Plumas Posted October 19, 2014 ID:892097 Share Posted October 19, 2014 I have a possible infection and would appreciate someone looking into this. My computer has very sluggish behavior and seems to take forever to do anything, even when nothing is running. I continually get error messages from Norton on high memory usage by Com Surrogates (Syswow 64) and I also have been getting notices from MalwareBytes on malicious websites being blocked (example attached.) I ran the Farbar recovery scan tool and found the following notation: ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64 I am attaching the complete files for reference. Does this mean I have a rootkit and if so, how do I remove it? Thanks much in advance for your help. FRST.txtAddition.txt Link to post Share on other sites More sharing options...
Naathim Posted October 19, 2014 ID:892103 Share Posted October 19, 2014 Hi My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat Before we start please note the following:Analysis and research take some time, also sometimes real life gets in the way, please be patient.Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Paste the logs in your posts, attachments make my work harder and more complicated.Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.Note that we may live in totally different time zones, what may cause some delays between answers.I can't foresee everything, so if anything unexpected happens, please stop and inform me!There are no silly questions. Never be afraid to ask if in doubt!Let's start and enjoy the fight! Rules and policiesWe won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Scan with Malwarebytes' Anti-MalwarePlease download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.First of all select update.Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.Click the Scan tab, choose Threat Scan is checked and click Scan Now.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the Scan Log.At the bottom click Export and choose Text file.Save the file to your desktop and include its content in your next reply. Link to post Share on other sites More sharing options...
Plumas Posted October 19, 2014 Author ID:892138 Share Posted October 19, 2014 Hi Naat: Many thanks in advance for your help! I ran Malwarebytes again, including the scan for rootkits, but nothing was found. Following is the log file. Pat Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 10/18/2014Scan Time: 6:21:39 PMLogfile: MWB.txtAdministrator: Yes Version: 2.00.3.1025Malware Database: v2014.10.18.07Rootkit Database: v2014.10.17.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Hillside3 Scan Type: Threat ScanResult: CompletedObjects Scanned: 615958Time Elapsed: 35 min, 23 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: WarnPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
Naathim Posted October 19, 2014 ID:892140 Share Posted October 19, 2014 Hi That's quite odd what I see in some places here, you have certainly the Poweliks infection, but I can't see any signs of ZeroAccess. The Junctions pointing to system64 directory also look strange. Let's take a bigger hammer. Scan with ComboFixThis is a very powerful tool that should be used only if advised by Malware Analyst.Do not run ComboFix on your own!Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Right-click on icon and select Run as Administrator to start the tool.Accept the disclaimer and agree if prompted to install Recovery Console.Do not take any actions while ComboFix goes through your System - it may cause it to stall!This scan may take some time!When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).Include that log in your next reply. If you'll encounter any issues with internet connection after running ComboFix, please visit this link. If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine. Link to post Share on other sites More sharing options...
Plumas Posted October 19, 2014 Author ID:892158 Share Posted October 19, 2014 Hi Naat: CombiFix was downloaded and run. It took quite a while, but seems to have found some things. The log file follows... looks like we are making progress! Plumas ComboFix 14-10-15.01 - Hillside3 10/18/2014 20:32:11.1.8 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4078.2215 [GMT -7:00]Running from: c:\users\Hillside3\Desktop\ComboFix.exeAV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}SP: Norton 360 *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\PCDr\6426\AddOnDownloaded\12856377-13ca-4a23-b36d-60217190121a.dllc:\programdata\PCDr\6426\AddOnDownloaded\c234a47d-843f-4a61-889b-e1538e961da5.dllc:\programdata\PCDr\6426\AddOnDownloaded\caac49ab-d9d8-4f29-a409-2a9a30ae62af.dllc:\users\Emily\WINDOWSc:\users\Geoffrey\Documents\~WRL0003.tmpc:\users\Geoffrey\Favorites\Thumbs.dbc:\users\Geoffrey\ScorchPDFWrapper.dllc:\users\Geoffrey\WINDOWSc:\users\Hillside3\AppData\Local\Adobe\gccheck.exec:\users\Hillside3\AppData\Local\Adobe\gtbcheck.exec:\users\Hillside3\AppData\Local\Adobe\SecurityScan_Release.exec:\users\Hillside3\GoToAssistDownloadHelper.exec:\users\Hillside3\WINDOWSc:\users\Public\Documents\~WRL2174.tmpc:\users\Public\Documents\spupdsvc.ex..CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.You should verify if current CLSID data is correct: .HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} (Default) REG_SZ Thumbnail Cache Class Factory for Out of Proc Server AppID REG_SZ {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}.HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32 (Default) REG_SZ c:\windows\system32\thumbcache.dll ThreadingModel REG_SZ Apartment..((((((((((((((((((((((((( Files Created from 2014-09-19 to 2014-10-19 )))))))))))))))))))))))))))))))..2014-10-18 22:38 . 2014-10-18 22:38 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys2014-10-18 22:05 . 2014-10-18 22:08 -------- d-----w- C:\FRST2014-10-18 16:56 . 2014-10-18 16:57 -------- d-----w- C:\NPE2014-10-15 02:33 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll2014-10-02 21:36 . 2014-10-14 19:35 -------- d-----w- c:\windows\system32\drivers\N360x64\1506000.0202014-10-01 15:14 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll2014-10-01 15:14 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll2014-09-23 20:13 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll2014-09-23 20:13 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-10-19 03:25 . 2014-05-24 16:18 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-10-15 10:01 . 2011-10-22 19:50 103265616 ----a-w- c:\windows\system32\MRT.exe2014-10-01 18:11 . 2014-05-24 16:18 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-10-01 18:11 . 2014-05-24 16:18 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-10-01 18:11 . 2013-08-31 23:26 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-09-24 00:44 . 2012-04-08 00:03 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-09-24 00:44 . 2011-10-05 21:23 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-09-05 03:18 . 2010-06-24 16:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2014-08-23 02:07 . 2014-08-28 12:27 404480 ----a-w- c:\windows\system32\gdi32.dll2014-08-23 01:45 . 2014-08-28 12:27 311808 ----a-w- c:\windows\SysWow64\gdi32.dll2014-08-01 11:53 . 2014-09-10 20:16 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll2014-08-01 11:35 . 2014-09-10 20:16 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll2014-07-25 09:35 . 2014-07-25 09:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll2014-07-25 06:47 . 2014-07-25 06:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2014-05-08 1104256]"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-08-07 688984].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-05 336384]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2014-05-08 41336]"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-05-08 840568]"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-03 43816]"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]"DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-06-30 2638152]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-07-08 152392].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-08-07 688984].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]ImageMixer 3 SE Camera Monitor Ver.5.lnk - c:\program files (x86)\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe [2011-10-30 253952].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\DRIVERS\HPx9G2k.sys;c:\windows\SYSNATIVE\DRIVERS\HPx9G2k.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt53.sys [x]S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20141003.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [x]S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20141017.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20141017.001\IDSvia64.sys [x]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [x]S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]S3 tplh64;Gigabit PCI Express Network Adapter Driver;c:\windows\system32\DRIVERS\tplh64.sys;c:\windows\SYSNATIVE\DRIVERS\tplh64.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-09-25 00:13 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 00:44].2014-10-19 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1263235551-3185265231-852751295-1000.job- c:\users\Hillside3\AppData\Local\Citrix\GoToMeeting\1767\g2mupdate.exe [2014-09-28 21:44].2014-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20 20:44].2014-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20 20:44].2014-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1263235551-3185265231-852751295-1003Core.job- c:\users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-15 19:06].2014-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1263235551-3185265231-852751295-1003UA.job- c:\users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-15 19:06]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]"Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-06-30 395152]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168].------- Supplementary Scan -------.uDefault_Search_URL = hxxp://srch-us4.hpwis.com/uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://my.yahoo.com/?mkg=015mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.1.254FF - ProfilePath - c:\users\Hillside3\AppData\Roaming\Mozilla\Firefox\Profiles\fabf13mb.default\FF - ExtSQL: !HIDDEN! 2011-10-10 20:32; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKCU-Run-AdobeBridge - (no file)Wow6432Node-HKLM-Run-<NO NAME> - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.6.0.32\diMaster.dll\" /prefetch:1""ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS""TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.6.0.32;c:\program files (x86)\Norton 360\Engine64\21.6.0.32".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.15".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-10-18 21:06:16ComboFix-quarantined-files.txt 2014-10-19 04:06.Pre-Run: 1,743,469,875,200 bytes freePost-Run: 1,749,287,968,768 bytes free.- - End Of File - - 650ACF1EE2018B5AF3CA1561B3022884 Link to post Share on other sites More sharing options...
Naathim Posted October 19, 2014 ID:892275 Share Posted October 19, 2014 Hi Looks like the main one is gone. Now please do another FRST scan. Scan with Farbar Recovery Scan ToolPlease re-run Farbar Recovery Scan Tool.Right-click on icon and select Run as Administrator to start the tool.> XP users click run after receipt of Windows Security Warning - Open File.> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content in your next reply. Link to post Share on other sites More sharing options...
Plumas Posted October 19, 2014 Author ID:892444 Share Posted October 19, 2014 Naat: The Farbar Recovery tool was run. I am having trouble posting all of the files (the forum says the posts are too long) so I will try to do it in two different posts. First is the FRST.txt file... Plumas Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-10-2014 01Ran by Hillside3 (administrator) on HILLSIDE3-PC on 19-10-2014 07:58:13Running from C:\Users\Hillside3\DesktopLoaded Profiles: Hillside3 & (Available profiles: Hillside3 & Emily & Geoffrey & Administrator)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)HKLM\...\Run: [seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [395152 2011-06-30] (Seagate)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-04] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)HKLM-x32\...\Run: [updatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [2638152 2011-06-30] (Seagate)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)HKU\S-1-5-21-1263235551-3185265231-852751295-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1104288 2014-09-04] (Adobe Systems Incorporated)HKU\S-1-5-21-1263235551-3185265231-852751295-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)HKU\S-1-5-21-1263235551-3185265231-852751295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1104288 2014-09-04] (Adobe Systems Incorporated)HKU\S-1-5-21-1263235551-3185265231-852751295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)HKU\S-1-5-21-1263235551-3185265231-852751295-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"HKU\S-1-5-21-1263235551-3185265231-852751295-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [spotify Web Helper] => C:\Users\Emily\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576 2013-01-16] (Spotify Ltd)HKU\S-1-5-21-1263235551-3185265231-852751295-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-15] (Google Inc.)HKU\S-1-5-21-1263235551-3185265231-852751295-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MusicManager] => C:\Users\Emily\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.5.lnkShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.5.lnk -> C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/?mkg=015HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmlStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKCU - DefaultScope {C551CED0-A24B-4F52-AF50-0EC0A44A8A61} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGHP_enUS454SearchScopes: HKCU - {0BC600DD-523F-4B59-A556-BFF92142AFA9} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = SearchScopes: HKCU - {C551CED0-A24B-4F52-AF50-0EC0A44A8A61} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGHP_enUS454BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg.dll No FileBHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No FileBHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg32.dll No FileBHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileToolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No FileDPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cabDPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cabDPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CABHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg.dll No FileHandler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg32.dll No FileTcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF ProfilePath: C:\Users\Hillside3\AppData\Roaming\Mozilla\Firefox\Profiles\fabf13mb.defaultFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Hillside3\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll (Amazon.com, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\MyCamera.dll (CANON INC.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPCIG.dll (CANON INC.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)FF Extension: Garmin Communicator - C:\Users\Hillside3\AppData\Roaming\Mozilla\Firefox\Profiles\fabf13mb.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-19]FF Extension: DownloadHelper - C:\Users\Hillside3\AppData\Roaming\Mozilla\Firefox\Profiles\fabf13mb.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]FF Extension: Easy YouTube Video Downloader - C:\Users\Hillside3\AppData\Roaming\Mozilla\Firefox\Profiles\fabf13mb.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2011-12-17]FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-10-05]FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-02-01]FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\FirefoxExtensionFF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn [2014-10-19]FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: =======CHR HomePage: Default -> hxxp://www.google.com/CHR StartupUrls: Default -> "hxxp://www.google.com/"CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No FileCHR Plugin: (Norton Confidential) - C:\Users\Hillside3\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No FileCHR Plugin: (Java Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No FileCHR Plugin: (Canon Online Photo Plugin Module) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPCIG.dll (CANON INC.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (Windows Liveu0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No FileCHR Profile: C:\Users\Hillside3\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hillside3\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]CHR Extension: (YouTube) - C:\Users\Hillside3\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]CHR Extension: (Google Search) - C:\Users\Hillside3\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]CHR Extension: (Norton Identity Safe) - C:\Users\Hillside3\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-16]CHR Extension: (Norton Security Toolbar) - C:\Users\Hillside3\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-06-27]CHR Extension: (Google Wallet) - C:\Users\Hillside3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (Gmail) - C:\Users\Hillside3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02]CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-16] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-26] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)S3 HPx9G+; C:\Windows\System32\DRIVERS\HPx9G2k.sys [32056 2009-11-12] (Hewlett Packard Development LLC)R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20141017.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-19] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141018.001\ENG64.SYS [129752 2014-09-26] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141018.001\EX64.SYS [2137304 2014-09-26] (Symantec Corporation)S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-17] (Symantec Corporation)R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-10-30] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)R3 tplh64; C:\Windows\System32\DRIVERS\tplh64.sys [508520 2012-02-21] (TP-LINK TECHNOLOGIES CO., LTD)R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-05-06] (Acronis)S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-19 07:57 - 2014-10-18 14:47 - 02112000 _____ (Farbar) C:\Users\Hillside3\Desktop\frst64.exe2014-10-18 21:06 - 2014-10-18 21:06 - 00023125 _____ () C:\ComboFix.txt2014-10-18 20:27 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe2014-10-18 20:27 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe2014-10-18 20:27 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-10-18 20:27 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-10-18 20:27 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-10-18 20:27 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe2014-10-18 20:27 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe2014-10-18 20:27 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe2014-10-18 20:25 - 2014-10-18 21:06 - 00000000 ____D () C:\Qoobox2014-10-18 20:23 - 2014-10-18 21:03 - 00000000 ____D () C:\Windows\erdnt2014-10-18 20:18 - 2014-10-18 20:13 - 05583559 ____R (Swearware) C:\Users\Hillside3\Desktop\ComboFix.exe2014-10-18 20:09 - 2014-10-18 20:13 - 05583559 _____ (Swearware) C:\Users\Hillside3\Downloads\ComboFix.exe2014-10-18 16:37 - 2014-10-18 16:37 - 00014882 _____ () C:\Users\Hillside3\Desktop\attach.txt2014-10-18 16:37 - 2014-10-18 16:36 - 00027435 _____ () C:\Users\Hillside3\Desktop\dds.txt2014-10-18 16:31 - 2014-10-18 16:32 - 00688992 ____R (Swearware) C:\Users\Hillside3\Downloads\dds.com2014-10-18 15:38 - 2014-10-18 15:38 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys2014-10-18 15:34 - 2014-10-18 15:36 - 01805736 _____ (Symantec Corporation) C:\Users\Hillside3\Desktop\FixZeroAccess.exe2014-10-18 15:07 - 2014-10-18 15:08 - 00049737 _____ () C:\Users\Hillside3\Desktop\Addition.txt2014-10-18 15:06 - 2014-10-19 07:59 - 00030883 _____ () C:\Users\Hillside3\Desktop\FRST.txt2014-10-18 15:05 - 2014-10-19 07:58 - 00000000 ____D () C:\FRST2014-10-18 14:58 - 2014-10-18 18:58 - 00001058 _____ () C:\Users\Hillside3\Desktop\MWB.txt2014-10-18 14:28 - 2014-10-18 14:29 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Hillside3\Desktop\tdsskiller.exe2014-10-18 13:58 - 2014-10-18 14:04 - 127737592 _____ (Microsoft Corporation) C:\Users\Hillside3\Downloads\msert.exe2014-10-18 12:02 - 2014-10-18 12:02 - 00023643 _____ () C:\Users\Hillside3\Documents\World Records.xlsx2014-10-18 09:56 - 2014-10-18 09:57 - 00000000 ____D () C:\NPE2014-10-18 09:27 - 2014-10-18 09:29 - 03060320 ____N (Symantec Corporation) C:\Users\Hillside3\Downloads\NPE (1).exe2014-10-14 19:35 - 2014-10-09 19:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-10-14 19:35 - 2014-10-09 19:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-10-14 19:35 - 2014-10-09 19:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-10-14 19:35 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-10-14 19:35 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-10-14 19:35 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-14 19:35 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-14 19:35 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-10-14 19:35 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-10-14 19:35 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-10-14 19:35 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-10-14 19:35 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-10-14 19:35 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-14 19:35 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-14 19:35 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-14 19:35 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-10-14 19:35 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-10-14 19:35 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-14 19:35 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-14 19:35 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-10-14 19:35 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-10-14 19:35 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-10-14 