_3_2010\Documents\RRS notification regarding the Laundry cards 12-28-15-1.pdf 2015-12-29 08:33 - 2015-12-29 08:33 - 00001894 _____ C:\Windows\system32\cc_20151229_083308.reg 2015-12-28 14:12 - 2015-12-30 09:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-26 13:44 - 2015-12-26 13:44 - 00001299 _____ C:\Users\Public\Desktop\Seagate Dashboard.lnk 2015-12-26 13:44 - 2015-12-26 13:44 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Roaming\Seagate 2015-12-26 13:44 - 2015-12-26 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard 2015-12-26 13:43 - 2015-12-26 13:43 - 00000000 ____D C:\Program Files (x86)\Seagate 2015-12-26 12:37 - 2015-12-26 12:37 - 12563452 _____ C:\Users\NewDesktop_3_2010\Downloads\lifeagent.dmg 2015-12-26 12:36 - 2015-12-26 12:36 - 00001175 _____ C:\Users\Public\Desktop\Memeo Backup.lnk 2015-12-26 12:33 - 2015-12-26 12:37 - 11689416 _____ (Memeo) C:\Users\NewDesktop_3_2010\Downloads\autobackup(1).exe 2015-12-26 12:33 - 2015-12-26 12:34 - 11689416 _____ (Memeo) C:\Users\NewDesktop_3_2010\Downloads\autobackup.exe 2015-12-26 12:24 - 2015-12-26 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo 2015-12-26 12:24 - 2015-12-26 12:36 - 00000000 ____D C:\Program Files (x86)\Memeo 2015-12-26 12:22 - 2015-12-26 12:23 - 14272712 _____ C:\Users\NewDesktop_3_2010\Downloads\7977_me_as_ALL_IN_ONE_setup.exe 2015-12-26 12:02 - 2015-12-26 12:02 - 00004488 _____ C:\Windows\system32\cc_20151226_120200.reg 2015-12-23 17:09 - 2015-12-23 17:09 - 00018097 _____ C:\Users\NewDesktop_3_2010\Downloads\Ondek - Duplicate bill.zip 2015-12-22 13:27 - 2015-12-22 13:27 - 00000580 _____ C:\Users\NewDesktop_3_2010\Documents\usps mail stop 12 23 15 to 12 29 15 for trip to INDY.txt 2015-12-21 12:59 - 2015-12-21 12:59 - 00077495 _____ C:\Users\NewDesktop_3_2010\Documents\SCALZO ESQ 12 21 2015 ESTATE PLANNING CHECKLIST FORM.pdf 2015-12-21 11:55 - 2015-12-21 11:55 - 00184555 _____ C:\Users\NewDesktop_3_2010\Documents\SCALZO ESQ 12 21 2015 ESTATE PLANNING ENGAGEMENT LETTER.pdf 2015-12-21 11:17 - 2015-12-21 11:17 - 06805328 _____ (Piriform Ltd) C:\Users\NewDesktop_3_2010\Downloads\ccsetup513.exe 2015-12-20 11:15 - 2015-12-20 11:15 - 00002064 _____ C:\Windows\system32\cc_20151220_111458.reg 2015-12-10 04:09 - 2015-12-10 04:09 - 00070664 _____ C:\Users\NewDesktop_3_2010\Downloads\ondek (3).pdf 2015-12-10 04:09 - 2015-12-10 04:09 - 00070664 _____ C:\Users\NewDesktop_3_2010\Downloads\ondek (2).pdf 2015-12-10 04:09 - 2015-12-10 04:09 - 00070664 _____ C:\Users\NewDesktop_3_2010\Downloads\ondek (1).pdf 2015-12-10 04:06 - 2015-12-10 04:06 - 00070664 _____ C:\Users\NewDesktop_3_2010\Downloads\ondek.pdf 2015-12-10 04:05 - 2015-12-10 04:05 - 00000853 _____ C:\Users\NewDesktop_3_2010\Documents\scalzo trust lawyer 12 10 2015.txt 2015-12-10 00:23 - 2015-12-10 00:23 - 00033480 _____ C:\Users\NewDesktop_3_2010\Downloads\DGIITT_NO_0000000212277.pdf 2015-12-09 11:14 - 2015-12-09 11:14 - 00370436 _____ C:\Users\NewDesktop_3_2010\Documents\CT DEPT OF CONSUMER PROTECTION complaint_statement_real_estate_DECEMBER_9_2015.pdf 2015-12-09 08:30 - 2015-12-31 10:35 - 00030980 _____ C:\Users\NewDesktop_3_2010\Documents\SEO FIDELITY BROKERAGELINK BALANCES 2015_AS OF TUESDAY 12 8 2015.123 2015-12-09 08:18 - 2015-12-09 08:18 - 00000640 _____ C:\Users\NewDesktop_3_2010\Documents\AMERICAN SPD INFO 12 9 2015 FROM PATRICK HANCOCK - APFA RETIREMENT SPECIALIST.txt 2015-12-09 08:02 - 2015-12-09 08:02 - 01063202 _____ C:\Users\NewDesktop_3_2010\Documents\seo citi aadvantage 12 9 2015 Certificate.pdf 2015-12-09 03:33 - 2015-11-12 16:16 - 17892864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-12-09 03:33 - 2015-11-12 16:13 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-12-09 03:33 - 2015-11-12 16:09 - 10937856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-12-09 03:33 - 2015-11-12 16:08 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-12-09 03:33 - 2015-11-12 16:08 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-12-09 03:33 - 2015-11-12 16:07 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-12-09 03:33 - 2015-11-12 16:07 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-12-09 03:33 - 2015-11-12 16:06 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-12-09 03:33 - 2015-11-12 16:06 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-12-09 03:33 - 2015-11-12 16:06 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-12-09 03:33 - 2015-11-12 16:06 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-12-09 03:33 - 2015-11-12 16:06 - 00579072 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-12-09 03:33 - 2015-11-12 16:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-12-09 03:33 - 2015-11-12 16:06 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-12-09 03:33 - 2015-11-12 16:06 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-12-09 03:33 - 2015-11-12 16:06 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-12-09 03:33 - 2015-11-12 16:06 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-12-09 03:33 - 2015-11-12 16:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-12-09 03:33 - 2015-11-12 16:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-12-09 03:33 - 2015-11-12 16:06 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-12-09 03:33 - 2015-11-12 16:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-12-09 03:33 - 2015-11-12 16:06 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-12-09 03:33 - 2015-11-12 15:39 - 01814528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-12-09 03:33 - 2015-11-12 15:37 - 12389376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-12-09 03:33 - 2015-11-12 15:36 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-12-09 03:33 - 2015-11-12 15:34 - 09753088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-12-09 03:33 - 2015-11-12 15:34 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-12-09 03:33 - 2015-11-12 15:33 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-12-09 03:33 - 2015-11-12 15:32 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-12-09 03:33 - 2015-11-12 15:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-12-09 03:33 - 2015-11-12 15:32 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-12-09 03:33 - 2015-11-12 15:32 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-12-09 03:33 - 2015-11-12 15:32 - 00424448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-12-09 03:33 - 2015-11-12 15:32 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2015-12-09 03:33 - 2015-11-12 15:32 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-12-09 03:33 - 2015-11-12 15:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-12-09 03:33 - 2015-11-12 15:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2015-12-09 03:33 - 2015-11-12 15:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2015-12-09 03:33 - 2015-11-12 15:31 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-12-09 03:33 - 2015-11-12 15:31 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-12-09 03:33 - 2015-11-12 15:31 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-12-09 03:33 - 2015-11-12 15:31 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-12-09 03:33 - 2015-11-12 15:31 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-12-09 03:33 - 2015-11-12 15:31 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2015-12-09 03:33 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-12-09 03:33 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-12-09 03:33 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2015-12-09 03:33 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll 2015-12-09 03:33 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-12-09 03:33 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-12-09 03:33 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-12-09 03:33 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-12-09 03:33 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2015-12-09 03:33 - 2015-11-10 12:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-12-09 03:33 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll 2015-12-09 03:33 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll 2015-12-09 03:33 - 2015-11-05 14:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-12-09 03:33 - 2015-11-05 14:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-12-09 03:33 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-12-09 03:33 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2015-12-09 03:33 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2015-12-09 03:32 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll 2015-12-09 03:32 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll 2015-12-08 16:54 - 2015-12-08 16:54 - 00000453 _____ C:\Users\NewDesktop_3_2010\Documents\RICHARD R STOEPPLE RRS MANAGEMENT LLC INFORMATION 12 8 2015.txt 2015-12-08 16:52 - 2015-12-08 16:52 - 00020010 _____ C:\Users\NewDesktop_3_2010\Documents\blue window pop up 12 8 2015 appearing as a windows defender ERROR.txt 2015-12-08 16:04 - 2015-12-05 17:43 - 00000030 _____ C:\AVScanner.ini 2015-12-08 11:53 - 2015-12-08 11:53 - 00002585 _____ C:\Users\NewDesktop_3_2010\Documents\HP 6000 PRO SERIES PC - INFORMATION -NEW PURCHASED 12 8 2015 ON EBAY.txt 2015-12-07 08:05 - 2015-12-07 08:07 - 01190616 _____ (Adobe Systems Incorporated) C:\Users\NewDesktop_3_2010\Downloads\flashplayer19_a_install.exe 2015-12-07 08:04 - 2015-12-07 08:04 - 02144500 _____ C:\Users\NewDesktop_3_2010\Documents\HP 6000 PRO SERIES PC - INFORMATION 12 7 2015c04123261.pdf 2015-12-06 20:45 - 2015-12-21 01:17 - 04079616 _____ C:\Users\Administrator\s-1-5-21-4200233565-3368421019-1326646657-500.rrr 2015-12-05 17:49 - 2015-11-20 13:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-12-05 17:49 - 2015-11-20 13:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-12-05 17:49 - 2015-11-20 13:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-12-05 17:49 - 2015-11-20 13:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-12-05 17:49 - 2015-11-20 13:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-12-05 17:49 - 2015-11-20 13:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-12-05 17:49 - 2015-11-20 13:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-12-05 17:49 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-12-05 17:49 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-12-05 17:49 - 2015-11-20 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-12-05 17:49 - 2015-11-20 13:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-12-05 17:49 - 2015-11-20 13:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-12-05 17:49 - 2015-11-20 13:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-12-05 17:49 - 2015-11-20 13:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-12-05 17:49 - 2015-11-20 13:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-12-05 17:49 - 2015-11-20 13:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-12-05 17:49 - 2015-10-08 18:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll 2015-12-05 17:49 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL 2015-12-05 17:49 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll 2015-12-05 17:49 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL 2015-12-05 17:49 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL 2015-12-05 17:49 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll 2015-12-05 17:49 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL 2015-12-05 17:49 - 2015-10-08 18:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll 2015-12-05 17:49 - 2015-10-08 14:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls 2015-12-05 17:49 - 2015-10-08 13:52 - 00419928 _____ C:\Windows\system32\locale.nls 2015-12-05 10:47 - 2015-12-05 10:48 - 06801752 _____ (Piriform Ltd) C:\Users\NewDesktop_3_2010\Downloads\ccsetup512.exe 2015-12-02 19:14 - 2016-01-01 13:50 - 00000000 ____D C:\Windows\System32\Tasks\Remediation 2015-12-02 19:14 - 2015-12-02 19:14 - 00000000 ____D C:\Program Files\Common Files\AV ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-01 13:52 - 2015-11-15 15:25 - 00021231 _____ C:\Users\NewDesktop_3_2010\Downloads\FRST.txt 2016-01-01 13:52 - 2015-11-15 15:25 - 00000000 ____D C:\FRST 2016-01-01 13:49 - 2014-10-12 10:57 - 00000956 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA.job 2016-01-01 13:48 - 2013-05-02 13:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-01-01 13:16 - 2011-02-21 10:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-01 13:00 - 2015-10-16 11:51 - 00000354 _____ C:\Windows\Tasks\SpeedDiskSchedule.job 2016-01-01 10:46 - 2015-11-14 17:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-01-01 10:45 - 2009-07-13 23:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-01 10:45 - 2009-07-13 23:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-01 10:40 - 2015-10-16 11:20 - 00000312 _____ C:\Windows\Tasks\NUAutoUpdate.job 2016-01-01 10:40 - 2011-02-21 10:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-01 10:40 - 2010-03-15 21:23 - 00000000 ____D C:\ProgramData\TEMP 2016-01-01 10:39 - 2013-10-28 08:48 - 00000095 _____ C:\Users\NewDesktop_3_2010\.accessibility.properties 2016-01-01 10:39 - 2010-03-16 20:13 - 00000000 ____D C:\Users\NewDesktop_3_2010 2016-01-01 10:02 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-01 07:49 - 2014-10-12 10:57 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core.job 2015-12-31 19:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows 2015-12-31 19:25 - 2011-04-06 16:31 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\CrashDumps 2015-12-31 19:24 - 2015-10-16 11:20 - 00000304 _____ C:\Windows\Tasks\NUSchedule.job 2015-12-31 19:24 - 2015-01-25 17:44 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Roaming\Norton Utilities 16 2015-12-30 09:16 - 2015-11-21 14:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-27 16:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf 2015-12-26 12:24 - 2015-10-14 10:01 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Roaming\Memeo 2015-12-24 09:02 - 2014-07-11 15:26 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\Adobe 2015-12-24 09:02 - 2013-05-02 13:52 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-24 09:02 - 2013-05-02 13:52 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-24 09:02 - 2013-05-02 13:52 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-12-24 08:53 - 2010-04-13 15:38 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\ElevatedDiagnostics 2015-12-21 17:04 - 2010-04-24 08:40 - 00000424 _____ C:\Windows\Tasks\EasyShare Registration Task.job 2015-12-21 14:16 - 2009-07-13 21:34 - 94633984 _____ C:\Windows\system32\config\software.rmbak 2015-12-21 14:16 - 2009-07-13 21:34 - 00524288 _____ C:\Windows\system32\config\default.rmbak 2015-12-21 13:58 - 2014-08-12 10:57 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-12-21 08:33 - 2014-01-22 16:11 - 00000000 ____D C:\Users\Administrator 2015-12-18 19:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2015-12-18 03:14 - 2013-08-08 11:56 - 00000000 ____D C:\Windows\system32\MRT 2015-12-18 03:02 - 2010-04-15 06:11 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-12-18 03:01 - 2015-04-05 02:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-12-18 03:01 - 2015-04-05 02:00 - 00000000 ___SD C:\Windows\system32\GWX 2015-12-18 01:19 - 2012-11-05 10:18 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla 2015-12-18 00:27 - 2009-07-13 23:45 - 00340480 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-18 00:26 - 2015-06-17 22:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-12-18 00:26 - 2015-06-17 22:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-12-10 04:01 - 2015-06-17 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-05 18:14 - 2010-03-10 05:11 - 00000000 ____D C:\Program Files (x86)\Java 2015-12-05 18:11 - 2015-01-07 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-12-05 18:08 - 2015-09-03 16:28 - 00000000 ____D C:\Users\NewDesktop_3_2010\.oracle_jre_usage 2015-12-05 18:07 - 2015-06-18 14:20 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-12-05 18:07 - 2014-08-25 11:24 - 00000000 ____D C:\Program Files\Java 2015-12-04 07:44 - 2014-10-12 10:57 - 00003950 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA 2015-12-04 07:44 - 2014-10-12 10:57 - 00003554 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core 2015-12-03 22:11 - 2011-02-21 10:35 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-03 22:11 - 2011-02-21 10:35 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2010-03-17 17:43 - 2015-04-14 19:46 - 0001948 _____ () C:\Users\NewDesktop_3_2010\AppData\Roaming\wklnhst.dat 2013-12-13 07:35 - 2015-07-13 21:53 - 0007607 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\Resmon.ResmonCfg 2011-10-16 13:03 - 2011-10-16 13:03 - 0000000 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\{62C84699-B853-4384-BF6C-E456B46B3F4F} 2011-08-10 21:57 - 2011-08-10 21:57 - 0000000 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\{FDF947EE-4675-4262-A24B-4D2DE1711DBD} 2012-04-11 17:44 - 2012-04-13 08:54 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-12-30 20:19 ==================== End of FRST.txt ============================ info on trojan.injector.vb maleware detected 12 31 2015.txt info on trojan.injector.vb maleware 2nd run detected 12 31 2015.txt
  21. Hi...my PC started running very slow and I was getting strange pop ups telling me to UPDATE my Firefox browser. I followed the prompts and supposedly updated my browser. With continual slowness, I ran Malwarebytes and found that my PC was infected with maleware Trojan.Injector.VB and reading about it on a google search, I found that it could have been a FAKE firefox update that caused it. Can you help me to get rid of it on my pc ? Attached is a copy of the logs that were created after I ran malewarebytes two times. Let me know what I need to do nex. thanks. Sue Saturday January 1, 2016 11:57 am est info on trojan.injector.vb maleware detected 12 31 2015.txt info on trojan.injector.vb maleware 2nd run detected 12 31 2015.txt
  22. Kevin..here is the ADDITION.TXT that you also requested...thanks, Sue Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-11-2015Ran by NewDesktop_3_2010 (2015-11-21 10:20:41)Running from C:\Users\NewDesktop_3_2010\DownloadsWindows 7 Home Premium Service Pack 1 (X64) (2010-03-17 02:05:21)Boot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4200233565-3368421019-1326646657-500 - Administrator - Enabled) => C:\Users\AdministratorGuest (S-1-5-21-4200233565-3368421019-1326646657-501 - Limited - Disabled)NewDesktop_3_2010 (S-1-5-21-4200233565-3368421019-1326646657-1002 - Administrator - Enabled) => C:\Users\NewDesktop_3_2010 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)Amazon Cloud Player (HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Amazon Amazon Cloud Player) (Version: 2.1.0.381 - Amazon Services LLC)Amazon Cloud Player (HKU\S-1-5-21-4200233565-3368421019-1326646657-500\...\Amazon Amazon Cloud Player) (Version: 2.1.0.381 - Amazon Services LLC)Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)AnswerWorks 4.0 Runtime - English (HKLM-x32\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)AnswerWorks 5.0 English Runtime (HKLM-x32\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics)AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) HiddenArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft)ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft)ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft)ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft)ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft)ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)CardRd81 (x32 Version: 4.00.0000.0004 - EASTMAN KODAK Company) HiddenCCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) HiddenCompatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.4.0 - Conexant)CR2 (x32 Version: 4.00.0000.0003 - EASTMAN KODAK Company) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDell Driver Download Manager (HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)Dell Driver Download Manager (HKU\S-1-5-21-4200233565-3368421019-1326646657-500\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)Dell System Detect (HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\73f463568823ebbe) (Version: 6.6.0.1 - Dell)Dell System Detect (HKU\S-1-5-21-4200233565-3368421019-1326646657-500\...\73f463568823ebbe) (Version: 6.6.0.1 - Dell)Dell System Detect (HKU\S-1-5-21-4200233565-3368421019-1326646657-500\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)Elevated Installer (x32 Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) HiddenEPSON Printer Software (HKLM-x32\...\EPSON Printer and Utilities) (Version: - )ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) HiddenESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) HiddenESScore (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) HiddenESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) HiddenESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) HiddenESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) HiddenESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) HiddenESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hiddenessvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) HiddenGarmin Express (HKLM-x32\...\{cc3a3e9f-5960-4162-9538-497b3a82b52e}) (Version: 4.0.20.0 - Garmin Ltd or its subsidiaries)Garmin Express (x32 Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) HiddenGarmin Express Tray (x32 Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) HiddenGarmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.28.15 - Google Inc.) HiddenGoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)Graboid Video 3.58 (HKLM-x32\...