19:35 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-14 19:35 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-14 19:35 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-10-14 19:35 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-14 19:35 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-14 19:35 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-10-14 19:35 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-10-14 19:35 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-10-14 19:35 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-10-14 19:35 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-10-14 19:35 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-14 19:35 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-10-14 19:35 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-10-14 19:35 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-10-14 19:35 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-10-14 19:35 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-10-14 19:35 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-14 19:35 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-10-14 19:35 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-14 19:35 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-10-14 19:35 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-10-14 19:35 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-10-14 19:35 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-10-14 19:35 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-10-14 19:35 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-10-14 19:35 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-14 19:35 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-10-14 19:35 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-10-14 19:35 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-10-14 19:35 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-14 19:35 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-10-14 19:35 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-10-14 19:35 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-10-14 19:35 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-14 19:35 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-10-14 19:35 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-10-14 19:35 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-10-14 19:35 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-10-14 19:35 - 2014-08-18 20:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi2014-10-14 19:35 - 2014-08-18 20:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi2014-10-14 19:35 - 2014-08-18 20:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2014-10-14 19:35 - 2014-08-18 20:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll2014-10-14 19:35 - 2014-08-18 20:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2014-10-14 19:35 - 2014-08-18 20:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2014-10-14 19:35 - 2014-08-18 20:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe2014-10-14 19:35 - 2014-08-18 20:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll2014-10-14 19:35 - 2014-08-18 20:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll2014-10-14 19:35 - 2014-08-18 20:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe2014-10-14 19:35 - 2014-08-18 19:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll2014-10-14 19:35 - 2014-08-18 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2014-10-14 19:35 - 2014-08-18 19:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys2014-10-14 19:35 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL2014-10-14 19:35 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL2014-10-14 19:35 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL2014-10-14 19:35 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL2014-10-14 19:35 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL2014-10-14 19:35 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL2014-10-14 19:35 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL2014-10-14 19:35 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL2014-10-14 19:35 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL2014-10-14 19:35 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL2014-10-14 19:35 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls2014-10-14 19:35 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls2014-10-14 19:35 - 2014-07-06 19:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll2014-10-14 19:35 - 2014-07-06 19:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll2014-10-14 19:35 - 2014-07-06 19:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll2014-10-14 19:35 - 2014-07-06 19:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-10-14 19:35 - 2014-07-06 19:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll2014-10-14 19:35 - 2014-07-06 19:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll2014-10-14 19:35 - 2014-07-06 19:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2014-10-14 19:35 - 2014-07-06 19:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll2014-10-14 19:35 - 2014-07-06 19:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe2014-10-14 19:35 - 2014-07-06 19:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe2014-10-14 19:35 - 2014-07-06 19:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx2014-10-14 19:35 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll2014-10-14 19:35 - 2014-07-06 19:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL2014-10-14 19:35 - 2014-07-06 19:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe2014-10-14 19:35 - 2014-07-06 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll2014-10-14 19:35 - 2014-07-06 18:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys2014-10-14 19:35 - 2014-07-06 18:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll2014-10-14 19:35 - 2014-07-06 18:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll2014-10-14 19:35 - 2014-07-06 18:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll2014-10-14 19:35 - 2014-07-06 18:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2014-10-14 19:35 - 2014-07-06 18:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx2014-10-14 19:35 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll2014-10-14 19:35 - 2014-07-06 18:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL2014-10-14 19:35 - 2014-07-06 18:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2014-10-14 19:35 - 2014-07-06 18:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2014-10-14 19:35 - 2014-07-06 18:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe2014-10-14 19:35 - 2014-07-06 18:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe2014-10-14 19:35 - 2014-07-06 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll2014-10-14 19:35 - 2014-06-27 17:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe2014-10-14 19:35 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe2014-10-14 19:35 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll2014-10-14 19:35 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-14 19:35 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2014-10-14 19:35 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2014-10-14 19:35 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-14 19:35 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2014-10-14 19:35 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-14 19:33 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-14 19:33 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-10-14 19:33 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-14 19:33 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-10-14 19:33 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-14 19:33 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll2014-10-14 19:33 - 2014-07-16 19:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-14 19:33 - 2014-07-16 19:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2014-10-14 19:33 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-10-14 19:33 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-14 19:33 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-14 19:33 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-14 19:33 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-10-14 19:33 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-10-14 19:33 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll2014-10-14 19:33 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-10-14 19:33 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2014-10-14 19:33 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll2014-10-14 19:33 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-10-14 19:33 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-10-14 19:33 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-14 19:33 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2014-10-11 11:40 - 2014-10-11 20:48 - 00030908 _____ () C:\Users\Hillside3\Documents\Predictions.xlsx2014-10-02 18:39 - 2014-10-02 18:39 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 3602014-10-01 08:14 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2014-10-01 08:14 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2014-09-27 11:53 - 2014-09-27 11:53 - 00000000 ____D () C:\Users\Hillside3\AppData\Local\{646A85F7-7A12-431F-8CBD-CBC6C1012680}2014-09-24 19:00 - 2014-09-24 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-09-23 13:13 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-09-23 13:13 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-19 07:57 - 2011-10-05 14:22 - 01811978 _____ () C:\Windows\WindowsUpdate.log2014-10-19 07:54 - 2011-10-15 08:59 - 00000000 ____D () C:\Users\Hillside3\Documents\Outlook Files2014-10-19 07:53 - 2014-05-24 09:18 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-10-19 07:53 - 2011-10-20 13:44 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-10-19 07:52 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-10-19 07:52 - 2009-07-13 21:51 - 00088180 _____ () C:\Windows\setupact.log2014-10-18 21:58 - 2011-10-05 14:38 - 00002507 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Standard.lnk2014-10-18 21:58 - 2011-10-05 14:38 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk2014-10-18 21:58 - 2009-07-13 21:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-18 21:58 - 2009-07-13 21:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-18 21:50 - 2010-11-20 20:47 - 01060796 _____ () C:\Windows\PFRO.log2014-10-18 21:45 - 2011-10-20 13:44 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-10-18 21:44 - 2012-04-07 17:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-10-18 21:08 - 2014-03-04 19:12 - 00000586 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1263235551-3185265231-852751295-1000.job2014-10-18 21:06 - 2013-08-15 12:06 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1263235551-3185265231-852751295-1003UA.job2014-10-18 21:06 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default2014-10-18 21:02 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini2014-10-18 21:01 - 2011-10-14 20:58 - 00000000 ____D () C:\Users\Geoffrey2014-10-18 21:01 - 2011-10-14 20:58 - 00000000 ____D () C:\Users\Emily2014-10-18 21:01 - 2011-10-10 18:10 - 00000000 ____D () C:\Users\Hillside3\AppData\Local\Adobe2014-10-18 21:01 - 2011-10-10 18:07 - 00000000 ____D () C:\Users\Hillside32014-10-18 20:17 - 2012-08-17 17:48 - 00000000 ____D () C:\Users\Hillside3\Documents\Placer County Real Estate2014-10-18 16:53 - 2011-12-18 20:13 - 00000000 ____D () C:\Users\Hillside3\AppData\Local\CrashDumps2014-10-18 15:41 - 2011-10-20 13:44 - 00000000 ____D () C:\Program Files\Google2014-10-18 15:41 - 2011-10-20 13:43 - 00000000 ____D () C:\Program Files (x86)\Google2014-10-18 15:05 - 2009-07-13 22:13 - 00871570 _____ () C:\Windows\system32\PerfStringBackup.INI2014-10-18 14:00 - 2013-05-22 13:10 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask2014-10-18 13:46 - 2012-06-08 15:57 - 00000000 ____D () C:\ProgramData\Skype2014-10-18 13:39 - 2011-10-10 20:33 - 00000000 ____D () C:\Program Files (x86)\Yahoo!2014-10-18 13:37 - 2011-10-20 13:44 - 00000000 ____D () C:\Users\Hillside3\AppData\Local\Google2014-10-18 13:37 - 2011-10-20 13:43 - 00000000 ____D () C:\ProgramData\Google2014-10-18 10:21 - 2013-08-14 18:28 - 00000000 ____D () C:\Users\Hillside3\AppData\Local\NPE2014-10-17 20:35 - 2014-05-24 09:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-10-17 20:32 - 2014-05-24 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-16 22:06 - 2013-08-15 12:06 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1263235551-3185265231-852751295-1003Core.job2014-10-15 05:25 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD2014-10-15 04:43 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache2014-10-15 03:54 - 2009-07-13 21:45 - 05083544 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-15 03:50 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-10-15 03:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism2014-10-15 03:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism2014-10-15 03:31 - 2011-10-11 17:38 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-10-15 03:25 - 2013-08-13 23:31 - 00000000 ____D () C:\Windows\system32\MRT2014-10-15 03:01 - 2011-10-22 12:50 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-10-13 14:23 - 2012-11-08 17:01 - 00000000 ____D () C:\Windows\Minidump2014-10-13 14:22 - 2012-11-08 17:01 - 00364455 ____N () C:\Windows\Minidump\101314-62899-01.dmp2014-10-12 11:07 - 2014-03-15 08:22 - 00056388 _____ () C:\Users\Hillside3\Desktop\Pigs.xlsx2014-10-12 08:59 - 2011-10-27 21:37 - 00007599 _____ () C:\Users\Hillside3\AppData\Local\Resmon.ResmonCfg2014-10-02 18:37 - 2014-06-26 14:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 3602014-10-02 18:37 - 2014-05-02 18:22 - 00002321 _____ () C:\Users\Public\Desktop\Norton 360.lnk2014-10-02 18:37 - 2013-08-14 17:54 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration2014-10-02 18:37 - 2013-08-14 17:54 - 00000000 ____D () C:\Windows\system32\Drivers\N360x642014-10-01 11:11 - 2014-05-24 09:18 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-10-01 11:11 - 2014-05-24 09:18 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-10-01 11:11 - 2013-08-31 16:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-09-28 14:44 - 2014-03-04 19:12 - 00003628 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1263235551-3185265231-852751295-10002014-09-28 13:11 - 2012-09-08 11:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-09-27 10:18 - 2011-01-28 19:19 - 00000000 ____D () C:\Users\Hillside3\Documents\My Scans2014-09-26 22:49 - 2014-01-19 16:00 - 00000000 ____D () C:\Program Files (x86)\Quicken2014-09-24 17:15 - 2011-11-06 18:16 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-09-23 17:44 - 2012-04-07 17:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-09-23 17:44 - 2012-04-07 17:03 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-09-23 17:44 - 2011-10-05 14:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Files to move or delete:====================C:\Users\Emily\jagex_runescape_preferences.datC:\Users\Geoffrey\jagex_runescape_preferences.datC:\Users\Geoffrey\jagex_runescape_preferences2.datC:\Users\Geoffrey\mnviewer.dllC:\Users\Geoffrey\npmusicn.dllC:\Users\Geoffrey\NPSibelius.dllC:\Users\Geoffrey\PDFNetC.dllC:\Users\Geoffrey\ScorchAxPlugin.dllC:\Users\Geoffrey\unins000.datC:\Users\Geoffrey\unins000.exeC:\Users\Hillside3\jagex_runescape_preferences.dat ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64 LastRegBack: 2014-10-06 07:32 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Plumas Posted October 19, 2014 Author ID:892447 Share Posted October 19, 2014 Naat: And here is teh Addition.txt file... Plumas Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01Ran by Hillside3 at 2014-10-19 08:00:59Running from C:\Users\Hillside3\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) HiddenAccidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.12 - Adobe Systems)Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) HiddenAdobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) HiddenAleks 3.18 (HKLM-x32\...\Aleks 3.18) (Version: - )Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) HiddenApple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)ATI AVIVO64 Codecs (Version: 11.6.0.10104 - ATI Technologies Inc.) HiddenATI Catalyst Install Manager (HKLM\...\{6E3D4FFE-9614-4E58-9DE2-F9A036EAD491}) (Version: 3.0.808.0 - ATI Technologies, Inc.)Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) HiddenCANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.6.0.12 - Canon Inc.)Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.2.7 - Canon Inc.)Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 3.2.0.10 - Canon Inc.)Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)Canon Utilities Digital Photo Professional 3.3 (HKLM-x32\...\DPP) (Version: 3.3.1.1 - Canon Inc.)Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.3.1.3 - Canon Inc.)Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.0.0.3 - Canon Inc.)Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.2.0.1 - Canon Inc.)Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)Canon Utilities WFT-E1/E2/E3 Utility (HKLM-x32\...\WFTK) (Version: 3.2.1.1 - Canon Inc.)Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.2.0.29 - Canon Inc.)Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.0.9 - Canon Inc.)Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) HiddenCatalyst Control Center InstallProxy (x32 Version: 2011.0104.2155.39304 - ATI Technologies, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2011.0104.2155.39304 - ATI) HiddenCCC Help Chinese Standard (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Chinese Traditional (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Czech (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Danish (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Dutch (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help English (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Finnish (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help French (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help German (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Greek (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Hungarian (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Italian (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Japanese (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Korean (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Norwegian (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Polish (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Portuguese (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Russian (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Spanish (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Swedish (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Thai (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Turkish (x32 Version: 2011.0104.2154.39304 - ATI) Hiddenccc-core-static (x32 Version: 2011.0104.2155.39304 - ATI) Hiddenccc-utility64 (Version: 2011.0104.2155.39304 - ATI) HiddenCitrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6622 - CyberLink Corp.)CyberLink PhotoNow (x32 Version: 1.1.6622 - CyberLink Corp.) HiddenCyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3022 - CyberLink Corp.)CyberLink PowerDirector (x32 Version: 8.0.3022 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft)Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) HiddenDeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) HiddenDirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) HiddenDocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) HiddenDocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) HiddenElevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) HiddenEPSON Copy Utility (HKLM-x32\...\{B69CC1A5-0404-11D6-ABCB-005004C21D30}) (Version: - )EPSON Photo Print (HKLM-x32\...\EPSON Photo Print) (Version: - )EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )EPSON Scanner Reference Guide (HKLM-x32\...\Silent Package Run-Time Sample) (Version: - )EPSON Smart Panel (HKLM-x32\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version: - )Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) HiddenFL Studio 10 (HKLM-x32\...\FL Studio 10) (Version: - Image-Line)Garmin Communicator Plugin (HKLM-x32\...\{13F054F3-0B07-4D15-9E80-C55B496AB557}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) HiddenGarmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) HiddenGarmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenGoToMeeting 6.4.3.1767 (HKCU\...\GoToMeeting) (Version: 6.4.3.1767 - CitrixOnline)GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) HiddenHP 40gs, 39gs, 39G+, 39G Calculator Connectivity Kit (HKLM-x32\...\HP 40gs, 39gs, 39G+, 39G Calculator Connectivity Kit) (Version: 2.1 Build 1328 - Hewlett-Packard)HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) HiddenHPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) HiddenHPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) HiddenIL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)ImageMixer 3 SE Ver.5 Transfer Utility (HKLM-x32\...\{DFE492C4-A9F5-413E-A2CC-6F5F3ACC229F}) (Version: 3.04.009 - PIXELA)ImageMixer 3 SE Ver.5 Video Tools (HKLM-x32\...\{B674F947-56D6-4793-B465-7D7C87E04D0C}) (Version: 3.04.014 - PIXELA)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJava 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenK-Lite Codec Pack 9.9.5 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - )LecShare Pro 1.57 (HKLM-x32\...\LecShare Pro_is1) (Version: - LecShare, Inc.)LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) HiddenMesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) HiddenMozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)Network64 (Version: 130.0.374.000 - Hewlett-Packard) HiddenNetwork64 (Version: 140.0.221.000 - Hewlett-Packard) HiddenNorton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) HiddenQualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) HiddenRealtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)Roxio Activation Module (x32 Version: 1.0 - Roxio) HiddenRoxio BackOnTrack (x32 Version: 1.3.3 - Roxio) HiddenRoxio Burn (x32 Version: 1.8 - Roxio) HiddenRoxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) HiddenRoxio Creator Starter (x32 Version: 5.0.0 - Roxio) HiddenRoxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) HiddenRoxio File Backup (Version: 1.3.2 - Roxio) HiddenScan (x32 Version: 13.0.0.0 - Hewlett-Packard) HiddenScanToWeb (HKLM-x32\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - )Seagate DiscWizard (HKLM-x32\...