\Graboid Video) (Version: 3.58 - Graboid Inc.)Graboid Video 3.58 Setup (HKLM-x32\...\{bcb1ff51-51a4-4048-b534-3a9b3aa4acce}) (Version: 3.5.8 - FUSENET)IBM ViaVoice Integration With 1-2-3 (HKLM-x32\...\IBM ViaVoice Integration With 123) (Version: - )IBM ViaVoice Outloud Runtime - US English (HKLM-x32\...\VV_Outloud_En_US) (Version: - )IBM ViaVoice Technology, Dictation Runtime 5.3 (HKLM-x32\...\DeleteProdRunDictate_US) (Version: - )Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )ItsDeductible Express (HKLM-x32\...\{36495C59-089C-49D1-BD15-9E5BD86DC9A1}) (Version: 1.00.0000 - Intuit)Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenKeyboard Lock Status (HKLM-x32\...\{144A1586-E16C-448D-910D-E12ACD65DD98}) (Version: 1.00.0000 - Logitech)Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)Lotus 1-2-3 (HKLM-x32\...\123Suite V99.0) (Version: - )Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)Media Go Video Playback Engine 2.12.105.06300 (HKLM-x32\...\{14BF28ED-011F-64B1-F830-A5D351E6ACDB}) (Version: 2.12.105.06300 - Sony)Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7494 - Memeo Inc.)Memeo Send (HKLM-x32\...\{81784157-3D4D-4bc1-B988-B24C32A26DA8}) (Version: 2.0.0.3178 - Memeo Inc.)Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Easy Assist v2 (HKLM-x32\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation)Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.4276.0) (Version: 4.0.4276.0 - Microsoft Corporation)Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{64C12304-7010-43F3-A25B-BDC38DE41E46}) (Version: 4.0.4276.0 - Microsoft Corporation)Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) HiddenNorton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.5.14 - Symantec Corporation)Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation)novaPDF Professional Desktop 7.5 printer (HKLM\...\novaPDF Professional Desktop 7 printer_is1) (Version: - Softland)OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hiddenoneworld Timetables (HKLM-x32\...\ONEWORLD) (Version: - )ParetoLogic Data Recovery (HKLM-x32\...\{B1C2398C-6FAB-46D1-806C-5942F0829994}) (Version: 1.1.0 - ParetoLogic)PDFZilla V1.2.9 (HKLM-x32\...\PDFZilla_is1) (Version: - PDFZilla, Inc.)PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)Power E*TRADE Pro (HKLM-x32\...\{7FFF37C7-94A1-4CC0-B9FE-907F7542999D}) (Version: - )PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.9.16 - Intuit)Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) HiddenSHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hiddenskin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) HiddenSKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) HiddenSkype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) HiddenTurboTax 2008 (HKLM-x32\...\TurboTax 2008) (Version: - )TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version: - Intuit, Inc)TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)TurboTax Deluxe 2004 (HKLM-x32\...\TurboTax Deluxe 2004) (Version: - )TurboTax Deluxe 2005 (HKLM-x32\...\TurboTax Deluxe 2005) (Version: - )TurboTax Deluxe 2007 (HKLM-x32\...\TurboTax Deluxe 2007) (Version: - )TurboTax Deluxe Deduction Maximizer 2006 (HKLM-x32\...\TurboTax Deluxe Deduction Maximizer 2006) (Version: - )TurboTax ItsDeductible 2006 (HKLM-x32\...\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}) (Version: 10.00.0000 - Intuit)Twacker 64 (HKLM\...\{1220ED8B-4383-4AD8-8C8D-B39801DF58D3}) (Version: 2.0.1 - TWAIN Working Group)VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) HiddenWaterfox 40.1.0 (x64 en-US) (HKLM\...\Waterfox 40.1.0 (x64 en-US)) (Version: 40.1.0 - Mozilla)Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live OneCare safety scanner (HKLM-x32\...\Windows Live OneCare safety scanner) (Version: - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) HiddenYahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version: - )Yahoo! Internet Mail (HKLM-x32\...\Yahoo! Mail) (Version: - )Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)CustomCLSID: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)CustomCLSID: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP) ==================== Restore Points ========================= ATTENTION: System Restore is disabled21-11-2015 00:00:43 Windows Backup ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2015-11-16 18:08 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00145480-82F8-41DE-9C77-54306EE61ABE} - System32\Tasks\SpeedDiskSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe [2015-03-17] ()Task: {0AD636A0-9C90-4384-906A-349CE863D196} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16Task: {0F49EE9C-82AC-4750-8A30-A5FAB7442C04} - System32\Tasks\{2FFC9F47-8A84-47C8-946F-AD71D943D5EC} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation)Task: {1DC2812C-13DF-43D6-B9A7-773FB601E505} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)Task: {21B4C4CF-7E9A-4918-9478-9B06D65E9A64} - System32\Tasks\{2F2DD988-9046-4D6D-A6AF-367DB9F1B4B6} => C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\ttax.exe [2008-03-05] (Intuit, Inc.)Task: {287EEC02-1DED-4B6B-BA15-DBFF56C8E754} - System32\Tasks\{39CE76CA-A8D9-4BC9-8BBC-6BD235E4B3EF} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation)Task: {2EA72069-9960-49C4-8E8A-0F7E8947ABA6} - System32\Tasks\{72CA87D4-B7D0-4568-8D70-4FB453AA42BA} => pcalua.exe -a C:\Users\Administrator\AppData\Local\temp\Temp1_R244364_RoxioBurn_v1.01_120B16F.zip\setup.exeTask: {2F11347E-CDFD-4967-AB94-9CC7456ED365} - System32\Tasks\{0F1B7710-8B1D-4956-8B60-1FF64002665F} => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe [2015-03-17] (Symantec)Task: {2F6F4E97-72DC-4266-8006-19A1D865457C} - System32\Tasks\DISK CLEANUP => C:\Windows\System32\cleanmgr.exe [2009-07-13] (Microsoft Corporation)Task: {32AE6E00-7117-499B-9DDA-DAF3A82050EE} - System32\Tasks\{E44CB91F-1D82-4E8F-85B1-E42E2C911234} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation)Task: {34E8EF47-0965-4E7E-AC56-9493F796B981} - System32\Tasks\{E524A493-536C-4629-8323-9861D258CEFA} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{A2C173E1-FB29-4B31-8ED6-CBEE8025E00A}\setup.exe" -c -runfromtemp -l0x0409Task: {3806A751-7493-4193-A4B8-B05FFAF16BDF} - System32\Tasks\{200D7197-5970-4169-A4F3-F345CC8452FB} => pcalua.exe -a C:\Users\NewDesktop_3_2010\Desktop\install_easyshare.exe -d C:\Users\NewDesktop_3_2010\DesktopTask: {3E0EE7E3-7FD4-43C0-8BA1-8822E3EB9C17} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)Task: {4032A799-6ED8-42CA-B6A6-BFD792409F4E} - System32\Tasks\{052C4A68-22BF-4B73-9BC4-5F9A88CB2208} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S3JPRFZF\20110310-003-i32[1].exe" -d C:\Users\NewDesktop_3_2010\DesktopTask: {44E9F06F-CE1F-4A35-8FF9-CE17EE1DFCE7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)Task: {4A233A4F-69AE-4A9F-A514-5CA9499A8192} - System32\Tasks\NUAutoUpdate => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2015-03-17] (Symantec)Task: {51B5B1C7-30C2-4227-9593-DDCF0459B71D} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\SymErr.exe [2015-11-05] (Symantec Corporation)Task: {59939E4C-4ED7-4842-9E97-7C96A4F9A7FF} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)Task: {5D5D921F-7BC2-4D8F-B928-428075DBCB5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)Task: {6C7383E0-3D86-44DE-9701-5577A37E15B5} - System32\Tasks\NUSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe [2015-03-17] (Symantec)Task: {720E5787-BE04-40FC-A233-FC9D39B853C3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\WSCStub.exe [2015-11-12] (Symantec Corporation)Task: {77C9B7B4-7E6C-4378-9FBB-818D7293373B} - System32\Tasks\Google Updater and Installer => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)Task: {784E77ED-4088-402B-BE12-45566A24F57D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\SymErr.exe [2015-11-05] (Symantec Corporation)Task: {7BE14C5D-CBAE-4BFF-B406-31E9D1D134F1} - System32\Tasks\{E96EC095-071A-4865-8584-154D5CA9663C} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZEBFJTN\PDFConverterSetup[1].exe" -d C:\Users\NewDesktop_3_2010\DesktopTask: {811A7948-DF59-423C-A413-7597730A68BF} - System32\Tasks\{5B812AEE-82E3-44F3-B113-A31078F9ADF7} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VJ95BZHL\etradePro[1].exe" -d C:\Users\NewDesktop_3_2010\DesktopTask: {867962EE-E055-4A07-92D4-289291D69FED} - System32\Tasks\{3EE07BC5-6785-43D6-8C29-988C7713618C} => C:\Users\NewDesktop_3_2010\Desktop\TFC.exe [2015-10-04] (OldTimer Tools)Task: {8D39C46A-0D4E-4FC3-BCFE-FFC04B4DB97F} - System32\Tasks\{4870BE4F-5098-405E-A2E6-4BA94B64623B} => C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\ttax.exe [2008-03-05] (Intuit, Inc.)Task: {934BDF26-6E27-4BD1-A08A-A17C8CB186A1} - System32\Tasks\{5471A40F-6C3A-4C60-9647-D2C6AF8F6D62} => pcalua.exe -a C:\Users\NEWDES~1\AppData\Local\Temp\jre-8u60-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1Task: {96A0F7C6-E7D4-4FBA-9E6A-DD565F1F112C} - System32\Tasks\{9C7F4169-49BC-4208-AC96-59EA3C25081F} => pcalua.exe -a C:\ProgramData\Kodak\EasyShareSetup\$SETUP_1e0001_1f8b2f\Setup.exe -c /APR-REMOVETask: {9D0456E8-8F92-44EF-BE22-0C09B05C982B} - System32\Tasks\{8096403C-ECD0-4C43-9BB6-44373E694CAE} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation)Task: {AAE95569-8449-4921-B7F1-B6765939C851} - System32\Tasks\CHECK DISK => C:\Windows\System32\chkdsk.exe [2009-07-13] (Microsoft Corporation)Task: {ACF7FB82-2298-4377-AF18-AC3DEEA4002F} - System32\Tasks\{0F75C653-2955-4F67-9A71-54A93DE4AFD0} => pcalua.exe -a C:\lexmark\drivers\3400\Setup.exe -d C:\lexmark\drivers\3400Task: {AF7EF77C-3273-4B57-9637-ED0C047F58E4} - System32\Tasks\{A3285852-6708-457A-8B6F-8ABF8468183D} => C:\Users\NewDesktop_3_2010\Desktop\TFC.exe [2015-10-04] (OldTimer Tools)Task: {B484C23B-0289-480A-9B06-EC31C82B050B} - System32\Tasks\{E8619932-F191-4511-8042-210B0625E57B} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation)Task: {B985710A-B0D4-4664-97B0-E916BD97E214} - System32\Tasks\{12A10945-3A63-456C-95FC-D7B2779E39B2} => pcalua.exe -a C:\Users\Administrator\AppData\Local\temp\Temp1_R220849.zip\Setup.exeTask: {B9E16D06-6528-4388-A08E-C5FDFC6061DC} - System32\Tasks\{86CE0476-35FA-4F34-8AEC-DF3B82128371} => C:\Users\NewDesktop_3_2010\Desktop\TFC.exe [2015-10-04] (OldTimer Tools)Task: {BA1FF7D9-A329-4098-B80C-F1B9A286BEBE} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.)Task: {C34208E0-C980-43E1-9798-53FC08DC4EBE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)Task: {CA810F46-882E-43B4-8862-68C81B5BF193} - System32\Tasks\{D5A3ED5D-AA7F-4185-A839-051111E9D5E9} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALLYR477\epson12958[1].exe" -d C:\Users\NewDesktop_3_2010\DesktopTask: {CBEB0860-B42A-487F-A00B-63B204D3DA32} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-05-07] ()Task: {D8C739D3-6AC8-4D2D-912B-A2D53425EB69} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-08-04] (Oracle Corporation)Task: {EF4862E3-615E-48EE-B09C-C8B3650C2076} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-22] (Adobe Systems Incorporated)Task: {F3BE70BA-488A-4ECA-924D-3375E9705395} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\EasyShare Registration Task.job => C:\Windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxtTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core.job => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA.job => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\NUAutoUpdate.