\{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}) (Version: 13.0.14387 - Seagate)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) HiddenShop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) HiddenSolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) HiddenSonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) HiddenStatus (x32 Version: 130.0.373.000 - Hewlett-Packard) HiddenToolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) HiddenTrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) HiddenUpdate for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) HiddenWindows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1263235551-3185265231-852751295-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Hillside3\AppData\Local\Citrix\GoToMeeting\1312\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Restore Points ========================= 18-10-2014 20:39:47 Removed Skype™ 6.11 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2014-10-18 21:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {229E7121-7537-4D93-83AF-D90F5C1CD85B} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)Task: {2ABD3E47-8DF1-4945-82C2-A0AD3A1FA7AD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1263235551-3185265231-852751295-1003UA => C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-15] (Google Inc.)Task: {3427F52E-02EA-43F3-B249-92855B0821CF} - System32\Tasks\G2MUpdateTask-S-1-5-21-1263235551-3185265231-852751295-1000 => C:\Users\Hillside3\AppData\Local\Citrix\GoToMeeting\1767\g2mupdate.exe [2014-09-28] (Citrix Online, a division of Citrix Systems, Inc.)Task: {3BCAD3EA-BEE1-42E7-8DD3-2EEEAFFE164E} - \DSite No Task File <==== ATTENTIONTask: {4B92C96A-AFC9-467E-A001-B51418217C7D} - System32\Tasks\AdobeAAMUpdater-1.0-Hillside3-PC-Hillside3 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)Task: {677A7A6E-45E5-495A-9B4A-7825587989BF} - \EPUpdater No Task File <==== ATTENTIONTask: {687E1845-AB78-46B9-8910-EFC7BDD82926} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)Task: {6CEE37CC-4A16-4A06-A85A-69422D7ECE6F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1263235551-3185265231-852751295-1003Core => C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-15] (Google Inc.)Task: {74BC7D9D-4217-42B5-B971-1331C0691F2F} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()Task: {752B5269-A21E-4D4D-8C58-6489BAF5316E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20] (Google Inc.)Task: {7AEE7813-7F14-4AB7-A518-BAEE064DD2CA} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\SymErr.exeTask: {7ED4FE94-366D-416A-9292-D87909155AA9} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {8722B436-C10B-4A3A-8010-E8D7A4613E2A} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)Task: {88DE43C3-2812-4730-AD4F-3D46DA9FA13C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\SymErr.exeTask: {911C1753-BEF8-4333-AD4B-C40CD4879CA5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {996D130B-04B3-49F2-8266-B5557F8942B6} - \BrowserDefendert No Task File <==== ATTENTIONTask: {A32904F0-AF7A-4E73-A4FE-4DEAD7E76018} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20] (Google Inc.)Task: {B3957B46-8D97-48EA-B2BD-F5A045C2E9D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)Task: {C04202BF-3F60-4F76-96C2-91E72540168E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {C352C2F9-92FB-472F-BD0F-937DD3E2DC9F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exeTask: {CB480B71-8F6B-4430-BC7C-B5626F39E0E9} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1263235551-3185265231-852751295-1000.job => C:\Users\Hillside3\AppData\Local\Citrix\GoToMeeting\1767\g2mupdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1263235551-3185265231-852751295-1003Core.job => C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1263235551-3185265231-852751295-1003UA.job => C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-10-30 10:20 - 2009-04-16 19:01 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe2010-11-17 08:35 - 2010-11-17 08:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe2011-01-04 19:54 - 2011-01-04 19:54 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll2010-08-26 14:08 - 2010-08-26 14:08 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2011-10-30 08:56 - 2008-09-24 22:10 - 00364544 ____N () C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\pxl_m17n_tool.dll2010-11-24 20:44 - 2010-11-24 20:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf2014-09-04 05:50 - 2014-09-04 05:50 - 02897304 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll2014-10-15 04:01 - 2014-10-15 04:01 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\39ff47a82cce6fab4fafee9b44846d97\IsdiInterop.ni.dll2011-10-05 14:29 - 2010-09-13 16:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Emily\Documents\luek email.eml:OECustomPropertyAlternateDataStreams: C:\Users\Hillside3\Documents\joan henrick email.eml:OECustomPropertyAlternateDataStreams: C:\Users\Hillside3\Documents\le.eml:OECustomPropertyAlternateDataStreams: C:\Users\Hillside3\Documents\request letter 2.eml:OECustomPropertyAlternateDataStreams: C:\Users\Hillside3\Documents\request letter.eml:OECustomPropertyAlternateDataStreams: C:\Users\Public\Documents\Microsoft Support_ Case ID SRX1065658643.eml:OECustomPropertyAlternateDataStreams: C:\Users\Public\Documents\Public Missiles Web Order.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1263235551-3185265231-852751295-500 - Administrator - Disabled) => C:\Users\AdministratorEmily (S-1-5-21-1263235551-3185265231-852751295-1003 - Limited - Enabled) => C:\Users\EmilyGeoffrey (S-1-5-21-1263235551-3185265231-852751295-1004 - Limited - Enabled) => C:\Users\GeoffreyGuest (S-1-5-21-1263235551-3185265231-852751295-501 - Limited - Enabled)Hillside3 (S-1-5-21-1263235551-3185265231-852751295-1000 - Administrator - Enabled) => C:\Users\Hillside3HomeGroupUser$ (S-1-5-21-1263235551-3185265231-852751295-1005 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Officejet 4500 G510n-zDescription: Officejet 4500 G510n-zClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Officejet 4500 G510n-zDescription: Officejet 4500 G510n-zClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet 4500 G510n-zDescription: Officejet 4500 G510n-zClass Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Manufacturer: HPService: StillCamProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (10/19/2014 07:53:52 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/18/2014 09:52:18 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/18/2014 06:18:03 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/18/2014 04:53:00 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22Exception code: 0xc0000005Fault offset: 0x00114811Faulting process id: 0x2ea4Faulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (10/18/2014 04:48:14 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22Exception code: 0xc00000fdFault offset: 0x00094765Faulting process id: 0x2ab4Faulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (10/18/2014 04:42:44 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22Exception code: 0xc00000fdFault offset: 0x00094fbfFaulting process id: 0x1ca8Faulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (10/18/2014 03:44:24 PM) (Source: IAStorDataMgrSvc) (EventID: 0) (User: )Description: Service cannot be started. The service process could not connect to the service controller Error: (10/18/2014 03:43:07 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/18/2014 03:01:06 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22Exception code: 0xc00000fdFault offset: 0x0031ba7aFaulting process id: 0x7c0Faulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (10/18/2014 00:33:53 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22Exception code: 0xc00000fdFault offset: 0x0034cf7eFaulting process id: 0x28ecFaulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 System errors:=============Error: (10/19/2014 07:53:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (10/18/2014 09:51:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (10/18/2014 09:02:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (10/18/2014 09:01:23 PM) (Source: Application Popup) (EventID: 1060) (User: )Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (10/18/2014 08:46:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (10/18/2014 08:24:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/18/2014 08:24:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s). Error: (10/18/2014 06:19:14 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/18/2014 06:18:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (10/18/2014 06:16:54 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 6:15:22 PM on 10/18/2014 was unexpected. Microsoft Office Sessions:=========================Error: (10/19/2014 07:53:52 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/18/2014 09:52:18 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/18/2014 06:18:03 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/18/2014 04:53:00 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c0000005001148112ea401cfeb2e0035cd9eC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dlle3d9289a-5721-11e4-ae92-64700213e298 Error: (10/18/2014 04:48:14 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd000947652ab401cfeb2d5a246406C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll3953b7d3-5721-11e4-ae92-64700213e298 Error: (10/18/2014 04:42:44 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094fbf1ca801cfeb2c7183d50aC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll74ca33d8-5720-11e4-ae92-64700213e298 Error: (10/18/2014 03:44:24 PM) (Source: IAStorDataMgrSvc) (EventID: 0) (User: )Description: Service cannot be started. The service process could not connect to the service controller Error: (10/18/2014 03:43:07 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/18/2014 03:01:06 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd0031ba7a7c001cfeb1dee0db741C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll41b10d32-5712-11e4-b446-64700213e298 Error: (10/18/2014 00:33:53 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd0034cf7e28ec01cfeb0a431844a8C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllb0dae673-56fd-11e4-b446-64700213e298 CodeIntegrity Errors:=================================== Date: 2014-10-18 21:01:23.093 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-10-18 21:01:23.061 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i7-2600 CPU @ 3.40GHzPercentage of memory in use: 62%Total physical RAM: 4078.45 MBAvailable physical RAM: 1523.74 MBTotal Pagefile: 8155.07 MBAvailable Pagefile: 4905.6 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1846.3 GB) (Free:1628.92 GB) NTFSDrive d: (DATAPART1) (Fixed) (Total:931.51 GB) (Free:548.47 GB) NTFSDrive k: () (Removable) (Total:14.9 GB) (Free:14.84 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C468B60B)Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 55E8C8F6)Partition 1: (Not Active) - (Size=79 MB) - (Type=DE)Partition 2: (Active) - (Size=16.6 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=1846.3 GB) - (Type=07 NTFS) ========================================================Disk: 6 (Size: 14.9 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Naathim Posted October 19, 2014 ID:892555 Share Posted October 19, 2014 Hi Yes, looks like Poweliks is gone. But still some more work to do... Fix with Junkware Removal ToolPlease download JRT by Thisisu and save the file to your desktop.Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Right-click on icon and select Run as Administrator to start the tool.Follow the prompts and let this process run uninterrupted.This scan can take a while, depending on your System specs.Upon completion, a log (JRT.txt) will open on your desktop.Please include the contents of that file in your reply.Do not forget to re-enable your previously switched off protection software!Please also manually reboot your machine after this procedure. Scan with AdwCleanerPlease download AdwCleaner by Xplode and save the file to your desktop.Right-click on icon and select Run as Administrator to start the tool.The program will begin to update the database (if internet connection is operational). Please wait a little bit.Follow the prompts and click Scan.Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.Please include the contents of that file in your reply. Scan with ZOEKPlease download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Right-click on icon and select Run as Administrator to start the tool.Wait patiently until the main console will appear, it may take a minute or two.In the main box please paste in the following script:createsrpoint;autoclean;process;services-list;systemspecs;startupall;skipfix-iedefaults;firefoxlook;chromelook;filesrcm;installedprogs;Make sure that Scan All Users option is checked.Push Run Script and wait patiently. The scan may take a couple of minutes.When the scan completes, a zoek-results logfile should open in notepad.If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)Please include its content in your next reply.Don't forget to re-enable your switched-off protection software! Link to post Share on other sites More sharing options...
Plumas Posted October 19, 2014 Author ID:892597 Share Posted October 19, 2014 Naat: These were all run successfully and I now have lots more log files for you to read. Thanks again for your persistence with this problem! Plumas ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.3.3 (10.14.2014:1)OS: Windows 7 Professional x64Ran by Hillside3 on Sun 10/19/2014 at 13:38:50.38~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{03EFEAF8-1D95-484D-9ABF-A78F7C741786}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{07D32E21-A816-4ED9-8D36-BC2D6F74ECC3}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{081A2132-9003-4C61-92FA-473B0D4610A3}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{0DAD35B4-8BAB-4D65-9A3E-E7C3FC0238FB}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{16B334B9-BE2E-4118-9A27-5866E83D7D59}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{1D17C724-4654-432D-B1F6-60F7353EDBA3}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{1D86BFA3-2600-4668-BD54-73413F2EAD43}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{28808C0F-0E8A-4289-A985-EEA43DC53C31}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{3BCC7CC0-7F8E-4D47-ADDC-0C613CA16A8A}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{3E8143F4-CBC9-4552-ADB7-C0B5F4859F3B}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{4B4091AB-9551-4BDF-BCF6-2E8475BEF75C}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{4D7A2A9F-4EBA-4D85-BD13-C7BC5AA5749B}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{4E1B2C4C-7D4E-4695-80C1-36187BED75C8}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{541A7FDB-32C4-49B1-B79E-4DA923102253}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{631CDC74-5D38-44A8-9D30-D08A7F90CB98}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{646A85F7-7A12-431F-8CBD-CBC6C1012680}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{65C94F16-847F-4618-9523-B28C34F23B8F}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{664DD132-F7DF-45B3-BE85-86B9CF561492}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{73E230C5-3410-4D03-8366-C09B113752B5}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{7896A771-7A27-49DD-BB19-42AD5EC2CA69}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{835F14F1-CCC6-48F6-B0A5-505C5D72A5C2}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{86F3A792-6813-4AA0-B6F6-B59FBCC9C05F}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{872539E6-A4CA-492F-A4F1-B479D59E9803}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{8EDB82B9-FEC5-4387-821A-B0C48944CE68}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{91D20DE2-7DEB-4084-9F52-B4D231A5BB07}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{96BDA3ED-9A64-486C-B277-C312E674564D}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{98081A86-8B67-4289-8704-58347DDCDE4D}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{99B3C03A-D807-4A3F-AF0D-D1BC18CF38DD}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{9C2321F0-CB65-44F4-A80F-AD93B8D31363}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{A221D3F6-C7E0-4C01-AA6F-722F9A058067}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{A7A9E30B-C4B0-4297-A8CE-F9130BAADA0F}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{ABC8873D-9CFA-4978-B63E-54A3F699A614}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{AF0DF366-E835-4632-81A6-5E69505F3A32}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{AF274023-19EE-429C-8BD9-30D5B591EAC2}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{B1CC33BC-2FB8-4CFB-B901-36EAC8560FAD}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{B281887B-9177-4DA3-8D53-93B6678732EE}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{C2476473-579F-4164-9098-0655C79EED98}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{C4E37727-B545-4E5C-A496-30E6FEB614A9}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{C4E9E341-6543-4C6B-BFBC-037E2D0169D3}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{D0344ED0-7C75-4ED3-9425-39AD95280A03}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{D0423994-561F-4F96-B38C-D52DDAC95842}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{D23FFFEC-19E2-4BCD-8092-DBF1E8D5E442}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{D3F567E4-AFA7-4D18-9B5C-06690154BB2C}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{DB811787-9484-4963-9CFB-E14BD032FE0D}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{E6517BF4-BB8C-49E3-A58B-FE8A8B4AB182}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{E89FF2A5-C972-423E-B8C5-D2F8437C4871}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{EAC16025-D115-4BE8-9099-B08C4BC557F2}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{EE2F87C7-3EA7-489C-932B-CA226DFE0190}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{F709BB78-9F61-4642-BB30-7BF9AFCE112C}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{F941CF21-0F82-4C33-8C73-DC0482DB1C56}Successfully deleted: [Empty Folder] C:\Users\Hillside3\appdata\local\{FE75C61D-616C-4AD7-BDDF-771956044B20} ~~~ FireFox Emptied folder: C:\Users\Hillside3\AppData\Roaming\mozilla\firefox\profiles\fabf13mb.default\minidumps [482 files] ~~~ Chrome Successfully deleted: [Folder] C:\Users\Hillside3\appdata\local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmkSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 10/19/2014 at 13:42:19.50End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v4.000 - Report created 19/10/2014 at 13:51:25# Updated 12/10/2014 by Xplode# Database : 2014-10-19.11# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : Hillside3 - HILLSIDE3-PC# Running from : C:\Users\Hillside3\Desktop\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\gpg8dfk4.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpiFile Found : C:\Users\Hillside3\AppData\Roaming\Mozilla\Firefox\Profiles\fabf13mb.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpiFolder Found : C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmkFolder Found : C:\Users\Emily\AppData\LocalLow\HPAppDataFolder Found : C:\Users\Geoffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmkFolder Found : C:\Users\Geoffrey\AppData\LocalLow\HPAppDataFolder Found : C:\Users\Public\Documents\Rocket ***** [ Scheduled Tasks ] ***** Task Found : BrowserDefendertTask Found : DSiteTask Found : EPUpdater ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}Key Found : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}Key Found : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}Key Found : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}Key Found : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}Key Found : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}Key Found : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}Key Found : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}Key Found : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}Key Found : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmkKey Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68} ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17344 -\\ Mozilla Firefox v32.0.3 (x86 en-US) -\\ Google Chrome v38.0.2125.104 Found [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}Found [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=19&gct=sb&qsrc=2869 ************************* AdwCleaner[R0].txt - [7703 octets] - [01/09/2013 08:49:53]AdwCleaner[R1].txt - [3601 octets] - [19/10/2014 13:51:26]AdwCleaner[s0].txt - [7833 octets] - [01/09/2013 08:51:06] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3721 octets] ########## Zoek.exe v5.0.0.0 Updated 19-10-2014Tool run by Hillside3 on Sun 10/19/2014 at 14:09:09.82.Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Hillside3\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 10/19/2014 2:13:59 PM Zoek.exe System Restore Point Created Succesfully. ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://my.yahoo.com/?mkg=015""Default_Search_URL"="http://srch-us4.hpwis.com/"[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]@="http://www.google.com/search?q=%s"[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]"SearchAssistant"="http://www.google.com/ie"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]"DefaultScope"="{C551CED0-A24B-4F52-AF50-0EC0A44A8A61}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"{0BC600DD-523F-4B59-A556-BFF92142AFA9} Yahoo! Search Url="http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7"{49606DC7-976D-4030-A74E-9FB5C842FA68} Unknown Url="Not_Found"{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"{C551CED0-A24B-4F52-AF50-0EC0A44A8A61} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGHP_enUS454" ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== EOF on Sun 10/19/2014 at 14:14:22.81 ====================== Link to post Share on other sites More sharing options...