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exeTask: C:\Windows\Tasks\NUSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exeTask: C:\Windows\Tasks\SpeedDiskSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe ==================== Loaded Modules (Whitelisted) ============== 2014-01-22 16:44 - 2006-11-27 03:55 - 00144896 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxcypp6c.dll2015-10-22 18:37 - 2015-10-22 18:37 - 24258248 _____ () C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_39df8169-d4f3-4316-951e-4ae7bd26286d => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\dell.com -> dell.comIE trusted site: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\intuit.com -> hxxps://ttlc.intuit.comIE trusted site: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\turbotax.com -> hxxps://turbotax.comIE trusted site: HKU\S-1-5-21-4200233565-3368421019-1326646657-500\...\dell.com -> dell.comIE trusted site: HKU\S-1-5-21-4200233565-3368421019-1326646657-500\...\intuit.com -> hxxps://ttlc.intuit.comIE trusted site: HKU\S-1-5-21-4200233565-3368421019-1326646657-500\...\turbotax.com -> hxxps://turbotax.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-4200233565-3368421019-1326646657-500\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.254HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: ACDaemon => 2MSCONFIG\Services: AdobeARMservice => 2MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3MSCONFIG\Services: CouponPrinterService => 2MSCONFIG\Services: Garmin Device Interaction Service => 2MSCONFIG\Services: GoToAssist => 3MSCONFIG\Services: gupdate => 2MSCONFIG\Services: gupdatem => 3MSCONFIG\Services: IntuitUpdateService => 2MSCONFIG\Services: IntuitUpdateServiceV4 => 2MSCONFIG\Services: LMIRescue_39df8169-d4f3-4316-951e-4ae7bd26286d => 2MSCONFIG\Services: lxcy_device => 2MSCONFIG\Services: MemeoBackgroundService => 2MSCONFIG\Services: NIS => 2MSCONFIG\Services: SeagateDashboardService => 2MSCONFIG\Services: SkypeUpdate => 2MSCONFIG\Services: SpeedDiskService => 3MSCONFIG\Services: sprtsvc_DellSupportCenter => 2MSCONFIG\Services: UMVPFSrv => 2MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.StartupMSCONFIG\startupreg: AirDroid 3 => MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\NewDesktop_3_2010\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"MSCONFIG\startupreg: ANIWZCS2Service => MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITORMSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"MSCONFIG\startupreg: Google Update => "C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe" /cMSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exeMSCONFIG\startupreg: lxcymon.exe => MSCONFIG\startupreg: Memeo AutoSync => MSCONFIG\startupreg: Memeo Instant Backup => MSCONFIG\startupreg: Memeo Send => C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silentMSCONFIG\startupreg: NortonUtilities => C:\Program Files (x86)\Norton Utilities 14\RMTray.exe /SMSCONFIG\startupreg: Seagate Dashboard => MSCONFIG\startupreg: SSDMonitor => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{39BD6CA7-9CD1-48C1-95C2-10444ED618BF}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exeFirewallRules: [{3FB76DFF-EBB9-4BA5-88CA-A6199C0C675F}] => (Allow) svchost.exeFirewallRules: [{B522A32F-6301-45BF-8FBC-5461BC08CB91}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exeFirewallRules: [{CAC72440-BBB5-4475-A247-770AC3632843}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exeFirewallRules: [{42231713-5B92-49DB-902F-6DA081B9B605}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2006\32bit\ttax.exeFirewallRules: [{534517E8-E27B-4FC1-9500-18B94636FDD5}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2006\32bit\ttax.exeFirewallRules: [{ECBB1604-6636-4DF5-A822-A029228C9AC0}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2006\32bit\updatemgr.exeFirewallRules: [{E255D111-1439-4DD2-8FE0-57BCA86A2A08}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2006\32bit\updatemgr.exeFirewallRules: [{64BCD54E-B280-4429-8909-F2555F1B0AA9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeFirewallRules: [{D9955E32-6C92-4D70-8CC6-C5C7278EF345}] => (Allow) LPort=2869FirewallRules: [{2EC73EB3-D831-48E1-A91E-D84C9D2FA9D7}] => (Allow) LPort=1900FirewallRules: [{99F55E0D-3635-4542-889F-6F6A4F8F3047}] => (Allow) C:\Windows\SysWOW64\lxcycoms.exeFirewallRules: [{DF71FD38-ACC0-4DF7-8ACF-A56D52B79DDA}] => (Allow) C:\Windows\SysWOW64\lxcycoms.exeFirewallRules: [{716F09CC-AB70-4AB4-8FE9-CD2F295A6954}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\ttax.exeFirewallRules: [{5CF9E526-F3BA-4A62-A694-E530BE1E4812}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\ttax.exeFirewallRules: [{14F8EC0D-4110-4AEB-BF0C-A5C8000291DB}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\updatemgr.exeFirewallRules: [{F703DADD-5004-4900-8C15-6FFEED46FB95}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\updatemgr.exeFirewallRules: [{B3B99210-BCB7-4332-B3F2-668AFDCDF8F5}] => (Allow) C:\Windows\System32\lxcycoms.exeFirewallRules: [{91813F2D-474C-49BF-BCD6-3266F1EAD0D0}] => (Allow) C:\Windows\System32\lxcycoms.exeFirewallRules: [{C05BD69A-007C-4ECF-91FC-BB487BF68A2C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exeFirewallRules: [{1A9763F0-098A-48FE-A8CF-0C0C53D82ADC}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exeFirewallRules: [{51189F90-43B2-4450-A804-9A6A04EE68FC}] => (Allow) LPort=135FirewallRules: [{7F1D20C8-5F66-4EE0-8C92-16C981E1B69D}] => (Allow) LPort=5000FirewallRules: [{ACA4F026-A28D-44CC-8DF4-FF0111238313}] => (Allow) LPort=5001FirewallRules: [{5C94E9D1-9323-40C5-BFDB-135626390B9B}] => (Allow) LPort=5002FirewallRules: [{B20C4E3A-DB0E-46AC-B1FE-E67B391B6000}] => (Allow) LPort=5003FirewallRules: [{99D24B1D-1646-4C47-BB3D-0D60E7C8F5E4}] => (Allow) LPort=5004FirewallRules: [{6E6A81C8-D294-4E5D-B64E-DC1879FF9393}] => (Allow) LPort=5005FirewallRules: [{2F9F6FFF-333C-4C32-A9B2-339CC3603096}] => (Allow) LPort=5006FirewallRules: [{AA724DE6-A804-4BE0-A2B3-574289B0C1A6}] => (Allow) LPort=5007FirewallRules: [{EE3A7638-F2A4-4C6E-8799-81A3C4861571}] => (Allow) LPort=5008FirewallRules: [{8DE1D6F9-8A84-4450-BB41-0BF07F5D6EF6}] => (Allow) LPort=5009FirewallRules: [{33582DBA-10D9-4CAE-92B6-F109E39D9C3A}] => (Allow) LPort=5010FirewallRules: [{25B8D8B0-7BA9-4DDF-8CE4-F0462DBB3695}] => (Allow) LPort=5011FirewallRules: [{B034B884-53FE-4DFD-B658-BA1235362057}] => (Allow) LPort=5012FirewallRules: [{D7B9B4D3-B6CC-4CB1-9265-D229D2907568}] => (Allow) LPort=5013FirewallRules: [{A331D8FF-50F0-431A-823F-C757CB17BE88}] => (Allow) LPort=5014FirewallRules: [{D630A0ED-AD2D-47B4-8352-358EFAA7031D}] => (Allow) LPort=5015FirewallRules: [{61D8C58E-7372-4765-87FA-51DC63673637}] => (Allow) LPort=5016FirewallRules: [{BDC1EE0B-115A-4695-959A-206BD35362F3}] => (Allow) LPort=5017FirewallRules: [{31248A67-D96A-48F3-851E-B3DBABB5AAF9}] => (Allow) LPort=5018FirewallRules: [{1F9EF8BF-FC9E-4139-94DA-1384E0B5A674}] => (Allow) LPort=5019FirewallRules: [{EA8CD93D-07D7-441F-B0A2-C5F266FD51FC}] => (Allow) LPort=5020FirewallRules: [{9F7B2D21-2AF5-4BEF-B954-EDE1C4960B44}] => (Allow) C:\Windows\System32\lxcycoms.exeFirewallRules: [{C96262D6-1A02-4018-8EB6-1CA98B1A0983}] => (Allow) C:\Windows\System32\lxcycoms.exeFirewallRules: [{E851DAD5-2E32-43A8-A79C-B3578489CCAF}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\novaclp7.exeFirewallRules: [{C98C6601-AD51-4B46-9E99-D19C8ABE9DE9}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\novaclp7.exeFirewallRules: [{8B0B5B9A-E3EC-4C80-9F58-377E1246D7C0}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\novaclp7.exeFirewallRules: [{32B68B37-E182-47A6-8A15-18C6DC75F9FD}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\novaclp7.exeFirewallRules: [{E5298305-3B14-4CD4-AD7E-0A93C06536C6}] => (Allow) C:\Windows\System32\lxcycoms.exeFirewallRules: [{FD500E61-5AC5-4240-ADD7-444567DE867F}] => (Allow) C:\Windows\System32\lxcycoms.exeFirewallRules: [{BF9BC9F7-B931-4C6E-8CB1-1BB831FD361F}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyjswx.exeFirewallRules: [{68A859B5-F375-4784-9B3A-41790D57C331}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyjswx.exeFirewallRules: [{1415A36C-C099-4AD0-B573-FA2A85DC5F56}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyjswx.exeFirewallRules: [{6081BD0C-563F-407A-8A36-11FBE741F4B5}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyjswx.exeFirewallRules: [{63AF996B-8FFB-4A55-A79D-F7F7C92F565C}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcypswx.exeFirewallRules: [{33D46599-2F64-4615-8BA3-5A17DB0526EA}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcypswx.exeFirewallRules: [{B3093C7B-BBF8-4095-9DBC-693FF75DF6F5}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcypswx.exeFirewallRules: [{8E91EF87-2154-4164-B78C-935AE53EF8A9}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcypswx.exeFirewallRules: [{3A1D3E53-EBD2-4DA5-8636-59929CE8EF1C}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyserv.exeFirewallRules: [{F6FBB5E3-5964-4F17-9DFB-EF36262A508A}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyserv.exeFirewallRules: [{3D1A1F23-6558-47EA-9600-A0C665B03AAA}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyserv.exeFirewallRules: [{334FD2A7-3449-40C3-9B5B-8E6D5F7E34A8}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyserv.exeFirewallRules: [{5F794FAD-852C-4C96-BE66-6B812903A2D3}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcytime.exeFirewallRules: [{86BC4F57-51F5-42D4-8186-7ADEED89A29E}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcytime.exeFirewallRules: [{CC918DB6-4B31-479F-9A8A-484243AA0EBB}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcytime.exeFirewallRules: [{D41DD74D-A95C-4152-9A80-ECCC1CA60280}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcytime.exeFirewallRules: [{3A1A02A4-DF4F-4C48-BAA5-91E0B966BF19}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyupld.exeFirewallRules: [{92B82EB1-F80F-4FF2-BD72-EE4780C3D972}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyupld.exeFirewallRules: [{66197A5B-E56D-44D3-AFFE-A5927A3865D8}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyupld.exeFirewallRules: [{60963516-DBB9-4EAD-83D4-ECD496EFEA43}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyupld.exeFirewallRules: [{9AFAA52C-DE23-4AA2-9B94-4E671668D6B0}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyview.exeFirewallRules: [{B42C4B44-87D3-4F1D-9FBA-CB08800623C9}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyview.exeFirewallRules: [{412186F6-5C17-4038-8D63-8AF4C3FCDA02}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyview.exeFirewallRules: [{1E734410-1944-4391-AAF0-253CC9D75951}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyview.exeFirewallRules: [{247CEFCA-B17B-442E-928C-763B6F93D6D1}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcywavs.exeFirewallRules: [{9DC6AC26-C054-4BE4-9E75-AB85F83FFA62}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcywavs.exeFirewallRules: [{33311D49-141F-4EB6-87AE-BB3DAA3D02D1}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcywavs.exeFirewallRules: [{6231E27D-A48F-4D56-A254-2B59816D04CD}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcywavs.exeFirewallRules: [{7B7F60D8-C9FE-4155-8E41-CCDF6BA92521}] => (Allow) C:\Windows\System32\lxcycoms.exeFirewallRules: [{A835ECE9-7656-4A8C-A4DF-2C89E0D99F2C}] => (Allow) C:\Windows\System32\lxcycoms.exeFirewallRules: [{5E69FBB8-97EA-481B-A3EA-0C336F815B2D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdater.exeFirewallRules: [{248FD0B7-5628-4952-A9D6-F089EB986C9E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exeFirewallRules: [{A148050A-81FC-44FD-A370-93D09F22D1C3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exeFirewallRules: [{4B6176DC-A4DF-4248-BD04-B53A3C8AD7E9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exeFirewallRules: [{A463BD77-CBE2-4E8E-BE61-BF409D520279}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exeFirewallRules: [{AF254E55-4E20-4672-B524-58C1806E1D75}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exeFirewallRules: [{06FEF072-C562-4D48-A5DF-8463FBFD65AA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exeFirewallRules: [{8C7BA47C-8A1C-4459-96F6-8313680385AA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeFirewallRules: [{0C8A477A-2BF8-40AB-89AF-65717192011D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeFirewallRules: [{CFB5F850-469D-4A6C-9A7D-F972E98030E1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeFirewallRules: [{F9AB3CEE-B7C5-4AFB-8327-33D93793268E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeFirewallRules: [{2AD7E69E-0BDA-4EDA-8415-5DF074B586E1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeFirewallRules: [{A3E374B0-A406-4F10-8F64-10B342746169}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [{E6C0585F-F7FA-48A2-B60E-9DB384092663}] => (Allow) C:\Program Files\Waterfox\waterfox.exeFirewallRules: [{68E1A6F6-8A4D-46A7-9004-A1D1E54BC006}] => (Allow) C:\Program Files\Waterfox\waterfox.exeFirewallRules: [{3CAEA1C7-9494-4FBA-87FE-46A1DE245B83}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (11/21/2015 09:39:00 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program NIS.exe version 13.0.2.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: c78 Start Time: 01d122d51694c0c0 Termination Time: 203 Application Path: C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\NIS.exe Report Id: 8f25c0da-905d-11e5-9f02-00256400cdd2 Error: (11/20/2015 04:01:24 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: plugin-container.exe, version: 40.1.0.5792, time stamp: 0x5642482bFaulting module name: mozglue.dll, version: 40.1.0.5792, time stamp: 0x56424567Exception code: 0x80000003Fault offset: 0x00000000000041a9Faulting process id: 0xfecFaulting application start time: 0xplugin-container.exe0Faulting application path: plugin-container.exe1Faulting module path: plugin-container.exe2Report Id: plugin-container.exe3 Error: (11/20/2015 04:01:24 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program waterfox.exe version 40.1.0.5792 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 32e8 Start Time: 01d123d26bcb98e3 Termination Time: 1155 Application Path: C:\Program Files\Waterfox\waterfox.exe Report Id: d1c3c8ce-8fc9-11e5-9f02-00256400cdd2 Error: (11/20/2015 03:31:21 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: plugin-container.exe, version: 40.1.0.5792, time stamp: 0x5642482bFaulting module name: mozglue.dll, version: 40.1.0.5792, time stamp: 0x56424567Exception code: 0x80000003Fault offset: 0x00000000000041a9Faulting process id: 0x1b94Faulting application start time: 0xplugin-container.exe0Faulting application path: plugin-container.exe1Faulting module path: plugin-container.exe2Report Id: plugin-container.exe3 Error: (11/20/2015 03:31:21 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program waterfox.exe version 40.1.0.5792 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 4a4 Start Time: 01d123ca12f83e9c Termination Time: 124 Application Path: C:\Program Files\Waterfox\waterfox.exe Report Id: a1cbae32-8fc5-11e5-9f02-00256400cdd2 Error: (11/20/2015 02:31:31 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: plugin-container.exe, version: 40.1.0.5792, time stamp: 0x5642482bFaulting module name: mozglue.dll, version: 40.1.0.5792, time stamp: 0x56424567Exception code: 0x80000003Fault offset: 0x00000000000041a9Faulting process id: 0x5778Faulting application start time: 0xplugin-container.exe0Faulting application path: plugin-container.exe1Faulting module path: plugin-container.exe2Report Id: plugin-container.exe3 Error: (11/20/2015 02:31:31 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program waterfox.exe version 40.1.0.5792 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 5698 Start Time: 01d123b99f7001f2 Termination Time: 7049 Application Path: C:\Program Files\Waterfox\waterfox.exe Report Id: 43eb1ac5-8fbd-11e5-9f02-00256400cdd2 Error: (11/20/2015 00:33:48 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: plugin-container.exe, version: 40.1.0.5792, time stamp: 0x5642482bFaulting module name: mozglue.dll, version: 40.1.0.5792, time stamp: 0x56424567Exception code: 0x80000003Fault offset: 0x00000000000041a9Faulting process id: 0x17c8Faulting application start time: 0xplugin-container.exe0Faulting application path: plugin-container.exe1Faulting module path: plugin-container.exe2Report Id: plugin-container.exe3 Error: (11/20/2015 00:33:48 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program waterfox.exe version 40.1.0.5792 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 380 Start Time: 01d123ad4dc8eb01 Termination Time: 764 Application Path: C:\Program Files\Waterfox\waterfox.exe Report Id: d6e46ef2-8fac-11e5-9f02-00256400cdd2 Error: (11/20/2015 11:03:24 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: plugin-container.exe, version: 40.1.0.5792, time stamp: 0x5642482bFaulting module name: mozglue.dll, version: 40.1.0.5792, time stamp: 0x56424567Exception code: 0x80000003Fault offset: 0x00000000000041a9Faulting process id: 0x5370Faulting application start time: 0xplugin-container.exe0Faulting application path: plugin-container.exe1Faulting module path: plugin-container.exe2Report Id: plugin-container.exe3 System errors:=============Error: (11/21/2015 02:13:44 AM) (Source: Disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk2\DR2, has a bad block. Error: (11/21/2015 02:13:43 AM) (Source: Disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk2\DR2, has a bad block. Error: (11/21/2015 02:13:17 AM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (11/21/2015 02:13:16 AM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (11/21/2015 02:13:16 AM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (11/21/2015 02:13:15 AM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (11/21/2015 02:13:15 AM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (11/21/2015 00:42:34 AM) (Source: Disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk2\DR2, has a bad block. Error: (11/21/2015 00:42:33 AM) (Source: Disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk2\DR2, has a bad block. Error: (11/20/2015 07:26:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity:=================================== Date: 2015-01-09 16:27:39.328 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-09 16:27:39.177 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-18 13:05:15.370 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-18 13:05:15.198 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-14 10:16:11.185 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-14 10:16:10.967 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Celeron® CPU 450 @ 2.20GHzPercentage of memory in use: 58%Total physical RAM: 4061.05 MBAvailable physical RAM: 1703.07 MBTotal Virtual: 8120.32 MBAvailable Virtual: 5482.31 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:587.51 GB) (Free:507.26 GB) NTFSDrive e: (TOSHIBA) (Removable) (Total:7.21 GB) (Free:7.03 GB) FAT32Drive j: () (Fixed) (Total:931.51 GB) (Free:778.77 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 58000000)Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)Partition 2: (Active) - (Size=8.6 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=587.5 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 7.2 GB) (Disk ID: 41AA157C)Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B) ========================================================Disk: 2 (Size: 931.5 GB) (Disk ID: E3FD5F1D)Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  23. Hi Kevin: here is the results of the scan for your review. I had BEEN TOLD that "waterfox" was better for 64 bit pc's - and that is why I even am making use of it. It tends to "crash" several times a day, for no apparent reason, and it has nothing to do with whatever application I am using. It then RESTORES itself with all the windows that were open BEFORE the crash, but it has surely been a pain for me. So you would suggest I TOTALLY UNINSTALL waterfox, and then install plain old FIREFOX ? Does Firefox have a specific download for 64 bit pc's or is it the same for both 32 and 64 bit ? Let me know what you next decide and confirm what you want me to do to get rid of waterfox and start using firfefox. thanks, Sue Sat. 11 21 2015 at 11:59 am est Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-11-2015Ran by NewDesktop_3_2010 (administrator) on NEWDESKTOP_3_10 (21-11-2015 10:18:21)Running from C:\Users\NewDesktop_3_2010\DownloadsLoaded Profiles: NewDesktop_3_2010 & Administrator (Available Profiles: NewDesktop_3_2010 & Administrator & DefaultAppPool)Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 9 (Default browser: "C:\Program Files\Waterfox\waterfox.exe" -osint -url "%1")Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\alg.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(PC Tools) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe(Microsoft Corporation) C:\Windows\System32\Locator.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\nis.exe(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\nis.exe(Waterfox) C:\Program Files\Waterfox\waterfox.exe(Mozilla Corporation) C:\Program Files\Waterfox\plugin-container.