Naathim Posted October 19, 2014 ID:892600 Share Posted October 19, 2014 This is not the full ZOEK scanfile. Could you re-run it? Link to post Share on other sites More sharing options...
Plumas Posted October 19, 2014 Author ID:892611 Share Posted October 19, 2014 Naat: Sorry about that -- I'm not sure I pasted in the script files the first time. Try the following... Plumas Zoek.exe v5.0.0.0 Updated 20-September-2014Tool run by Hillside3 on Sun 10/19/2014 at 14:30:06.18.Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64Running in: Normal Mode No Internet Access DetectedLaunched: C:\Users\Hillside3\Desktop\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2014-10-19-211422.log 2026 bytes ==== System Restore Info ====================== 10/19/2014 2:32:02 PM Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1263235551-3185265231-852751295-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0BC600DD-523F-4B59-A556-BFF92142AFA9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== 4500_G510nz_Help 4500G510nz 4500G510nz_Software_Min 64 Bit HP CIO Components Installer Accidental Damage Services Agreement Adobe Acrobat X Standard - English, Fran‡ais, Deutsch Adobe After Effects CS6 Adobe AIR Adobe Flash Player 15 ActiveX Adobe Flash Player 15 Plugin Adobe Help Manager Aleks 3.18 Amazon MP3 Downloader 1.0.17 ANT Drivers Installer x64 Apple Application Support Apple Mobile Device Support Apple Software Update ASIO4ALL ATI AVIVO64 Codecs ATI Catalyst Install Manager Audacity 1.3.13 (Unicode) Banctec Service Agreement Bonjour BufferChm CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon RAW Image Task for ZoomBrowser EX Canon Utilities CameraWindow Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Utilities Digital Photo Professional 3.3 Canon Utilities EOS Utility Canon Utilities MyCamera Canon Utilities PhotoStitch Canon Utilities Picture Style Editor Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities WFT-E1/E2/E3 Utility Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Catalyst Control Center - Branding Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Citrix Online Launcher Complete Care Business Service Agreement Consumer In-Home Service Agreement ConvertHelper 2.2 CyberLink PhotoNow CyberLink PowerDirector D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Backup and Recovery Manager Dell Edoc Viewer Dell Home Systems Service Agreement Destinations DeviceDiscovery DirectX 9 Runtime DocMgr DocProc Elevated Installer EPSON Copy Utility EPSON Photo Print EPSON Scan EPSON Scanner Reference Guide EPSON Smart Panel Fax FL Studio 10 Garmin Communicator Plugin Garmin Communicator Plugin x64 Garmin Express Garmin Express Tray Garmin USB Drivers Garmin WebUpdater Google Chrome Google Earth Google Update Helper GoToMeeting 6.4.3.1767 GPBaseService2 HP 40gs, 39gs, 39G+, 39G Calculator Connectivity Kit HP Customer Participation Program 13.0 HP Document Manager 2.0 HP Imaging Device Functions 13.0 HP Officejet 4500 G510n-z HP Smart Web Printing 4.5 HP Solution Center 13.0 HP Update HPDiagnosticAlert HPProductAssistant HPSSupply IL Download Manager ImageMixer 3 SE Ver.5 Transfer Utility ImageMixer 3 SE Ver.5 Video Tools Intel® Rapid Storage Technology iSEEK AnswerWorks English Runtime iTunes Java 7 Update 45 Java Auto Updater Java 6 Update 24 (64-bit) Junk Mail filter update K-Lite Codec Pack 9.9.5 (Basic) LAME v3.98.3 for Audacity LecShare Pro 1.57 LG United Mobile Driver Malwarebytes Anti-Malware version 2.0.3.1025 MarketResearch Mesh Runtime Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Business 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Mozilla Firefox 32.0.3 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) My Dell Network64 Norton 360 OCR Software by I.R.I.S. 13.0 PhotoShowExpress QualxServ Service Agreement Quicken 2011 Quicken 2014 QuickTime RBVirtualFolder64Inst Realtek High Definition Audio Driver Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Roxio File Backup ScanToWeb Seagate DiscWizard Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2883013) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Shop for HP Supplies SmartWebPrinting SolutionCenter Sonic CinePlayer Decoder Pack Status Toolbox TrayApp Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition WebReg Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exeC:\Windows\SysWOW64\svchost.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exeC:\Program Files (x86)\CyberLink\Shared files\RichVideo.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exeC:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exeC:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exeC:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEC:\Users\Hillside3\Desktop\zoek.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\GUM6D34.tmp deletedC:\PROGRA~2\Yahoo! deletedC:\found.000 deletedC:\Users\Emily\AppData\Roaming\Yahoo! deletedC:\Users\Hillside3\AppData\Roaming\ZoomBrowser EX deletedC:\Users\Hillside3\AppData\Roaming\Yahoo! deletedC:\PROGRA~3\Package Cache deletedC:\Users\Hillside3\AppData\Local\avgchrome deletedC:\Windows\SysNative\config\systemprofile\Searches deletedC:\Windows\SysWow64\searchplugins deleted"C:\Windows\Installer\a3b737b.msi" deleted"C:\ProgramData\6x18ci8o48j057" deleted ==== System Specs ====================== Operating System: Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 64-bitManufacturer: Dell Inc. - Model: Vostro 460Install Date: 10/10/2011 6:07:24 PMLast Boot: 10/19/2014 1:47:25 PMProcessor: Intel® Core i7-2600 CPU @ 3.40GHzNumber of Processors: 8Work StationBootmode: Normal bootTotal RAM: 4078 MB (free 1891 MB - 46)Computername: HILLSIDE3-PCDomain: MSHOMEUser: Hillside3 (Administrator account)Local Disk: C:\ - NTFS - 1846 GB (free 1624 GB)Local Disk: D:\ - NTFS - 931 GB (free 548 GB)CD \ DVD Drive: E:\ CD \ DVD Drive: F:\ Removable Disk: G:\ - - GB (free GB)Removable Disk: H:\ - - GB (free GB)Removable Disk: I:\ - - GB (free GB)Removable Disk: J:\ - - GB (free GB)Bootdevice: \Device\HarddiskVolume3Windows update: Country: United States Language: ENU ==== System Specs (Software) ====================== Anti-Virus: Norton 360 On-access scanning disabled (Outdated)Anti-Spyware: Norton 360 disabled (Outdated)Anti-Spyware: Windows Defender disabled (Outdated)Firewall: Norton 360 disabledInternet Explorer Version: 11.0.9600.17358 Mozilla Firefox version: 32.0.3 (x86 en-US)Google Chrome version: 38.0.2125.104Sun Java version: 1.7.0_45 (32-bit) Sun Java version: 1.6.0_24 (64-bit) Flash Player version: 15.0.0.152 ==== Files Recently Created / Modified ====================== ====== C:\Windows ====2014-10-19 03:27:51 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe2014-10-19 03:27:51 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe2014-10-19 03:27:51 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe2014-10-19 03:27:51 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe2014-10-19 03:27:51 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe====== C:\Users\HILLSI~1\AppData\Local\Temp ====2014-10-19 20:38:09 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Hillside3\AppData\Local\Temp\jrt\libiconv2.dll2014-10-19 20:38:09 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Hillside3\AppData\Local\Temp\jrt\libintl3.dll2014-10-19 20:38:09 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Hillside3\AppData\Local\Temp\jrt\pcre3.dll2014-10-19 20:38:09 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Hillside3\AppData\Local\Temp\jrt\regex2.dll2014-10-19 20:38:09 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Hillside3\AppData\Local\Temp\jrt\erunt\ERUNT.EXE2014-10-12 16:54:48 E17B30D3B06DBC63E9E94DAE70290A35 787968 ----a-w- C:\Users\Hillside3\AppData\Local\Temp\sqlite3.dll====== Java Cache =========== C:\Windows\SysWOW64 =====2014-10-15 02:35:55 D5D5BBF6AA45D820BAA0BD1303B8AAF6 81560 ----a-w- C:\Windows\SysWOW64\mscories.dll2014-10-15 02:35:55 A139A5E6B34F136405B030EA04595A20 156824 ----a-w- C:\Windows\SysWOW64\mscorier.dll2014-10-15 02:35:55 8580484193CE0A0788830FBAB97CF13B 1131664 ----a-w- C:\Windows\SysWOW64\dfshim.dll2014-10-15 02:35:48 06FC8A93A4FA1F42A3D1D06694F2B339 419992 ----a-w- C:\Windows\SysWOW64\locale.nls2014-10-15 02:35:47 C7673B3F8BB35221B42D67BF7ADAFDFD 7168 ----a-w- C:\Windows\SysWOW64\KBDYAK.DLL2014-10-15 02:35:47 730B7C639957EA0BF37C1459831A1E19 6656 ----a-w- C:\Windows\SysWOW64\KBDRU1.DLL2014-10-15 02:35:47 72222991598E173BBE1429426926C020 7168 ----a-w- C:\Windows\SysWOW64\KBDTAT.DLL2014-10-15 02:35:47 45B308F20FEF040BD7321E85F69DF5E2 6656 ----a-w- C:\Windows\SysWOW64\KBDRU.DLL2014-10-15 02:35:47 2BD0519015E899A2FF52210CC5875F88 6656 ----a-w- C:\Windows\SysWOW64\KBDBASH.DLL2014-10-15 02:35:44 2C5D7D6C3C3E998306F0BFD7FF7114B9 744960 ----a-w- C:\Windows\SysWOW64\blackbox.dll2014-10-15 02:35:41 C1140AAB50F59C68394CE4C4046A9A8D 988160 ----a-w- C:\Windows\SysWOW64\drmv2clt.dll2014-10-15 02:35:38 152FCD9B979D70FDB703A28152B634EA 11411456 ----a-w- C:\Windows\SysWOW64\wmp.dll2014-10-15 02:35:38 089236B6EC2E6C52A1864B79A09D7690 617984 ----a-w- C:\Windows\SysWOW64\wmdrmsdk.dll2014-10-15 02:35:37 F50F1EBD832CA070E1717C2044806ECF 3208704 ----a-w- C:\Windows\SysWOW64\mf.dll2014-10-15 02:35:37 9153F819C855EBD72417DAE7C176CF50 442880 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll2014-10-15 02:35:37 776DBF61BA3E8FA64FFA052559A29174 195584 ----a-w- C:\Windows\SysWOW64\AudioSes.dll2014-10-15 02:35:37 1858EF9B8A1E334AC1262D664367F451 406016 ----a-w- C:\Windows\SysWOW64\drmmgrtn.dll2014-10-15 02:35:36 FDA08BEB01B0B0E372088DC21CBA73F3 3970488 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe2014-10-15 02:35:36 623E143F2DF17C0106A9988F5D7DC878 143872 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll2014-10-15 02:35:35 F8028D69DE63F180623D4444A39BAB3E 489984 ----a-w- C:\Windows\SysWOW64\evr.dll2014-10-15 02:35:35 E365C7B3EBB96451D3C9DF6B6B6900C2 179200 ----a-w- C:\Windows\SysWOW64\wintrust.dll2014-10-15 02:35:35 B18B9BD51C8D86596110B9ABD138B92F 3914680 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe2014-10-15 02:35:35 5C3BA07E215B4F693E7D78D6F4980D98 1329664 ----a-w- C:\Windows\SysWOW64\quartz.dll2014-10-15 02:35:34 8C147D67D4E75882DA88206DF098229A 354816 ----a-w- C:\Windows\SysWOW64\mfplat.dll2014-10-15 02:35:34 77F95AE51E834BAFE903912F7EBE825B 374784 ----a-w- C:\Windows\SysWOW64\AudioEng.dll2014-10-15 02:35:34 6BB12A7CA8779D96334B258548B071F5 1005056 ----a-w- C:\Windows\SysWOW64\cryptui.dll2014-10-15 02:35:34 6B07EE9C7668D2C704563DA838026828 81408 ----a-w- C:\Windows\SysWOW64\cryptsp.dll2014-10-15 02:35:34 454BF1E3B844306E764ADC0EA7B6E64C 1174528 ----a-w- C:\Windows\SysWOW64\crypt32.dll2014-10-15 02:35:33 60FBCF033FF42A40C916C01A962A8802 50176 ----a-w- C:\Windows\SysWOW64\rrinstaller.exe2014-10-15 02:35:33 534177269B23D1999DD1FCA50A396611 504320 ----a-w- C:\Windows\SysWOW64\msscp.dll2014-10-15 02:35:33 4F1FCBB6A312825B9A84F813E5093AE9 50688 ----a-w- C:\Windows\SysWOW64\appidapi.dll2014-10-15 02:35:33 4BA17820B97F1CAED69E5BE5F1BC7C96 265216 ----a-w- C:\Windows\SysWOW64\msnetobj.dll2014-10-15 02:35:33 20257A0BFB824B49055A6EEC29C72C03 103424 ----a-w- C:\Windows\SysWOW64\mfps.dll2014-10-15 02:35:32 E637A7187CAFB3EEEED0540CBEF27C8B 8192 ----a-w- C:\Windows\SysWOW64\spwmp.dll2014-10-15 02:35:32 D17954CA6343F43B62637F51996B4E95 23040 ----a-w- C:\Windows\SysWOW64\mfpmp.exe2014-10-15 02:35:32 A7DD5C1F29877A473265D4B98B3495ED 12625408 ----a-w- C:\Windows\SysWOW64\wmploc.DLL2014-10-15 02:35:32 9590D4F5699C176217A8CA2330E54D8A 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll2014-10-15 02:35:32 73AC4B12E706CD7D0447976507E50DBE 4096 ----a-w- C:\Windows\SysWOW64\msdxm.ocx2014-10-15 02:35:32 73AC4B12E706CD7D0447976507E50DBE 4096 ----a-w- C:\Windows\SysWOW64\dxmasf.dll2014-10-15 02:35:32 52096F5F476733F2E2725CF346FF373B 2048 ----a-w- C:\Windows\SysWOW64\mferror.dll2014-10-15 02:35:23 604C67F58747D6A333EA641BCCC2C842 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll2014-10-15 02:35:22 F91E55DA404B834648A3B0A2477C10DB 17484800 ----a-w- C:\Windows\SysWOW64\mshtml.dll2014-10-15 02:35:22 DF59F2510EDABBF216FA837D5D964106 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll2014-10-15 02:35:22 D78C4DB153874DB7AC6AA6A03BE38B66 331448 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll2014-10-15 02:35:22 BD66BA5A924DCC8392CFAEB67131A246 597504 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll2014-10-15 02:35:22 B89F5D2B3D3BC730FAB93CFCD931742F 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll2014-10-15 02:35:22 B5B1C277E46A5B0E2FC63E5FC5624CE5 365056 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll2014-10-15 02:35:22 97F2F82BF0B4AF86A85FFDD78DFDC87D 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-10-15 02:35:22 58EC068116BCE16A94B1B2C429A35E41 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb2014-10-15 02:35:22 3065FF6794A7FDC882F0DA8B6230AB6E 1190400 ----a-w- C:\Windows\SysWOW64\urlmon.dll2014-10-15 02:35:22 201EAFA3F17BE4990999C28657212D8E 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll2014-10-15 02:35:21 EF94FA1F3D90520CCA4AE65D639A9E62 11807232 ----a-w- C:\Windows\SysWOW64\ieframe.dll2014-10-15 02:35:21 B74B348D13134D67B4F68ADDDC76A447 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll2014-10-15 02:35:21 8FAA1E45198C4ECEC691326B7F5E71C5 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll2014-10-15 02:35:21 835807E2AC0A8FA15B9A2EA80E2D5169 2017280 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl2014-10-15 02:35:21 55A400FDB21D157E947A0EE65AEDB1B3 2187264 ----a-w- C:\Windows\SysWOW64\iertutil.dll2014-10-15 02:35:21 410BECCA3354D471E45344F0754CC0E4 243200 ----a-w- C:\Windows\SysWOW64\dxtrans.dll2014-10-15 02:35:21 158690737381C49120165A7F3F5D13EB 440320 ----a-w- C:\Windows\SysWOW64\ieui.dll2014-10-15 02:35:20 FBE852643EDEB9D6D6502AFE6017CD64 678400 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll2014-10-15 02:35:20 DF4BA130BD41F29A894E026E456B8481 454656 ----a-w- C:\Windows\SysWOW64\vbscript.dll2014-10-15 02:35:20 D03EB7605435FE24ADE670661A932651 4201472 ----a-w- C:\Windows\SysWOW64\jscript9.dll2014-10-15 02:35:20 AA103FEAD721863B86A1B1260948E662 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe2014-10-15 02:35:20 8E8E6E7B4CC27B92F40F74E29C1F6290 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll2014-10-15 02:35:20 7AE80F921027CF88CB9D0433088A3E55 1810944 ----a-w- C:\Windows\SysWOW64\wininet.dll2014-10-15 02:35:19 6D4DD5706C297234F457B9D9018C493F 61952 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll2014-10-15 02:35:19 2409C41081D657A3FABE3659BB989AFB 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll2014-10-15 02:33:35 3888D02CE6413C2A06D903DE1C778BF5 2363904 ----a-w- C:\Windows\SysWOW64\msi.dll2014-10-15 02:33:30 37C395C075E6FA66623C82DE50A8FAED 372736 ----a-w- C:\Windows\SysWOW64\rastls.dll2014-10-15 02:33:25 FD67683FBA9B2C4BB551780BD8846F64 157696 ----a-w- C:\Windows\SysWOW64\winsta.dll2014-10-15 02:33:25 DB1D6751689B4A7EE2439C64F2ADF1C9 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll2014-10-15 02:33:25 97896EE4254176CFDD9010B5B243B89F 131584 ----a-w- C:\Windows\SysWOW64\aaclient.dll2014-10-15 02:33:25 3ABACF6D4EBEA5EF3014FEFA1D8FF5F8 3221504 ----a-w- C:\Windows\SysWOW64\mstscax.dll2014-10-15 02:33:25 13829161C1297F4170A5546430147BBD 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll2014-10-15 02:33:25 0DBD0B4D4766CADEB8C30242A0611395 1051136 ----a-w- C:\Windows\SysWOW64\mstsc.exe2014-10-15 02:33:16 C120855C1133DF8FFD5E0C04A7E70B67 67072 ----a-w- C:\Windows\SysWOW64\packager.dll====== C:\Windows\SysWOW64\drivers =========== C:\Windows\Sysnative =====2014-10-15 02:35:57 5602D4C331FD7938ADE06D9242138922 3198976 ----a-w- C:\Windows\Sysnative\win32k.sys2014-10-15 02:35:55 50EC828370CB5F5E9FF08B10F1B701C8 73880 ----a-w- C:\Windows\Sysnative\mscories.dll2014-10-15 02:35:55 5083CC5456FE8A5D21ECF9E32ACC779F 1943696 ----a-w- C:\Windows\Sysnative\dfshim.dll2014-10-15 02:35:55 2D6C77A3DB3D8EE00FB55834A67E4073 156312 ----a-w- C:\Windows\Sysnative\mscorier.dll2014-10-15 02:35:49 06FC8A93A4FA1F42A3D1D06694F2B339 419992 ----a-w- C:\Windows\Sysnative\locale.nls2014-10-15 02:35:47 EA21295A386C6DB2A2A90E657B37C5F4 7168 ----a-w- C:\Windows\Sysnative\KBDYAK.DLL2014-10-15 02:35:47 BE67D99EDA34A68B827868371B5529AD 7168 ----a-w- C:\Windows\Sysnative\KBDTAT.DLL2014-10-15 02:35:47 920B5C1CC0BAB6E574297BC3D945DA31 7168 ----a-w- C:\Windows\Sysnative\KBDBASH.DLL2014-10-15 02:35:47 80EDA24B00478FA795F90DFA09C12E86 7168 ----a-w- C:\Windows\Sysnative\KBDRU1.DLL2014-10-15 02:35:47 353C4A38042819CA83AEFC6F2E7051CD 6656 ----a-w- C:\Windows\Sysnative\KBDRU.DLL2014-10-15 02:35:44 EF86A7118A3950F03B364FAC93A08E96 1202176 ----a-w- C:\Windows\Sysnative\drmv2clt.dll2014-10-15 02:35:44 2F5AF776A7B24C6B82D20B5F3179B235 842240 ----a-w- C:\Windows\Sysnative\blackbox.dll2014-10-15 02:35:39 73D3B2408952890DE8157EAA014B9A52 14632960 ----a-w- C:\Windows\Sysnative\wmp.dll2014-10-15 02:35:38 FE4ABDE0BC70BF9F82531FDB416C4B4E 4120576 ----a-w- C:\Windows\Sysnative\mf.dll2014-10-15 02:35:38 87222A707545E783D9FAE7940645A2C3 500224 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll2014-10-15 02:35:38 868FE3B478D05A225D27A28E933CE33C 782848 ----a-w- C:\Windows\Sysnative\wmdrmsdk.dll2014-10-15 02:35:38 5807843607013D16EEEDC15DA4AA83E7 497664 ----a-w- C:\Windows\Sysnative\drmmgrtn.dll2014-10-15 02:35:37 DA9AF4793B4874BE0BE28170DB890CDF 440832 ----a-w- C:\Windows\Sysnative\AudioEng.dll2014-10-15 02:35:37 D382414098819BA8A0C2A5F362A710DC 5551032 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe2014-10-15 02:35:37 C2664AA33B7127C737FC5612EBEB4DE9 619056 ----a-w- C:\Windows\Sysnative\winload.exe2014-10-15 02:35:37 999A7FD4D9F8B1656F1167D94743E50A 457400 ----a-w- C:\Windows\Sysnative\ci.dll2014-10-15 02:35:37 8F3FE4C327D30629266F1F0650C2E910 1574400 ----a-w- C:\Windows\Sysnative\quartz.dll2014-10-15 02:35:37 84396ACFCF981E2CBFACD084DF1271B9 616352 ----a-w- C:\Windows\Sysnative\winresume.efi2014-10-15 02:35:37 7FC292D1527EDFEBA2576B6789DE6AB5 229376 ----a-w- C:\Windows\Sysnative\wintrust.dll2014-10-15 02:35:37 73D81B5B4B2655CB1B5662E770F755D5 532176 ----a-w- C:\Windows\Sysnative\winresume.exe2014-10-15 02:35:37 19D511CC455C19DE1ADF60E6C39C85B6 187904 ----a-w- C:\Windows\Sysnative\cryptsvc.dll2014-10-15 02:35:37 00B454421642EF68B7A17D2C153920E2 693176 ----a-w- C:\Windows\Sysnative\winload.efi2014-10-15 02:35:36 F06D511B37BB101A7951A1837224B7A5 631808 ----a-w- C:\Windows\Sysnative\evr.dll2014-10-15 02:35:36 6B381E24EC6A6519DC0A67F1DF5EF82C 284672 ----a-w- C:\Windows\Sysnative\EncDump.dll2014-10-15 02:35:36 08835F1772B58DE4C3AAF604760276A5 1480192 ----a-w- C:\Windows\Sysnative\crypt32.dll2014-10-15 02:35:35 C92075D9FFC8429E6CA1279EA8D25722 296448 ----a-w- C:\Windows\Sysnative\AudioSes.dll2014-10-15 02:35:35 81A2008198A6E450E4BC7EF361154C8A 1069056 ----a-w- C:\Windows\Sysnative\cryptui.dll2014-10-15 02:35:35 4BE4D8091FBE4DE496B3EFBA206F29AE 432128 ----a-w- C:\Windows\Sysnative\mfplat.dll2014-10-15 02:35:35 2C1B6A64294F2182DC4999F923873974 679424 ----a-w- C:\Windows\Sysnative\audiosrv.dll2014-10-15 02:35:34 D9A61370B40ABAA9F509113504CD8425 82432 ----a-w- C:\Windows\Sysnative\cryptsp.dll2014-10-15 02:35:34 724EE88C7003974720087A4344331FC1 503808 ----a-w- C:\Windows\Sysnative\srcore.dll2014-10-15 02:35:34 6F86A81133E8D468DDBE74E2A96CEA03 641024 ----a-w- C:\Windows\Sysnative\msscp.dll2014-10-15 02:35:34 256390425414F90FCBC12F525A84EB11 188416 ----a-w- C:\Windows\Sysnative\pcasvc.dll2014-10-15 02:35:33 F71CA01C24FC3798A717B5A6F682F9AD 32256 ----a-w- C:\Windows\Sysnative\appidsvc.dll2014-10-15 02:35:33 F4F4D51214FEC718D798CA4FF7629FC5 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe2014-10-15 02:35:33 D79539E35A0F4A1A6E5DC9A268696DC5 146944 ----a-w- C:\Windows\Sysnative\appidpolicyconverter.exe2014-10-15 02:35:33 D179B4872554CFFD5621FD76E4469C81 325632 ----a-w- C:\Windows\Sysnative\msnetobj.dll2014-10-15 02:35:33 AB2EB93A982A2C26BA3E4D2D65328804 24576 ----a-w- C:\Windows\Sysnative\mfpmp.exe2014-10-15 02:35:33 A8DDFADCA566D4EA38C9DA928D14A658 126464 ----a-w- C:\Windows\Sysnative\audiodg.exe2014-10-15 02:35:33 9797A23F773C0782A0D91BEC44054166 206848 ----a-w- C:\Windows\Sysnative\mfps.dll2014-10-15 02:35:33 68E09E7CD4DC52F132A4B492ACE8C243 55808 ----a-w- C:\Windows\Sysnative\rrinstaller.exe2014-10-15 02:35:33 01C98E5902E428D5C7EA136895FAEF4C 58880 ----a-w- C:\Windows\Sysnative\appidapi.dll2014-10-15 02:35:32 C15F3DF9122C70F42AC6D66CBC90918B 63488 ----a-w- C:\Windows\Sysnative\setbcdlocale.dll2014-10-15 02:35:32 B86AE91A441FA81CFFF2B53F2A1BF123 17920 ----a-w- C:\Windows\Sysnative\appidcertstorecheck.exe2014-10-15 02:35:32 855056F06F3677063DB2CC51899BC216 5120 ----a-w- C:\Windows\Sysnative\msdxm.ocx2014-10-15 02:35:32 855056F06F3677063DB2CC51899BC216 5120 ----a-w- C:\Windows\Sysnative\dxmasf.dll2014-10-15 02:35:32 71EF970D853661A6BAFBD45C36714FEC 12625920 ----a-w- C:\Windows\Sysnative\wmploc.DLL2014-10-15 02:35:32 63578DB847FCC40883CB8F303E785D46 2048 ----a-w- C:\Windows\Sysnative\mferror.dll2014-10-15 02:35:32 5C90E1F072AF0579620B500DA14588C3 9728 ----a-w- C:\Windows\Sysnative\spwmp.dll2014-10-15 02:35:32 310A2A61A5588D932002F83651188C9E 50176 ----a-w- C:\Windows\Sysnative\srclient.dll2014-10-15 02:35:24 974F83636F841739FEA5CC6219BFB241 276480 ----a-w- C:\Windows\Sysnative\generaltel.dll2014-10-15 02:35:23 767D478BB4B2F84B47B3C0956E6A5A05 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll2014-10-15 02:35:23 510D5492BCA9E63E10E3CE0285965722 507392 ----a-w- C:\Windows\Sysnative\aepdu.dll2014-10-15 02:35:22 DD8E9C85F9F428859713055183661956 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll2014-10-15 02:35:22 C109D5136DF0A6CA668C7AD888AA125F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb2014-10-15 02:35:22 739D9C9F220CCEDAFD8212C6B976B60D 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll2014-10-15 02:35:22 4D21F4FDF57DF86FAD9149ED1C071D15 72704 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll2014-10-15 02:35:22 29C0530E0F120AC3E583889DCD6A63DD 710656 ----a-w- C:\Windows\Sysnative\ie4uinit.exe2014-10-15 02:35:21 E9109E91BB8366759822DC2FC9B5DA8B 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe2014-10-15 02:35:21 DAF317E9F4CEC206D0D443014A427341 446464 ----a-w- C:\Windows\Sysnative\dxtmsft.dll2014-10-15 02:35:21 B07E9AFF50DC007E7D5AC54736AA5A25 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll2014-10-15 02:35:21 87D14AF9A2C3F3D5233B613CFA9C321D 378552 ----a-w- C:\Windows\Sysnative\iedkcs32.dll2014-10-15 02:35:21 45B736E3184B68515FDB71D4083A9BCF 731136 ----a-w- C:\Windows\Sysnative\msfeeds.dll2014-10-15 02:35:21 0F5A279522FA6A30C9C5A297A1064933 1447936 ----a-w- C:\Windows\Sysnative\urlmon.dll2014-10-15 02:35:20 BE37AA454460539877420951EEA16EF0 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll2014-10-15 02:35:20 646C004F58AA4762F92BF7C595216C37 2108416 ----a-w- C:\Windows\Sysnative\inetcpl.cpl2014-10-15 02:35:20 050FD78BA4EFA62417F61F4C098B5B25 2796032 ----a-w- C:\Windows\Sysnative\iertutil.dll2014-10-15 02:35:20 0467A4DDA6B2CE8E27A8178BF035BA18 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll2014-10-15 02:35:19 F9FA80C1CB6EAC55A7F534937F6AC4E4 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe2014-10-15 02:35:19 A2105E46DC9CE38A1D57FB124436E1BC 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll2014-10-15 02:35:19 98241BE7EB26C41562D33393DD12608F 289280 ----a-w- C:\Windows\Sysnative\dxtrans.dll2014-10-15 02:35:19 88D2165E07CEDC3F34CBE1A5A807673D 595968 ----a-w- C:\Windows\Sysnative\ieui.dll2014-10-15 02:35:19 7E60EE8A68F7270D1E1662CBA275D4FA 13619200 ----a-w- C:\Windows\Sysnative\ieframe.dll2014-10-15 02:35:19 70527367E5779C3537992F0768D9C59A 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll2014-10-15 02:35:18 EB710A3AF29BEC4EE7475A1ED5C575DE 195584 ----a-w- C:\Windows\Sysnative\msrating.dll2014-10-15 02:35:18 DB101A62F9BF8E7765685950169EF52B 758272 ----a-w- C:\Windows\Sysnative\jscript9diag.dll2014-10-15 02:35:18 D3B07C2FABEAE749E4E51F1E93CABA23 5829632 ----a-w- C:\Windows\Sysnative\jscript9.dll2014-10-15 02:35:18 9D98D4F390F0B14A782F3B931E613A1A 2309632 ----a-w- C:\Windows\Sysnative\wininet.dll2014-10-15 02:35:18 328143D6BC5951E1797BD524C4E98CDC 547328 ----a-w- C:\Windows\Sysnative\vbscript.dll2014-10-15 02:35:18 30FB9ABB6C45C3299CFA5F556904DD5F 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll2014-10-15 02:35:18 2E5AF1507CBE735B4D7EBFF1908EA0E1 775168 ----a-w- C:\Windows\Sysnative\ieapfltr.dll2014-10-15 02:35:17 7415B29AFE2E4494A57358B8C7E78600 23631360 ----a-w- C:\Windows\Sysnative\mshtml.dll2014-10-15 02:35:17 15847E14811FEDDF77E934AF4F0BEF45 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe2014-10-15 02:33:35 ADD3F2C3E6B89BD16D4BFC61B3658DD9 3241472 ----a-w- C:\Windows\Sysnative\msi.dll2014-10-15 02:33:31 DD7C31F12936795C0516BB6C59CBCCD8 424448 ----a-w- C:\Windows\Sysnative\rastls.dll2014-10-15 02:33:25 C23B6D9D16FD86F446BE607CA18389D9 235520 ----a-w- C:\Windows\Sysnative\winsta.dll2014-10-15 02:33:25 85E03B6E05939845BC924C91AEDE0E24 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll2014-10-15 02:33:25 8516703179C3BDE90A3ED31B9EC16F8D 1118720 ----a-w- C:\Windows\Sysnative\mstsc.exe2014-10-15 02:33:25 560CF90C026C0FE51CC6820302FF94FE 22016 ----a-w- C:\Windows\Sysnative\credssp.dll2014-10-15 02:33:25 4FC4C50985E5B840F4D72E57286887B8 681984 ----a-w- C:\Windows\Sysnative\termsrv.dll2014-10-15 02:33:25 467D0E831D6DF8DA16BF856D0537A153 3722240 ----a-w- C:\Windows\Sysnative\mstscax.dll2014-10-15 02:33:25 0374D83D003043E7DE33036294A2EFAE 150528 ----a-w- C:\Windows\Sysnative\rdpcorekmts.dll2014-10-15 02:33:16 1DB68B8A1E3BDE3C19F1D3612CE436CA 77312 ----a-w- C:\Windows\Sysnative\packager.dll====== C:\Windows\Sysnative\drivers =====2014-10-18 22:38:53 AC7E21145B9348BFC1B1DEC7BC238B3F 27256 ----a-w- C:\Windows\Sysnative\drivers\FixZeroAccess.sys2014-10-15 02:35:37 946010CDFA91469351B22E2620CEBCD8 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys2014-10-15 02:35:33 80B9412C4DE09147581FC935FB4C97AB 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys2014-10-15 02:33:25 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys2014-10-15 02:33:25 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys====== C:\Windows\Tasks ============ C:\Windows\Temp ============= C:\Program Files ============ C:\PROGRA~2 ============ C: =========== C:\Users\Hillside3\AppData\Roaming ======2014-10-19 04:06:18 -------- d-----w- C:\Users\Sounds\AppData\Local\temp2014-10-19 04:06:18 -------- d-----w- C:\Users\Public\AppData\Local\temp2014-10-19 04:06:18 -------- d-----w- C:\Users\Pat&Car\AppData\Local\temp2014-10-19 04:06:18 -------- d-----w- C:\Users\Pat&Ca\AppData\Local\temp2014-10-19 04:06:18 -------- d-----w- C:\Users\Owner\AppData\Local\temp2014-10-19 04:06:18 -------- d-----w- C:\Users\Help\AppData\Local\temp2014-10-19 04:06:18 -------- d-----w- C:\Users\Geoffrey\AppData\Local\temp2014-10-19 04:06:18 -------- d-----w- C:\Users\Emily\AppData\Local\temp2014-10-19 04:06:18 -------- d-----w- C:\Users\Default\AppData\Local\temp2014-10-19 04:06:18 -------- d-----w- C:\Users\Default User\AppData\Local\temp2014-10-19 04:06:18 -------- d-----w- C:\Users\Database\AppData\Local\temp2014-10-19 04:06:18 -------- d-----w- C:\Users\Bitmaps\AppData\Local\temp2014-10-19 04:06:18 -------- d-----w- C:\Users\Administrator\AppData\Local\temp====== C:\Users\Hillside3 ======2014-10-19 20:37:53 3F5D9D75F6523CB30924999EDFDAD28B 1705698 ----a-w- C:\Users\Hillside3\Desktop\JRT.exe2014-10-19 20:32:46 590AE97695A21AE8FA5B419BE3E13452 1976320 ----a-w- C:\Users\Hillside3\Desktop\AdwCleaner.exe2014-10-19 20:32:03 3F5D9D75F6523CB30924999EDFDAD28B 1705698 ----a-w- C:\Users\Hillside3\Downloads\JRT.exe2014-10-19 04:06:18 -------- d-----w- C:\Users\Public\AppData ====== C: exe-files ==2014-10-19 17:52:23 68270679465EC5A66B65489C6E44AD64 11100752 ----a-w- C:\Program Files (x86)\Google\Update\Install\{AE73F646-5CE6-4111-92C9-585C4682CE0C}\38.0.2125.104_37.0.2062.124_chrome_updater.exe2014-10-19 17:52:23 68270679465EC5A66B65489C6E44AD64 11100752 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\38.0.2125.104\38.0.2125.104_37.0.2062.124_chrome_updater.exe2014-10-19 17:46:33 821E577AB0B119278BD1940FEF224DDA 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateBroker.exe2014-10-19 17:46:33 4067DC9EA0640485F1CF395427FD5E9B 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe2014-10-19 17:46:31 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateSetup.exe2014-10-19 17:46:21 976D5F35A058340DA2C160CEC4063C4B 230792 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe2014-10-19 17:46:21 26E37D5EAC3F1CF66587183AB348168C 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateComRegisterShell64.exe2014-10-19 17:46:21 047556104954A72A2222FFF169166EEE 285064 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe2014-10-19 17:46:19 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdate.exe2014-10-19 17:46:15 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.5\GoogleUpdateSetup.exe2014-10-19 17:20:13 BD1764DAA1D7B303B4E44B31FB03F4C2 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1263235551-3185265231-852751295-1000\$IUU4CR0.exe2014-10-19 17:20:13 3C70A41808CC19ABEF8F659E251B93EA 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1263235551-3185265231-852751295-1000\$IXX34NF.exe2014-10-19 17:20:13 024F5C254E87E958C6315CB6218678B3 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1263235551-3185265231-852751295-1000\$I0XNWHB.exe2014-10-19 17:17:28 53A41DD2E833F8379994D78BF5F1AEA7 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1263235551-3185265231-852751295-1000\$I1FQ1MQ.exe2014-10-19 14:57:21 F89DB7363856EFF54C4E490F51ED341F 2112000 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1263235551-3185265231-852751295-1000\$R1FQ1MQ.exe2014-10-19 03:09:30 C3EA49297086B1B20027649CFB436225 5583559 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1263235551-3185265231-852751295-1000\$RUU4CR0.exe2014-10-18 