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-07-26] (Memeo Inc.)HKLM-x32\...\Run: [sSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106072 2015-03-17] (Symantec Corporation)Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)HKU\S-1-5-21-4200233565-3368421019-1326646657-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.14\buShell.dll [2015-11-05] (Symantec Corporation)ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.14\buShell.dll [2015-11-05] (Symantec Corporation)ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.14\buShell.dll [2015-11-05] (Symantec Corporation)Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk [2010-03-10]ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{2BA5A92D-4DA7-43E0-AB6E-589E2E00600E}: [DhcpNameServer] 192.168.1.254 Internet Explorer:==================HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/SearchScopes: HKLM -> {4FA2740A-3248-40EF-91AD-C4115EBE0A3C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {5B6DF038-D9DD-484B-B484-F20DAD050321} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxBHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.14\coIEPlg.dll [2015-11-05] (Symantec Corporation)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-03] (Oracle Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-03] (Oracle Corporation)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\coIEPlg.dll [2015-11-05] (Symantec Corporation)BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-03] (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-03] (Oracle Corporation)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.14\coIEPlg.dll [2015-11-05] (Symantec Corporation)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\coIEPlg.dll [2015-11-05] (Symantec Corporation)Toolbar: HKU\S-1-5-21-4200233565-3368421019-1326646657-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-4200233565-3368421019-1326646657-500 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.14\coIEPlg.dll [2015-11-05] (Symantec Corporation)DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cabDPF: HKLM-x32 {15B782AF-55D8-11D1-B477-006097098764} hxxps://lms.aa.com/sumtotal/nas/wbt/d/d1/cab/awswaxd.cabDPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: HKLM-x32 {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabDPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} hxxp://i.dell.com/images/global/js/scanner/SysProExe.cabDPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cabDPF: HKLM-x32 {413D6754-BFD4-47FE-9346-319559290BFA} hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_v.cabDPF: HKLM-x32 {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} hxxp://www.psapoll.com/CopyGuardIE.cabDPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CABDPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cabDPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CABDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab FireFox:========FF ProfilePath: C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\Firefox\Profiles\wwna455c.defaultFF DefaultSearchEngine: GoogleFF DefaultSearchEngine.US: GoogleFF Session Restore: -> is enabled.FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-22] ()FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-03] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-03] (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-22] ()FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-03] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-03] (Oracle Corporation)FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-22] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-22] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-23] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @talk.google.com/O1DPlugin -> C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @tools.google.com/Google Update;version=3 -> C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-22] (Google Inc.)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @tools.google.com/Google Update;version=9 -> C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-22] (Google Inc.)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll [2012-07-24] (Amazon.com, Inc.)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC)FF Plugin ProgramFiles/Appdata: C:\Users\NewDesktop_3_2010\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)FF Plugin ProgramFiles/Appdata: C:\Users\NewDesktop_3_2010\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddonFF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon [2015-11-19] [not signed]FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddonFF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon [2015-11-19] [not signed] Chrome: =======CHR HomePage: Default -> hxxp://www.google.com/CHR NewTab: Default -> "chrome-extension://ejbdobdndcjhdmljipngpeoekdinlohe/homePageRedirect.html" CHR Profile: C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Ebates Cash Back) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2015-11-18]CHR Extension: (Norton Security Toolbar) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-10-10]CHR Extension: (Norton Home Page for Chrome) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2015-10-06]CHR Extension: (Norton Identity Safe) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-31]CHR Extension: (MyPoints Score) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcglgmippekbdbmniknikdgkmnnpdnmh [2015-11-14]CHR Extension: (Google Hangouts) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-11-14]CHR Extension: (Norton Safe) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-06-18]CHR Extension: (Chrome Web Store Payments) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05]CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\Exts\Chrome.crx [2015-11-19]CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\Exts\Chrome.crx [2015-11-19]CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1150552 2015-03-17] (Symantec Corporation)S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [715784 2015-05-07] (Garmin Ltd. or its subsidiaries)S4 LMIRescue_39df8169-d4f3-4316-951e-4ae7bd26286d; C:\Users\NewDesktop_3_2010\AppData\Local\LogMeIn Rescue Applet\LMIR0008.tmp\LMI_Rescue_srv.exe [3088688 2015-06-14] (LogMeIn, Inc.)R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)S4 lxcy_device; C:\Windows\system32\lxcycoms.exe [566192 2006-11-29] ( )S4 lxcy_device; C:\Windows\SysWOW64\lxcycoms.exe [566192 2006-11-29] ( )S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\NIS.exe [282016 2015-11-12] (Symantec Corporation)R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [795736 2015-03-17] (PC Tools)S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1163864 2015-03-17] (Symantec Corporation)R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)R2 W3SVC; C:\Windows\SysWOW64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\BASHDefs\20151113.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605050.00E\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\IPSDefs\20151120.001\IDSvia64.sys [767224 2015-10-19] (Symantec Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151120.067\ENG64.SYS [138488 2015-10-26] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151120.067\EX64.SYS [2148080 2015-10-26] (Symantec Corporation)S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.)R0 PxHlpa64; C:\Windows\SysWOW64\Drivers\PxHlpa64.sys [26720 2004-09-23] (Sonic Solutions) [File not signed]R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605050.00E\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605050.00E\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605050.00E\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-10-03] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605050.00E\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605050.00E\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-21 10:08 - 2015-11-21 10:08 - 00002220 _____ C:\Users\NewDesktop_3_2010\Documents\NUTRI NUJA PRO BLENDER FROM WALMART SATURDAY 11 21 2015 RECEIPT.txt2015-11-21 09:31 - 2015-11-21 09:31 - 00001083 _____ C:\Users\NewDesktop_3_2010\Documents\JESSICA JEFFRIES saturday 11 21 2015 secure message FIDELITY BROKERAGELINK.txt2015-11-20 16:49 - 2015-11-21 08:21 - 00002806 _____ C:\Users\NewDesktop_3_2010\Desktop\JESSICA JEFFREIES ATTACHMENT 11 20 2015.txt2015-11-19 09:19 - 2015-11-19 09:19 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security2015-11-19 09:17 - 2015-11-19 09:17 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration2015-11-16 20:55 - 2015-11-16 20:55 - 02993285 _____ C:\Users\NewDesktop_3_2010\Desktop\cureit.log2015-11-16 19:02 - 2015-11-16 19:02 - 00000000 ____D C:\Users\NewDesktop_3_2010\Doctor Web2015-11-16 18:58 - 2015-11-16 19:01 - 176997408 _____ C:\Users\NewDesktop_3_2010\Downloads\vz5zgh9i.exe2015-11-16 18:44 - 2015-11-16 18:44 - 00000574 _____ C:\Users\NewDesktop_3_2010\Desktop\JRT.txt2015-11-16 18:38 - 2015-11-16 18:38 - 01599080 _____ (Malwarebytes) C:\Users\NewDesktop_3_2010\Downloads\JRT(1).exe2015-11-16 18:33 - 2015-11-16 18:33 - 01599080 _____ (Malwarebytes) C:\Users\NewDesktop_3_2010\Downloads\JRT.exe2015-11-16 18:20 - 2015-11-16 18:23 - 00000000 ____D C:\AdwCleaner2015-11-16 18:18 - 2015-11-16 18:19 - 01732096 _____ C:\Users\NewDesktop_3_2010\Downloads\AdwCleaner.exe2015-11-16 18:08 - 2015-11-21 10:17 - 00000000 ____D C:\Users\NewDesktop_3_2010\Downloads\FRST-OlderVersion2015-11-16 17:18 - 2015-11-16 17:18 - 00057782 _____ C:\Users\NewDesktop_3_2010\Desktop\FRST.txt2015-11-16 17:18 - 2015-11-16 17:18 - 00001227 _____ C:\Users\NewDesktop_3_2010\Desktop\Fixlist.txt2015-11-16 16:30 - 2015-11-16 16:30 - 00003104 _____ C:\Users\NewDesktop_3_2010\Documents\FIDELITY BROKERAGELINK 3 MESSAGES TO JESSICA JEFFRIES COVINGTON_KY 11 16 2015.txt2015-11-15 15:31 - 2015-11-15 15:31 - 00251260 _____ C:\Users\NewDesktop_3_2010\Downloads\Shortcut.txt2015-11-15 15:28 - 2015-11-15 15:31 - 00056224 _____ C:\Users\NewDesktop_3_2010\Downloads\Addition.txt2015-11-15 15:25 - 2015-11-21 10:19 - 00021853 _____ C:\Users\NewDesktop_3_2010\Downloads\FRST.txt2015-11-15 15:25 - 2015-11-21 10:18 - 00000000 ____D C:\FRST2015-11-15 15:23 - 2015-11-21 10:17 - 02345984 _____ (Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64.exe2015-11-14 19:50 - 2015-11-14 19:50 - 00002198 _____ C:\Users\NewDesktop_3_2010\Documents\malwarebytes scan results 11 14 2015 of five PUPs.txt2015-11-14 17:39 - 2015-11-18 09:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-11-14 17:38 - 2015-11-14 17:38 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-11-14 17:38 - 2015-11-14 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-11-14 17:38 - 2015-11-14 17:38 - 00000000 ____D C:\ProgramData\Malwarebytes2015-11-14 17:38 - 2015-11-14 17:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-11-14 17:38 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys2015-11-14 17:38 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-11-14 17:38 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys2015-11-14 17:37 - 2015-11-14 17:37 - 22908888 _____ (Malwarebytes ) C:\Users\NewDesktop_3_2010\Downloads\mbam-setup-2.2.0.1024.exe2015-11-14 11:01 - 2015-11-14 11:26 - 00000850 _____ C:\Users\NewDesktop_3_2010\Documents\bcbstx ejo john hopkins at 11 14 2015.txt2015-11-14 10:54 - 2015-11-14 10:54 - 00000779 _____ C:\Users\NewDesktop_3_2010\Downloads\Claim Detail 11142015 (4).xls2015-11-14 10:51 - 2015-11-14 10:51 - 00000284 _____ C:\Users\NewDesktop_3_2010\Downloads\Claim Detail 11142015 (3).xls2015-11-14 10:49 - 2015-11-14 10:49 - 00000276 _____ C:\Users\NewDesktop_3_2010\Downloads\Claim Detail 11142015 (2).xls2015-11-14 10:48 - 2015-11-14 10:48 - 00000276 _____ C:\Users\NewDesktop_3_2010\Downloads\Claim Detail 11142015 (1).xls2015-11-14 10:47 - 2015-11-14 10:47 - 00000276 _____ C:\Users\NewDesktop_3_2010\Downloads\Claim Detail 11142015.xls2015-11-13 22:05 - 2015-11-13 22:05 - 00001754 _____ C:\Windows\system32\cc_20151113_220517.reg2015-11-12 14:29 - 2015-11-03 12:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-11-10 23:36 - 2015-10-20 13:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2015-11-10 23:36 - 2015-10-20 13:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2015-11-10 23:36 - 2015-10-20 13:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2015-11-10 23:36 - 2015-10-20 13:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2015-11-10 23:36 - 2015-10-20 13:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2015-11-10 23:36 - 2015-10-20 13:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2015-11-10 23:36 - 2015-10-20 13:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2015-11-10 23:36 - 2015-10-20 13:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2015-11-10 23:36 - 2015-10-20 13:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll2015-11-10 23:36 - 2015-10-20 13:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2015-11-10 23:36 - 2015-10-20 13:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll2015-11-10 23:36 - 2015-10-20 12:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2015-11-10 23:36 - 2015-10-20 12:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2015-11-10 23:36 - 2015-10-20 12:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2015-11-10 23:36 - 2015-10-20 12:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2015-11-10 23:36 - 2015-10-20 12:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2015-11-10 23:34 - 2015-10-31 13:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2015-11-10 23:34 - 2015-10-19 20:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-11-10 23:34 - 2015-10-19 20:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2015-11-10 23:34 - 2015-10-19 20:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2015-11-10 23:34 - 2015-10-19 20:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2015-11-10 23:34 - 2015-10-19 20:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2015-11-10 23:34 - 2015-10-19 20:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2015-11-10 23:34 - 2015-10-19 20:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll2015-11-10 23:34 - 2015-10-19 20:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2015-11-10 23:34 - 2015-10-19 20:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2015-11-10 23:34 - 2015-10-19 20:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2015-11-10 23:34 - 2015-10-19 20:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2015-11-10 23:34 - 2015-10-19 20:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-11-10 23:34 - 2015-10-19 20:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2015-11-10 23:34 - 2015-10-19 20:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2015-11-10 23:34 - 2015-10-19 20:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2015-11-10 23:34 - 2015-10-19 20:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2015-11-10 23:34 - 2015-10-19 20:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2015-11-10 23:34 - 2015-10-19 20:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2015-11-10 23:34 - 2015-10-19 20:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2015-11-10 23:34 - 2015-10-19 20:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2015-11-10 23:34 - 2015-10-19 20:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe2015-11-10 23:34 - 2015-10-19 20:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2015-11-10 23:34 - 2015-10-19 20:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2015-11-10 23:34 - 2015-10-19 20:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll2015-11-10 23:34 - 2015-10-19 20:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll2015-11-10 23:34 - 2015-10-19 20:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2015-11-10 23:34 - 2015-10-19 20:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2015-11-10 23:34 - 2015-10-19 20:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2015-11-10 23:34 - 2015-10-19 20:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2015-11-10 23:34 - 2015-10-19 20:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe2015-11-10 23:34 - 2015-10-19 20:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe2015-11-10 23:34 - 2015-10-19 20:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2015-11-10 23:34 - 2015-10-19 20:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll2015-11-10 23:34 - 2015-10-19 19:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2015-11-10 23:34 - 2015-10-19 19:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2015-11-10 23:34 - 2015-10-19 19:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2015-11-10 23:34 - 2015-10-19 19:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-11-10 23:34 - 2015-10-19 19:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2015-11-10 23:34 - 2015-10-19 19:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2015-11-10 23:34 - 2015-10-19 19:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2015-11-10 23:34 - 2015-10-19 19:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2015-11-10 23:34 - 2015-10-19 19:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2015-11-10 23:34 - 2015-10-19 19:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2015-11-10 23:34 - 2015-10-19 19:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll2015-11-10 23:34 - 2015-10-19 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2015-11-10 23:34 - 2015-10-19 19:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2015-11-10 23:34 - 2015-10-19 19:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2015-11-10 23:34 - 2015-10-19 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2015-11-10 23:34 - 2015-10-19 19:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2015-11-10 23:34 - 2015-10-19 19:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2015-11-10 23:34 - 2015-10-19 19:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2015-11-10 23:34 - 2015-10-19 19:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2015-11-10 23:34 - 2015-10-19 19:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe2015-11-10 23:34 - 2015-10-19 19:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2015-11-10 23:34 - 2015-10-19 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2015-11-10 23:34 - 2015-10-19 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 18:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys2015-11-10 23:34 - 2015-10-19 18:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys2015-11-10 23:34 - 2015-10-19 18:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys2015-11-10 23:34 - 2015-10-19 18:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2015-11-10 23:34 - 2015-10-19 18:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2015-11-10 23:34 - 2015-10-19 18:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 18:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 18:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2015-11-10 23:34 - 2015-10-19 18:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2015-11-10 23:34 - 2015-10-13 11:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2015-11-10 23:34 - 2015-10-13 11:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys2015-11-10 23:34 - 2015-09-23 08:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys2015-11-10 23:34 - 2015-09-23 08:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll2015-11-10 23:34 - 2015-09-23 08:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll2015-11-10 23:33 - 2015-10-31 14:48 - 17079296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-11-10 23:33 - 2015-10-31 14:45 - 10886144 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-11-10 23:33 - 2015-10-31 14:45 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2015-11-10 23:33 - 2015-10-31 14:44 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-11-10 23:33 - 2015-10-31 14:44 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-11-10 23:33 - 2015-10-31 14:44 - 01299968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-11-10 23:33 - 2015-10-31 14:44 - 01295872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-11-10 23:33 - 2015-10-31 14:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2015-11-10 23:33 - 2015-10-31 14:43 - 02129408 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-11-10 23:33 - 2015-10-31 14:43 - 00887296 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-11-10 23:33 - 2015-10-31 14:43 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-11-10 23:33 - 2015-10-31 14:43 - 00521728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-11-10 23:33 - 2015-10-31 14:43 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-11-10 23:33 - 2015-10-31 14:43 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-11-10 23:33 - 2015-10-31 14:43 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2015-11-10 23:33 - 2015-10-31 14:43 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-11-10 23:33 - 2015-10-31 14:43 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2015-11-10 23:33 - 2015-10-31 14:43 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-11-10 23:33 - 2015-10-31 14:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2015-11-10 23:33 - 2015-10-31 14:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2015-11-10 23:33 - 2015-10-31 14:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2015-11-10 23:33 - 2015-10-31 14:43 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2015-11-10 23:33 - 2015-10-31 13:40 - 12376576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-11-10 23:33 - 2015-10-31 13:38 - 09727488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-11-10 23:33 - 2015-10-31 13:38 