20:58:04 CCDBAACBB8B3DB7CCA77709022393A76 127737592 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1263235551-3185265231-852751295-1000\$RXX34NF.exe2014-10-18 16:27:38 0DE7C31D176F9DDEBBB052C654B9806B 3060320 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1263235551-3185265231-852751295-1000\$R0XNWHB.exe2014-10-15 02:35:32 E017E313FB86FDD356D3F15A7024B4F2 102400 ----a-w- C:\Program Files\Windows Media Player\wmpconfig.exe2014-10-15 02:35:32 D5F60B28FB5F9210AD9827FEB47B1AF2 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe2014-10-15 02:35:32 B56E64D20C205B219C717496E00303D0 101888 ----a-w- C:\Program Files (x86)\Windows Media Player\wmpconfig.exe2014-10-15 02:35:32 AC3B58FFD38D515DE923C63C2ACDFD54 102400 ----a-w- C:\Program Files (x86)\Windows Media Player\wmpshare.exe2014-10-15 02:35:32 686A215E51F5FF66B529AF7AA940EAE3 102912 ----a-w- C:\Program Files\Windows Media Player\wmpshare.exe2014-10-15 02:35:32 0786D45A6F41F075E20A18E2F7285BA0 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe2014-10-15 02:35:22 6B9FDB34A5A490FF6A7EDE280062626A 810680 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe2014-10-15 02:35:22 54C9747BB0A64F4D9D401E4648363386 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe2014-10-15 02:35:21 F9F310F9FB7F294F00ABDD03453D8CEE 812736 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe2014-10-15 02:35:21 649E8F572EC0D929F4EED13A53AC0475 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe2014-10-15 02:35:21 53E24F2DB97EFAF85FE093AA254790EC 470528 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe2014-10-15 02:35:20 C876F8303AA30481A36FE2AACDE77671 483840 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe=== C: other files ==2014-10-19 20:38:09 FC1F36A7844235BACFE12DF3FD486026 14957 ----a-w- C:\Users\Hillside3\AppData\Local\Temp\jrt\get.bat2014-10-19 20:38:09 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\Hillside3\AppData\Local\Temp\jrt\prelim.bat2014-10-19 20:38:09 E5E1041DE1DBDDF20D704BA894BEAD05 183929 ----a-w- C:\Users\Hillside3\AppData\Local\Temp\jrt\misc.bat2014-10-19 20:38:09 E01FF880FC345F56C61E80C91FA03687 9384 ----a-w- C:\Users\Hillside3\AppData\Local\Temp\jrt\runvalues.bat2014-10-19 20:38:09 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Hillside3\AppData\Local\Temp\jrt\TDL4.bat2014-10-19 20:38:09 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Hillside3\AppData\Local\Temp\jrt\medfos.bat2014-10-19 20:38:09 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\Hillside3\AppData\Local\Temp\jrt\surfvox.bat2014-10-19 20:38:09 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Hillside3\AppData\Local\Temp\jrt\searchlnk.bat2014-10-19 20:38:09 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Hillside3\AppData\Local\Temp\jrt\firefox.bat2014-10-19 20:38:09 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Hillside3\AppData\Local\Temp\jrt\ev_clear.bat2014-10-19 20:38:09 4D80C7010E2CE44AB25FA25B013649E4 8085 ----a-w- C:\Users\Hillside3\AppData\Local\Temp\jrt\mws.bat2014-10-19 20:38:09 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Hillside3\AppData\Local\Temp\jrt\ask.bat2014-10-19 20:38:09 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Hillside3\AppData\Local\Temp\jrt\iexplore.bat2014-10-19 20:38:09 1EFD82B5DDC672FE3D2AFE731898BAF4 14044 ----a-w- C:\Users\Hillside3\AppData\Local\Temp\jrt\chrome.bat2014-10-19 20:38:09 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Hillside3\AppData\Local\Temp\jrt\delfolders.bat2014-10-19 17:20:13 AC8DDC79E6DBAC93F811A783409129B7 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1263235551-3185265231-852751295-1000\$IJAUDK5.com2014-10-18 23:31:03 8B968045D75783A09592C3105F2865DA 688992 ----a-r- C:\$RECYCLE.BIN\S-1-5-21-1263235551-3185265231-852751295-1000\$RJAUDK5.com ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-21-1263235551-3185265231-852751295-1000\Software\Microsoft\Windows\CurrentVersion\Run]"Adobe Acrobat Synchronizer"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe""GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe""StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun""Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe""Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe""Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe""RoxWatchTray"="C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe""Desktop Disc Tool"="C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe""APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe""UpdatePDRShortCut"="C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\PowerDirector UpdateWithCreateOnce Software\CyberLink\PowerDirector\8.0""HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe""DiscWizardMonitor.exe"="C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe""SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe""iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"Adobe Acrobat Synchronizer"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe""GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s""DBRMTray"="C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe""Seagate Scheduler2 Service"="C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe""AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"DBRMTray"="C:\Dell\DBRM\Reminder\TrayApp.exe" ==== Startup Folders ====================== 2014-02-01 19:01:50 2101 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk2011-10-30 15:56:37 1070 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.5.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/23/2014 05:44 PM]C:\Windows\tasks\G2MUpdateTask-S-1-5-21-1263235551-3185265231-852751295-1000.job --a------ C:\Users\Hillside3\AppData\Local\Citrix\GoToMeeting\1767\g2mupdate.exe [09/28/2014 02:44 PM]C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/19/2014 10:46 AM]C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/19/2014 10:46 AM]C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1263235551-3185265231-852751295-1003Core.job --a------ C:\Users\Emily\AppData\LoC:al\Google\Update\GoogleUpdate.exe []C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1263235551-3185265231-852751295-1003UA.job --a------ C:\Users\Emily\AppData\LoC:al\Google\Update\GoogleUpdate.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Hillside3-PC-Hillside3" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]"C:\Windows\SysNative\tasks\G2MUpdateTask-S-1-5-21-1263235551-3185265231-852751295-1000" [C:\Users\Hillside3\AppData\Local\Citrix\GoToMeeting\1767\g2mupdate.exe]"C:\Windows\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe]"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1263235551-3185265231-852751295-1003Core" [C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe]"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1263235551-3185265231-852751295-1003UA" [C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe]"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe"]"C:\Windows\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\My Dell\sessionchecker.exe"]"C:\Windows\SysNative\tasks\PCDoctorBackgroundMonitorTask" ["C:\Program Files\My Dell\uaclauncher.exe"]"C:\Windows\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"]"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]"C:\Windows\SysNative\tasks\Norton 360\Norton Error Analyzer" [C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe]"C:\Windows\SysNative\tasks\Norton 360\Norton Error Processor" [C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe]"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\SymErr.exe]"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\SymErr.exe]"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn" [10/19/2014 01:49 PM][HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [02/01/2014 12:03 PM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\gpg8dfk4.default- Easy YouTube Video Downloader - %ProfilePath%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi ProfilePath: C:\Users\Geoffrey\AppData\Roaming\Mozilla\Firefox\Profiles\n5us4w05.default- Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn ProfilePath: C:\Users\HILLSI~1\AppData\Roaming\Mozilla\Firefox\Profiles\fabf13mb.default- Garmin Communicator - C:\Users\Hillside3\AppData\Roaming\Mozilla\Firefox\Profiles\fabf13mb.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}- DownloadHelper - C:\Users\Hillside3\AppData\Roaming\Mozilla\Firefox\Profiles\fabf13mb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}- Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn- Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}- Easy YouTube Video Downloader - %ProfilePath%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Hillside3\AppData\Roaming\Mozilla\Firefox\Profiles\fabf13mb.defaultDFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave FlashE3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Hillside3\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104 ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsiikflkcanblccfahdhdonehdalibjnif - No path found[] YouTube - Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeoGoogle Search - Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpfNorton Identity Protection - Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmkGoogle Wallet - Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmiedaGmail - Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaediaGoogle Docs - Geoffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokakeGoogle Drive - Geoffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalfGoogle Voice Search Hotword (Beta) - Geoffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfnYouTube - Geoffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeoGoogle Search - Geoffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpfNorton Identity Protection - Geoffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmkGoogle Wallet - Geoffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmiedaGmail - Geoffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaediaGoogle Voice Search Hotword (Beta) - Hillside3\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfnYouTube - Hillside3\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeoGoogle Search - Hillside3\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpfNorton Identity Safe - Hillside3\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnifGoogle Wallet - Hillside3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmiedaGmail - Hillside3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaediaDefaultTab - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc ==== Chromium Startpages ====================== C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Preferences"homepage": "http://www.google.com/","urls_to_restore_on_startup": [ "http://www.google.com/" ] ==== Chromium Fix ====================== C:\Users\Hillside3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.live-lyrics.com_0.localstorage deleted successfullyC:\Users\Hillside3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.live-lyrics.com_0.localstorage-journal deleted successfullyC:\Users\Hillside3\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfullyC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://my.yahoo.com/?mkg=015""Default_Search_URL"="http://srch-us4.hpwis.com/"[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]@="http://www.google.com/search?q=%s"[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]"SearchAssistant"="http://www.google.com/ie" New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896""Start Page"="http://www.google.com"[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]"(Default)"="http://search.msn.com/results.asp?q=%s"[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{C551CED0-A24B-4F52-AF50-0EC0A44A8A61}"{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"{49606DC7-976D-4030-A74E-9FB5C842FA68} Unknown Url="Not_Found"{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"{C551CED0-A24B-4F52-AF50-0EC0A44A8A61} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGHP_enUS454" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1263235551-3185265231-852751295-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} deleted successfullyHKEY_USERS\S-1-5-21-1263235551-3185265231-852751295-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} deleted successfullyHKEY_USERS\S-1-5-21-1263235551-3185265231-852751295-1000\Software\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68} deleted successfullyHKEY_CLASSES_ROOT\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} deleted successfullyHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{22C7F6C6-8D67-4534-92B5-529A0EC09405} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E85CE1EACA2B95944A2C3C28202A2593 deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfullyHKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AE1EC58E-B2AC-4959-A4C2-C38202A25239} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E85CE1EACA2B95944A2C3C28202A2593 deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Emily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Emily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\Geoffrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Geoffrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\Hillside3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Hillside3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\Pat&Ca\Local Settings\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Pat&Car\Local Settings\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Emily\AppData\Local\Mozilla\Firefox\Profiles\gpg8dfk4.default\Cache emptied successfullyC:\Users\Geoffrey\AppData\Local\Mozilla\Firefox\Profiles\n5us4w05.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\Geoffrey\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\Hillside3\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=88 folders=34 54844581 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\temp emptied successfullyC:\Users\Bitmaps\AppData\Local\temp emptied successfullyC:\Users\Database\AppData\Local\temp emptied successfullyC:\Users\Default\AppData\Local\temp emptied successfullyC:\Users\Default User\AppData\Local\temp emptied successfullyC:\Users\Emily\AppData\Local\temp emptied successfullyC:\Users\Geoffrey\AppData\Local\temp emptied successfullyC:\Users\Help\AppData\Local\temp emptied successfullyC:\Users\Hillside3\AppData\Local\Temp will be emptied at rebootC:\Users\Owner\AppData\Local\temp emptied successfullyC:\Users\Pat&Ca\AppData\Local\temp emptied successfullyC:\Users\Pat&Car\AppData\Local\temp emptied successfullyC:\Users\Public\AppData\Local\temp emptied successfullyC:\Users\Sounds\AppData\Local\temp emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptiedC:\Users\HILLSI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Sun 10/19/2014 at 14:59:55.69 ====================== Link to post Share on other sites More sharing options...