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2015-11-10 23:33 - 2015-10-31 13:37 - 01830912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-11-10 23:33 - 2015-10-31 13:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2015-11-10 23:33 - 2015-10-31 13:36 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-11-10 23:33 - 2015-10-31 13:36 - 01436160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-11-10 23:33 - 2015-10-31 13:36 - 01093632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-11-10 23:33 - 2015-10-31 13:36 - 01088512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-11-10 23:33 - 2015-10-31 13:36 - 00711168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-11-10 23:33 - 2015-10-31 13:36 - 00615424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-11-10 23:33 - 2015-10-31 13:36 - 00412672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-11-10 23:33 - 2015-10-31 13:36 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-11-10 23:33 - 2015-10-31 13:36 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2015-11-10 23:33 - 2015-10-31 13:36 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-11-10 23:33 - 2015-10-31 13:36 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-11-10 23:33 - 2015-10-31 13:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2015-11-10 23:33 - 2015-10-31 13:36 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-11-10 23:33 - 2015-10-31 13:36 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2015-11-10 23:33 - 2015-10-31 13:36 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2015-11-10 23:33 - 2015-10-31 13:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2015-11-10 23:33 - 2015-10-29 12:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll2015-11-10 23:33 - 2015-10-29 12:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll2015-11-10 23:33 - 2015-10-29 12:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe2015-11-10 23:33 - 2015-10-29 12:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll2015-11-10 23:33 - 2015-10-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll2015-11-10 23:33 - 2015-10-29 12:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll2015-11-10 23:33 - 2015-10-29 12:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe2015-11-10 23:33 - 2015-10-12 23:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys2015-11-10 23:32 - 2015-10-01 13:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll2015-11-10 23:32 - 2015-10-01 13:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll2015-11-10 23:32 - 2015-10-01 12:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll2015-11-06 07:51 - 2015-11-06 07:59 - 06762072 _____ (Piriform Ltd) C:\Users\NewDesktop_3_2010\Downloads\ccsetup511.exe2015-11-05 18:55 - 2015-11-05 18:55 - 00001778 _____ C:\Windows\system32\cc_20151105_185528.reg2015-11-01 14:06 - 2015-11-01 14:06 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{FDEC4DF2-F8D0-4B4F-BFBE-99B2CC0036F4}2015-10-30 19:31 - 2015-10-30 19:31 - 00014977 _____ C:\Users\NewDesktop_3_2010\Documents\sams club membership via groupon 10 30 2015 offer for membership.htm2015-10-24 11:15 - 2015-10-24 11:15 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{A4B8DB15-4A34-4E00-98DC-17C5D4323509}2015-10-22 18:37 - 2015-10-22 18:37 - 00000000 ____D C:\ProgramData\McAfee2015-10-22 18:29 - 2015-10-22 18:29 - 00243608 _____ C:\Users\NewDesktop_3_2010\Downloads\Firefox Setup Stub 41.0.2(1).exe2015-10-22 18:25 - 2015-10-22 18:25 - 00243608 _____ C:\Users\NewDesktop_3_2010\Downloads\Firefox Setup Stub 41.0.2.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-21 10:10 - 2011-02-21 10:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-11-21 09:48 - 2013-05-02 13:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-11-21 09:44 - 2014-10-12 10:57 - 00000956 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA.job2015-11-21 03:17 - 2015-10-16 09:15 - 01247907 ____N C:\Windows\WindowsUpdate.log2015-11-21 03:12 - 2009-07-13 23:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-11-21 03:12 - 2009-07-13 23:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-11-20 20:13 - 2011-04-06 16:31 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\CrashDumps2015-11-20 19:56 - 2015-10-16 11:20 - 00000304 _____ C:\Windows\Tasks\NUSchedule.job2015-11-20 19:56 - 2015-01-25 19:00 - 00074708 _____ C:\Windows\SysWOW64\AppLog.log2015-11-20 19:56 - 2015-01-25 17:44 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Roaming\Norton Utilities 162015-11-20 19:56 - 2010-03-15 21:23 - 00000000 ____D C:\ProgramData\TEMP2015-11-20 17:44 - 2014-10-12 10:57 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core.job2015-11-20 17:10 - 2011-02-21 10:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-11-20 13:00 - 2015-10-16 11:51 - 00000354 _____ C:\Windows\Tasks\SpeedDiskSchedule.job2015-11-19 09:17 - 2015-10-03 15:06 - 00002425 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK2015-11-19 09:17 - 2015-10-03 15:00 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security2015-11-19 09:17 - 2015-10-03 15:00 - 00000000 ____D C:\Windows\system32\Drivers\NISx642015-11-19 09:14 - 2015-10-16 11:20 - 00000312 _____ C:\Windows\Tasks\NUAutoUpdate.job2015-11-19 09:13 - 2013-10-28 08:48 - 00000095 _____ C:\Users\NewDesktop_3_2010\.accessibility.properties2015-11-19 09:13 - 2010-03-16 20:13 - 00000000 ____D C:\Users\NewDesktop_3_20102015-11-19 09:12 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-11-17 19:50 - 2015-06-17 21:13 - 00000000 ____D C:\Program Files\Waterfox2015-11-17 19:49 - 2015-06-27 09:44 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk2015-11-17 19:48 - 2015-06-27 09:50 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task2015-11-17 19:36 - 2014-01-22 16:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Memeo2015-11-13 04:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache2015-11-13 03:30 - 2009-07-14 00:13 - 00862872 _____ C:\Windows\system32\PerfStringBackup.INI2015-11-13 03:19 - 2009-07-13 23:45 - 00340480 _____ C:\Windows\system32\FNTCACHE.DAT2015-11-11 00:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions2015-11-11 00:15 - 2013-08-08 11:56 - 00000000 ____D C:\Windows\system32\MRT2015-11-11 00:05 - 2010-04-15 06:11 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-11-10 23:47 - 2013-04-27 15:32 - 00854994 _____ C:\Windows\SysWOW64\PerfStringBackup.INI2015-11-10 23:38 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal2015-11-09 17:04 - 2010-04-24 08:40 - 00000424 _____ C:\Windows\Tasks\EasyShare Registration Task.job2015-11-07 09:14 - 2015-10-09 07:03 - 04800512 _____ C:\Users\NewDesktop_3_2010\s-1-5-21-4200233565-3368421019-1326646657-1002.rrr2015-11-07 09:14 - 2015-10-09 07:03 - 04079616 _____ C:\Users\Administrator\s-1-5-21-4200233565-3368421019-1326646657-500.rrr2015-11-07 09:14 - 2015-10-09 07:03 - 00532480 _____ C:\Windows\system32\config\default.rrr2015-11-07 09:14 - 2015-10-09 06:53 - 90435584 _____ C:\Windows\system32\config\software.rrr2015-11-07 09:14 - 2014-01-22 16:11 - 00000000 ____D C:\Users\Administrator2015-10-30 17:11 - 2012-11-05 10:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2015-10-28 15:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF2015-10-24 11:44 - 2010-04-07 07:42 - 05364736 ____R C:\Users\Public\Documents\ESBK.mb2015-10-24 11:42 - 2010-04-07 07:42 - 10655744 ____R C:\Users\Public\Documents\ESBK.mbb2015-10-22 18:37 - 2013-05-02 13:52 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-10-22 18:37 - 2013-05-02 13:52 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-10-22 18:37 - 2013-05-02 13:52 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-10-22 18:36 - 2014-07-11 15:26 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\Adobe ==================== Files in the root of some directories ======= 2010-03-17 17:43 - 2015-04-14 19:46 - 0001948 _____ () C:\Users\NewDesktop_3_2010\AppData\Roaming\wklnhst.dat2013-12-13 07:35 - 2015-07-13 21:53 - 0007607 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\Resmon.ResmonCfg2011-10-16 13:03 - 2011-10-16 13:03 - 0000000 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\{62C84699-B853-4384-BF6C-E456B46B3F4F}2011-08-10 21:57 - 2011-08-10 21:57 - 0000000 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\{FDF947EE-4675-4262-A24B-4D2DE1711DBD}2012-04-11 17:44 - 2012-04-13 08:54 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-11-13 04:13 ==================== End of FRST.txt ============================
  24. Kevin....thank you for your detailed explanation above. I will get that SYSTEM RESTORE situation fixed later today. Also, thank you for telling me HOW TO attach a "file" to my response posts. I did not know about that MORE REPLY OPTIONS and even if I did, it iwas not until you explained above how to save a NOTEPAD log or scan - for me to be able to attach it. I MOSTLY ONLY USE WATERFOX since I have a 64 bit PC and only ocassionally Chrome or Internet Explorer. IT HAPPENS QUITE A BIT ON WATERFOX...so I believe that is where the problem lies. Please let me know what to do do next. I don't have any idea what to do next to bring my PC back up to the efficiency and speed reaction that I previously enjoyed. Thanks for all your help and suggestions. Sue Wed. 11/18/15 at 8:23 am est
  25. Hi Kevin...I am not as tech savvy as you might think !! the logs went to my NOTEPAD and YOU DID NOT TELL me how to SAVE them and then BE ABLE to attached them to my response post !! That would have saved me HOURS of work IF I knew how to do that !! i saw at the end othat 64 page document something about 49 FILES that seemed to be a problem ? What was that all about ? As regards to your question if I had TURNED OFF system restore ? I WOULD NOT AND DO NOT KNOW HOW TO DO THAT ..so I don't think IT WAS ME THAT SAID DON'T CREATE RESTORE POINTS ANYMORE...so please tell me HOW to get that back up and enabled if you could. As REGARDS MY PC....it does not seem ANY FASTER than what it was before I contacted you !! One thing I noted is that when I CLICK ON A WEBSITE...on the top of my PC I end up getting FOUR OR FIVE AND EVEN SOMETIMES SIX of the same site !! I have to "x" them all out...so I don't know what that is all about...but it JUST STARTED occuring since yesterday !! Let me know how to solve that dilema too if you would be so kind ? My NORTON UTILITIES says my system is OPTIMIZED and under the one click message, the pointer is all the way to the right in the green zone...so I still don't know why my PC is lethargic ? I guess you have helped me get all the malware off...is there any chance there is any residual virus or anything that is making my PC slow ? I'll wait to hear if there is ANYTHING ELSE you can suggest I do...thanks Kevin for all your help...I really appreciate it...Sue Tuesday 11 17 2015 at 8:15 pm est
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.