Naathim Posted October 20, 2014 ID:892727 Share Posted October 20, 2014 Hi Now that's what I call a good logfile. Update me please what issues remain. Scan with Farbar Recovery Scan ToolPlease re-run Farbar Recovery Scan Tool.Right-click on icon and select Run as Administrator to start the tool.> XP users click run after receipt of Windows Security Warning - Open File.> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content in your next reply. Link to post Share on other sites More sharing options...
Plumas Posted October 20, 2014 Author ID:892905 Share Posted October 20, 2014 Hi Naat: Following is the updated Farbar logfile. I will post the addition.txt in a separate post.. Best, Plumas Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014Ran by Hillside3 (administrator) on HILLSIDE3-PC on 20-10-2014 06:25:50Running from C:\Users\Hillside3\DesktopLoaded Profile: Hillside3 (Available profiles: Hillside3 & Emily & Geoffrey & Administrator)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Microsoft Corporation) C:\Windows\System32\taskmgr.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)HKLM\...\Run: [seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [395152 2011-06-30] (Seagate)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-04] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)HKLM-x32\...\Run: [updatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [2638152 2011-06-30] (Seagate)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)HKU\S-1-5-21-1263235551-3185265231-852751295-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1104288 2014-09-04] (Adobe Systems Incorporated)HKU\S-1-5-21-1263235551-3185265231-852751295-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.5.lnkShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.5.lnk -> C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmlStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKCU - DefaultScope {C551CED0-A24B-4F52-AF50-0EC0A44A8A61} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGHP_enUS454SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {C551CED0-A24B-4F52-AF50-0EC0A44A8A61} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGHP_enUS454BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileToolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No FileDPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cabDPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cabDPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CABHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg.dll No FileHandler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg32.dll No FileTcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF ProfilePath: C:\Users\Hillside3\AppData\Roaming\Mozilla\Firefox\Profiles\fabf13mb.defaultFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Hillside3\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll (Amazon.com, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\MyCamera.dll (CANON INC.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPCIG.dll (CANON INC.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)FF Extension: Garmin Communicator - C:\Users\Hillside3\AppData\Roaming\Mozilla\Firefox\Profiles\fabf13mb.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-19]FF Extension: DownloadHelper - C:\Users\Hillside3\AppData\Roaming\Mozilla\Firefox\Profiles\fabf13mb.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]FF Extension: Easy YouTube Video Downloader - C:\Users\Hillside3\AppData\Roaming\Mozilla\Firefox\Profiles\fabf13mb.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2011-12-17]FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-10-05]FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-02-01]FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn [2014-10-20]FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: =======CHR HomePage: Default -> hxxp://www.google.com/CHR StartupUrls: Default -> "hxxp://www.google.com/"CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No FileCHR Plugin: (Norton Confidential) - C:\Users\Hillside3\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No FileCHR Plugin: (Java Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No FileCHR Plugin: (Canon Online Photo Plugin Module) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPCIG.dll (CANON INC.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (Windows Liveu0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No FileCHR Profile: C:\Users\Hillside3\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hillside3\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]CHR Extension: (YouTube) - C:\Users\Hillside3\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]CHR Extension: (Google Search) - C:\Users\Hillside3\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]CHR Extension: (Google Wallet) - C:\Users\Hillside3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (Gmail) - C:\Users\Hillside3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-16] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-26] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)S3 HPx9G+; C:\Windows\System32\DRIVERS\HPx9G2k.sys [32056 2009-11-12] (Hewlett Packard Development LLC)R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20141017.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-20] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141019.001\ENG64.SYS [129752 2014-09-26] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141019.001\EX64.SYS [2137304 2014-09-26] (Symantec Corporation)S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-17] (Symantec Corporation)R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-10-30] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)R3 tplh64; C:\Windows\System32\DRIVERS\tplh64.sys [508520 2012-02-21] (TP-LINK TECHNOLOGIES CO., LTD)R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-05-06] (Acronis)S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-20 06:25 - 2014-10-20 06:26 - 00027964 _____ () C:\Users\Hillside3\Desktop\FRST.txt2014-10-20 06:25 - 2014-10-20 06:25 - 00000000 ____D () C:\Users\Hillside3\Desktop\FRST-OlderVersion2014-10-20 06:24 - 2014-10-20 06:25 - 02111488 _____ (Farbar) C:\Users\Hillside3\Desktop\FRST64.exe2014-10-19 14:55 - 2014-10-19 14:29 - 00024064 _____ () C:\Windows\zoek-delete.exe2014-10-19 14:31 - 2014-10-19 14:14 - 00002026 _____ () C:\zoek-results2014-10-19-211422.log2014-10-19 14:13 - 2014-10-19 14:59 - 00061956 _____ () C:\zoek-results.log2014-10-19 14:09 - 2014-10-19 14:52 - 00000000 ____D () C:\zoek_backup2014-10-19 13:38 - 2014-10-19 13:38 - 00000000 ____D () C:\Windows\ERUNT2014-10-19 13:34 - 2014-10-19 13:34 - 00033280 _____ () C:\Users\Hillside3\Desktop\New reply to Possible Zeroaccess Infection.msg2014-10-19 13:32 - 2014-10-19 13:32 - 01705698 _____ (Thisisu) C:\Users\Hillside3\Downloads\JRT.exe2014-10-19 12:53 - 2014-10-19 15:43 - 00000000 ____D () C:\Users\Hillside3\Documents\Family Tree2014-10-18 21:06 - 2014-10-18 21:06 - 00023125 _____ () C:\ComboFix.txt2014-10-18 20:27 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe2014-10-18 20:27 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe2014-10-18 20:27 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-10-18 20:27 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-10-18 20:27 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-10-18 20:27 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe2014-10-18 20:27 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe2014-10-18 20:27 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe2014-10-18 20:25 - 2014-10-18 21:06 - 00000000 ____D () C:\Qoobox2014-10-18 20:23 - 2014-10-18 21:03 - 00000000 ____D () C:\Windows\erdnt2014-10-18 15:38 - 2014-10-18 15:38 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys2014-10-18 15:05 - 2014-10-20 06:25 - 00000000 ____D () C:\FRST2014-10-18 12:02 - 2014-10-18 12:02 - 00023643 _____ () C:\Users\Hillside3\Documents\World Records.xlsx2014-10-18 09:56 - 2014-10-18 09:57 - 00000000 ____D () C:\NPE2014-10-14 19:35 - 2014-10-09 19:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-10-14 19:35 - 2014-10-09 19:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-10-14 19:35 - 2014-10-09 19:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-10-14 19:35 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-10-14 19:35 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-10-14 19:35 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-14 19:35 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-14 19:35 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-10-14 19:35 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-10-14 19:35 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-10-14 19:35 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-10-14 19:35 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-10-14 19:35 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-14 19:35 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-14 19:35 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-14 19:35 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-10-14 19:35 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-10-14 19:35 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-14 19:35 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-14 19:35 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-10-14 19:35 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-10-14 19:35 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-10-14 19:35 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-14 19:35 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-14 19:35 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-10-14 19:35 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-14 19:35 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-14 19:35 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-10-14 19:35 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-10-14 19:35 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-10-14 19:35 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-10-14 19:35 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-10-14 19:35 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-14 19:35 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-10-14 19:35 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-10-14 19:35 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-10-14 19:35 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-10-14 19:35 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-10-14 19:35 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-14 19:35 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-10-14 19:35 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-14 19:35 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-10-14 19:35 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-10-14 19:35 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-10-14 19:35 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-10-14 19:35 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-10-14 19:35 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-10-14 19:35 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-14 19:35 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-10-14 19:35 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-10-14 19:35 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-10-14 19:35 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-14 19:35 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-10-14 19:35 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-10-14 19:35 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-10-14 19:35 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-14 19:35 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-10-14 19:35 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-10-14 19:35 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-10-14 19:35 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-10-14 19:35 - 2014-08-18 20:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi2014-10-14 19:35 - 2014-08-18 20:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi2014-10-14 19:35 - 2014-08-18 20:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2014-10-14 19:35 - 2014-08-18 20:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll2014-10-14 19:35 - 2014-08-18 20:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2014-10-14 19:35 - 2014-08-18 20:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2014-10-14 19:35 - 2014-08-18 20:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe2014-10-14 19:35 - 2014-08-18 20:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll2014-10-14 19:35 - 2014-08-18 20:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll2014-10-14 19:35 - 2014-08-18 20:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe2014-10-14 19:35 - 2014-08-18 19:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll2014-10-14 19:35 - 2014-08-18 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2014-10-14 19:35 - 2014-08-18 19:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys2014-10-14 19:35 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL2014-10-14 19:35 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL2014-10-14 19:35 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL2014-10-14 19:35 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL2014-10-14 19:35 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL2014-10-14 19:35 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL2014-10-14 19:35 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL2014-10-14 19:35 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL2014-10-14 19:35 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL2014-10-14 19:35 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL2014-10-14 19:35 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls2014-10-14 19:35 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls2014-10-14 19:35 - 2014-07-06 19:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll2014-10-14 19:35 - 2014-07-06 19:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll2014-10-14 19:35 - 2014-07-06 19:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll2014-10-14 19:35 - 2014-07-06 19:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-10-14 19:35 - 2014-07-06 19:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll2014-10-14 19:35 - 2014-07-06 19:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll2014-10-14 19:35 - 2014-07-06 19:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2014-10-14 19:35 - 2014-07-06 19:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll2014-10-14 19:35 - 2014-07-06 19:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe2014-10-14 19:35 - 2014-07-06 19:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe2014-10-14 19:35 - 2014-07-06 19:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll2014-10-14 19:35 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx2014-10-14 19:35 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll2014-10-14 19:35 - 2014-07-06 19:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL2014-10-14 19:35 - 2014-07-06 19:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe2014-10-14 19:35 - 2014-07-06 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll2014-10-14 19:35 - 2014-07-06 18:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys2014-10-14 19:35 - 2014-07-06 18:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll2014-10-14 19:35 - 2014-07-06 18:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll2014-10-14 19:35 - 2014-07-06 18:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll2014-10-14 19:35 - 2014-07-06 18:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2014-10-14 19:35 - 2014-07-06 18:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll2014-10-14 19:35 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx2014-10-14 19:35 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll2014-10-14 19:35 - 2014-07-06 18:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL2014-10-14 19:35 - 2014-07-06 18:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2014-10-14 19:35 - 2014-07-06 18:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2014-10-14 19:35 - 2014-07-06 18:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe2014-10-14 19:35 - 2014-07-06 18:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe2014-10-14 19:35 - 2014-07-06 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll2014-10-14 19:35 - 2014-06-27 17:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe2014-10-14 19:35 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe2014-10-14 19:35 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll2014-10-14 19:35 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-14 19:35 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2014-10-14 19:35 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2014-10-14 19:35 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-14 19:35 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2014-10-14 19:35 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-14 19:33 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-14 19:33 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-10-14 19:33 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-14 19:33 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-10-14 19:33 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-14 19:33 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll2014-10-14 19:33 - 2014-07-16 19:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-14 19:33 - 2014-07-16 19:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2014-10-14 19:33 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-10-14 19:33 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-14 19:33 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-14 19:33 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-14 19:33 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-10-14 19:33 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-10-14 19:33 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll2014-10-14 19:33 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-10-14 19:33 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2014-10-14 19:33 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll2014-10-14 19:33 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-10-14 19:33 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-10-14 19:33 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-14 19:33 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2014-10-11 11:40 - 2014-10-11 20:48 - 00030908 _____ () C:\Users\Hillside3\Documents\Predictions.xlsx2014-10-02 18:39 - 2014-10-02 18:39 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 3602014-10-01 08:14 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2014-10-01 08:14 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2014-09-24 19:00 - 2014-09-24 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-09-23 13:13 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-09-23 13:13 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-20 06:22 - 2011-10-05 14:22 - 01878802 _____ () C:\Windows\WindowsUpdate.log2014-10-20 06:21 - 2014-05-24 09:18 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-10-20 06:21 - 2011-10-15 08:59 - 00000000 ____D () C:\Users\Hillside3\Documents\Outlook Files2014-10-20 06:19 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-10-20 06:19 - 2009-07-13 21:51 - 00088516 _____ () C:\Windows\setupact.log2014-10-19 18:46 - 2009-12-31 11:44 - 00000000 ____D () C:\Users\Public\Documents\PL Files2014-10-19 18:44 - 2012-04-07 17:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-10-19 18:25 - 2009-07-13 21:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-19 18:25 - 2009-07-13 21:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-19 16:51 - 2011-10-20 13:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-10-19 16:08 - 2014-03-04 19:12 - 00000586 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1263235551-3185265231-852751295-1000.job2014-10-19 16:06 - 2013-08-15 12:06 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1263235551-3185265231-852751295-1003UA.job2014-10-19 14:59 - 2010-11-20 20:47 - 01061372 _____ () C:\Windows\PFRO.log2014-10-19 13:53 - 2013-09-01 08:49 - 00000000 ____D () C:\AdwCleaner2014-10-19 13:11 - 2011-01-28 19:19 - 00000000 ____D () C:\Users\Hillside3\Documents\My Scans2014-10-19 10:55 - 2011-11-06 18:16 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-10-19 10:46 - 2011-10-20 13:44 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-10-19 10:46 - 2011-10-20 13:44 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-10-19 10:46 - 2011-10-20 13:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-10-19 09:58 - 2011-10-10 18:10 - 00000000 ____D () C:\Users\Hillside3\AppData\Local\Adobe2014-10-18 21:58 - 2011-10-05 14:38 - 00002507 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Standard.lnk2014-10-18 21:58 - 2011-10-05 14:38 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk2014-10-18 21:06 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default2014-10-18 21:02 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini2014-10-18 21:01 - 2011-10-14 20:58 - 00000000 ____D () C:\Users\Geoffrey2014-10-18 21:01 - 2011-10-14 20:58 - 00000000 ____D () C:\Users\Emily2014-10-18 21:01 - 2011-10-10 18:07 - 00000000 ____D () C:\Users\Hillside32014-10-18 20:17 - 2012-08-17 17:48 - 00000000 ____D () C:\Users\Hillside3\Documents\Placer County Real Estate2014-10-18 16:53 - 2011-12-18 20:13 - 00000000 ____D () C:\Users\Hillside3\AppData\Local\CrashDumps2014-10-18 15:41 - 2011-10-20 13:44 - 00000000 ____D () C:\Program Files\Google2014-10-18 15:41 - 2011-10-20 13:43 - 00000000 ____D () C:\Program Files (x86)\Google2014-10-18 15:05 - 2009-07-13 22:13 - 00871570 _____ () C:\Windows\system32\PerfStringBackup.INI2014-10-18 14:00 - 2013-05-22 13:10 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask2014-10-18 13:46 - 2012-06-08 15:57 - 00000000 ____D () C:\ProgramData\Skype2014-10-18 13:37 - 2011-10-20 13:44 - 00000000 ____D () C:\Users\Hillside3\AppData\Local\Google2014-10-18 13:37 - 2011-10-20 13:43 - 00000000 ____D () C:\ProgramData\Google2014-10-18 10:21 - 2013-08-14 18:28 - 00000000 ____D () C:\Users\Hillside3\AppData\Local\NPE2014-10-17 20:35 - 2014-05-24 09:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-10-17 20:32 - 2014-05-24 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-16 22:06 - 2013-08-15 12:06 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1263235551-3185265231-852751295-1003Core.job2014-10-15 05:25 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD2014-10-15 04:43 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache2014-10-15 03:54 - 2009-07-13 21:45 - 05083544 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-15 03:50 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-10-15 03:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism2014-10-15 03:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism2014-10-15 03:31 - 2011-10-11 17:38 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-10-15 03:25 - 2013-08-13 23:31 - 00000000 ____D () C:\Windows\system32\MRT2014-10-15 03:01 - 2011-10-22 12:50 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-10-13 14:23 - 2012-11-08 17:01 - 00000000 ____D () C:\Windows\Minidump2014-10-13 14:22 - 2012-11-08 17:01 - 00364455 ____N () C:\Windows\Minidump\101314-62899-01.dmp2014-10-12 11:07 - 2014-03-15 08:22 - 00056388 _____ () C:\Users\Hillside3\Desktop\Pigs.xlsx2014-10-12 08:59 - 2011-10-27 21:37 - 00007599 _____ () C:\Users\Hillside3\AppData\Local\Resmon.ResmonCfg2014-10-02 18:37 - 2014-06-26 14:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 3602014-10-02 18:37 - 2014-05-02 18:22 - 00002321 _____ () C:\Users\Public\Desktop\Norton 360.lnk2014-10-02 18:37 - 2013-08-14 17:54 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration2014-10-02 18:37 - 2013-08-14 17:54 - 00000000 ____D () C:\Windows\system32\Drivers\N360x642014-10-01 11:11 - 2014-05-24 09:18 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-10-01 11:11 - 2014-05-24 09:18 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-10-01 11:11 - 2013-08-31 16:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-09-28 14:44 - 2014-03-04 19:12 - 00003628 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1263235551-3185265231-852751295-10002014-09-28 13:11 - 2012-09-08 11:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-09-26 22:49 - 2014-01-19 16:00 - 00000000 ____D () C:\Program Files (x86)\Quicken2014-09-23 17:44 - 2012-04-07 17:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-09-23 17:44 - 2012-04-07 17:03 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-09-23 17:44 - 2011-10-05 14:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Files to move or delete:====================C:\Users\Emily\jagex_runescape_preferences.datC:\Users\Geoffrey\jagex_runescape_preferences.datC:\Users\Geoffrey\jagex_runescape_preferences2.datC:\Users\Geoffrey\mnviewer.dllC:\Users\Geoffrey\npmusicn.dllC:\Users\Geoffrey\NPSibelius.dllC:\Users\Geoffrey\PDFNetC.dllC:\Users\Geoffrey\ScorchAxPlugin.dllC:\Users\Geoffrey\unins000.datC:\Users\Geoffrey\unins000.exeC:\Users\Hillside3\jagex_runescape_preferences.dat ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64 LastRegBack: 2014-10-06 07:32 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Plumas Posted October 20, 2014 Author ID:892907 Share Posted October 20, 2014 Naat: And here's the addition.txt... Plumas Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2014Ran by Hillside3 at 2014-10-20 06:26:47Running from C:\Users\Hillside3\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) HiddenAccidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.12 - Adobe Systems)Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) HiddenAdobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) HiddenAleks 3.18 (HKLM-x32\...\Aleks 3.18) (Version: - )Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) HiddenApple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)ATI AVIVO64 Codecs (Version: 11.6.0.10104 - ATI Technologies Inc.) HiddenATI Catalyst Install Manager (HKLM\...\{6E3D4FFE-9614-4E58-9DE2-F9A036EAD491}) (Version: 3.0.808.0 - ATI Technologies, Inc.)Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) HiddenCANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.6.0.12 - Canon Inc.)Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.2.7 - Canon Inc.)Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 3.2.0.10 - Canon Inc.)Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)Canon Utilities Digital Photo Professional 3.3 (HKLM-x32\...\DPP) (Version: 3.3.1.1 - Canon Inc.)Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.3.1.3 - Canon Inc.)Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.0.0.3 - Canon Inc.)Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.2.0.1 - Canon Inc.)Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)Canon Utilities WFT-E1/E2/E3 Utility (HKLM-x32\...\WFTK) (Version: 3.2.1.1 - Canon Inc.)Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.2.0.29 - Canon Inc.)Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.0.9 - Canon Inc.)Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) HiddenCatalyst Control Center InstallProxy (x32 Version: 2011.0104.2155.39304 - ATI Technologies, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2011.0104.2155.39304 - ATI) HiddenCCC Help Chinese Standard (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Chinese Traditional (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Czech (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Danish (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Dutch (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help English (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Finnish (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help French (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help German (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Greek (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Hungarian (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Italian (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Japanese (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Korean (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Norwegian (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Polish (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Portuguese (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Russian (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Spanish (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Swedish (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Thai (x32 Version: 2011.0104.2154.39304 - ATI) HiddenCCC Help Turkish (x32 Version: 2011.0104.2154.39304 - ATI) Hiddenccc-core-static (x32 Version: 2011.0104.2155.39304 - ATI) Hiddenccc-utility64 (Version: 2011.0104.2155.39304 - ATI) HiddenCitrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6622 - CyberLink Corp.)CyberLink PhotoNow (x32 Version: 1.1.6622 - CyberLink Corp.) HiddenCyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3022 - CyberLink Corp.)CyberLink PowerDirector (x32 Version: 8.0.3022 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) HiddenDeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) HiddenDirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) HiddenDocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) HiddenDocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) HiddenElevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) HiddenEPSON Copy Utility (HKLM-x32\...\{B69CC1A5-0404-11D6-ABCB-005004C21D30}) (Version: - )EPSON Photo Print (HKLM-x32\...\EPSON Photo Print) (Version: - )EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )EPSON Scanner Reference Guide (HKLM-x32\...\Silent Package Run-Time Sample) (Version: - )EPSON Smart Panel (HKLM-x32\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version: - )Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) HiddenFL Studio 10 (HKLM-x32\...\FL Studio 10) (Version: - Image-Line)Garmin Communicator Plugin (HKLM-x32\...\{13F054F3-0B07-4D15-9E80-C55B496AB557}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) HiddenGarmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) HiddenGarmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) HiddenGoToMeeting 6.4.3.1767 (HKCU\...\GoToMeeting) (Version: 6.4.3.1767 - CitrixOnline)GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) HiddenHP 40gs, 39gs, 39G+, 39G Calculator Connectivity Kit (HKLM-x32\...\HP 40gs, 39gs, 39G+, 39G Calculator Connectivity Kit) (Version: 2.1 Build 1328 - Hewlett-Packard)HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) HiddenHPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) HiddenHPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) HiddenIL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)ImageMixer 3 SE Ver.5 Transfer Utility (HKLM-x32\...\{DFE492C4-A9F5-413E-A2CC-6F5F3ACC229F}) (Version: 3.04.009 - PIXELA)ImageMixer 3 SE Ver.5 Video Tools (HKLM-x32\...\{B674F947-56D6-4793-B465-7D7C87E04D0C}) (Version: 3.04.014 - PIXELA)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJava 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenK-Lite Codec Pack 9.9.5 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - )LecShare Pro 1.57 (HKLM-x32\...\LecShare Pro_is1) (Version: - LecShare, Inc.)LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) HiddenMesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)Network64 (Version: 130.0.374.000 - Hewlett-Packard) HiddenNetwork64 (Version: 140.0.221.000 - Hewlett-Packard) HiddenNorton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) HiddenQualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) HiddenRealtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)Roxio Activation Module (x32 Version: 1.0 - Roxio) HiddenRoxio BackOnTrack (x32 Version: 1.3.3 - Roxio) HiddenRoxio Burn (x32 Version: 1.8 - Roxio) HiddenRoxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) HiddenRoxio Creator Starter (x32 Version: 5.0.0 - Roxio) HiddenRoxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) HiddenRoxio File Backup (Version: 1.3.2 - Roxio) HiddenScan (x32 Version: 13.0.0.0 - Hewlett-Packard) HiddenScanToWeb (HKLM-x32\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - )Seagate DiscWizard (HKLM-x32\...\{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}) (Version: 13.0.14387 - Seagate)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) HiddenShop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) HiddenSolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) HiddenSonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) HiddenStatus (x32 Version: 130.0.373.000 - Hewlett-Packard) HiddenToolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) HiddenTrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) HiddenWebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) HiddenWindows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1263235551-3185265231-852751295-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Hillside3\AppData\Local\Citrix\GoToMeeting\1312\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Restore Points ========================= 18-10-2014 20:39:47 Removed Skype™ 6.1119-10-2014 21:13:38 zoek.exe restore point19-10-2014 21:31:52 zoek.exe restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2014-10-18 21:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {229E7121-7537-4D93-83AF-D90F5C1CD85B} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)Task: {2ABD3E47-8DF1-4945-82C2-A0AD3A1FA7AD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1263235551-3185265231-852751295-1003UA => C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-15] (Google Inc.)Task: {3427F52E-02EA-43F3-B249-92855B0821CF} - System32\Tasks\G2MUpdateTask-S-1-5-21-1263235551-3185265231-852751295-1000 => C:\Users\Hillside3\AppData\Local\Citrix\GoToMeeting\1767\g2mupdate.exe [2014-09-28] (Citrix Online, a division of Citrix Systems, Inc.)Task: {3BCAD3EA-BEE1-42E7-8DD3-2EEEAFFE164E} - \DSite No Task File <==== ATTENTIONTask: {4B92C96A-AFC9-467E-A001-B51418217C7D} - System32\Tasks\AdobeAAMUpdater-1.0-Hillside3-PC-Hillside3 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)Task: {677A7A6E-45E5-495A-9B4A-7825587989BF} - \EPUpdater No Task File <==== ATTENTIONTask: {687E1845-AB78-46B9-8910-EFC7BDD82926} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)Task: {6CEE37CC-4A16-4A06-A85A-69422D7ECE6F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1263235551-3185265231-852751295-1003Core => C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-15] (Google Inc.)Task: {74BC7D9D-4217-42B5-B971-1331C0691F2F} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()Task: {752B5269-A21E-4D4D-8C58-6489BAF5316E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)Task: {7AEE7813-7F14-4AB7-A518-BAEE064DD2CA} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\SymErr.exeTask: {7ED4FE94-366D-416A-9292-D87909155AA9} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {8722B436-C10B-4A3A-8010-E8D7A4613E2A} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)Task: {88DE43C3-2812-4730-AD4F-3D46DA9FA13C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\SymErr.exeTask: {911C1753-BEF8-4333-AD4B-C40CD4879CA5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {996D130B-04B3-49F2-8266-B5557F8942B6} - \BrowserDefendert No Task File <==== ATTENTIONTask: {A32904F0-AF7A-4E73-A4FE-4DEAD7E76018} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)Task: {B3957B46-8D97-48EA-B2BD-F5A045C2E9D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)Task: {C04202BF-3F60-4F76-96C2-91E72540168E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {C352C2F9-92FB-472F-BD0F-937DD3E2DC9F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exeTask: {CB480B71-8F6B-4430-BC7C-B5626F39E0E9} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1263235551-3185265231-852751295-1000.job => C:\Users\Hillside3\AppData\Local\Citrix\GoToMeeting\1767\g2mupdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1263235551-3185265231-852751295-1003Core.job => C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1263235551-3185265231-852751295-1003UA.job => C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-10-30 10:20 - 2009-04-16 19:01 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe2010-11-17 08:35 - 2010-11-17 08:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe2011-01-04 19:54 - 2011-01-04 19:54 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll2010-08-26 14:08 - 2010-08-26 14:08 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2011-10-30 08:56 - 2008-09-24 22:10 - 00364544 ____N () C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\pxl_m17n_tool.dll2010-11-24 20:44 - 2010-11-24 20:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll2014-10-15 04:01 - 2014-10-15 04:01 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\39ff47a82cce6fab4fafee9b44846d97\IsdiInterop.ni.dll2011-10-05 14:29 - 2010-09-13 16:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Emily\Documents\luek email.eml:OECustomPropertyAlternateDataStreams: C:\Users\Hillside3\Documents\joan henrick email.eml:OECustomPropertyAlternateDataStreams: C:\Users\Hillside3\Documents\le.eml:OECustomPropertyAlternateDataStreams: C:\Users\Hillside3\Documents\request letter 2.eml:OECustomPropertyAlternateDataStreams: C:\Users\Hillside3\Documents\request letter.eml:OECustomPropertyAlternateDataStreams: C:\Users\Public\Documents\Microsoft Support_ Case ID SRX1065658643.eml:OECustomPropertyAlternateDataStreams: C:\Users\Public\Documents\Public Missiles Web Order.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1263235551-3185265231-852751295-500 - Administrator - Disabled) => C:\Users\AdministratorEmily (S-1-5-21-1263235551-3185265231-852751295-1003 - Limited - Enabled) => C:\Users\EmilyGeoffrey (S-1-5-21-1263235551-3185265231-852751295-1004 - Limited - Enabled) => C:\Users\GeoffreyGuest (S-1-5-21-1263235551-3185265231-852751295-501 - Limited - Enabled)Hillside3 (S-1-5-21-1263235551-3185265231-852751295-1000 - Administrator - Enabled) => C:\Users\Hillside3HomeGroupUser$ (S-1-5-21-1263235551-3185265231-852751295-1005 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Officejet 4500 G510n-zDescription: Officejet 4500 G510n-zClass Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Manufacturer: HPService: StillCamProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet 4500 G510n-zDescription: Officejet 4500 G510n-zClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Officejet 4500 G510n-zDescription: Officejet 4500 G510n-zClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (10/20/2014 06:20:42 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/19/2014 06:19:20 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/19/2014 03:01:06 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/19/2014 01:49:26 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors:=============Error: (10/20/2014 06:20:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (10/19/2014 06:18:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (10/19/2014 03:00:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (10/19/2014 02:43:59 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (10/19/2014 02:43:59 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (10/19/2014 02:43:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (10/19/2014 02:43:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (10/19/2014 02:43:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (10/19/2014 01:48:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Microsoft Office Sessions:=========================Error: (10/20/2014 06:20:42 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/19/2014 06:19:20 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/19/2014 03:01:06 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/19/2014 01:49:26 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors:=================================== Date: 2014-10-18 21:01:23.093 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-10-18 21:01:23.061 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i7-2600 CPU @ 3.40GHzPercentage of memory in use: 49%Total physical RAM: 4078.45 MBAvailable physical RAM: 2046.98 MBTotal Pagefile: 8155.07 MBAvailable Pagefile: 5571.99 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1846.3 GB) (Free:1628.01 GB) NTFSDrive d: (DATAPART1) (Fixed) (Total:931.51 GB) (Free:548.73 GB) NTFSDrive k: () (Removable) (Total:14.9 GB) (Free:12.69 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C468B60B)Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 55E8C8F6)Partition 1: (Not Active) - (Size=79 MB) - (Type=DE)Partition 2: (Active) - (Size=16.6 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=1846.3 GB) - (Type=07 NTFS) ========================================================Disk: 6 (Size: 14.9 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Naathim Posted October 20, 2014 ID:893055 Share Posted October 20, 2014 Aside of what I see, I need an update on how is your machine behaving. Any strange issues? Scan with TDSSKiller Please download TDSSKiller by Kaspersky and save it to your desktop.Right-click on icon and select Run as Administrator to start the tool.Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.Your machine may appear very slow and unusable after that - it's normal.TDSSKiller will run automaticaly. Click on Change parameters and click OK.Make sure that Verify driver digital signatures & Detect TDLFS File System are marked and click OK.Click the Start Scan button and wait patiently.If anything will be found follow this guidelines:If a suspicious object is detected, the default action will be Skip, click on Continue.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options. > Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process. > If Cure is not available, please choose Skip instead.Do not choose Delete unless instructed!A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post. Link to post Share on other sites More sharing options...
Plumas Posted October 21, 2014 Author ID:893287 Share Posted October 21, 2014 Naat: The machine seems to be working much better. Bootup is much quicker and I no longer see lots of dllhost.exe processes starting up in task manager. The machine is also less sluggish -- when I start a program it starts right up. I also am no longer receiving lots of warnings from Malwarebytes and Norton that syswow is trying to connect to prohibited websites. So all is looking pretty good. I ran the TDSSKiller, but am getting the "post too long" error. I even tried spitting it in to three pieces, but I still get the error. Is there another way I can get it to you? Thanks again for all the help, Plumas Link to post Share on other sites More sharing options...
Plumas Posted October 21, 2014 Author ID:893298 Share Posted October 21, 2014 Naat: I also meant to add that the TDSSKiller said there were no infections found. Plumas Link to post Share on other sites More sharing options...
Naathim Posted October 21, 2014 ID:893391 Share Posted October 21, 2014 Hi Aside of no infections found, this log contains some more valuable information. Please attach it to your post. Link to post Share on other sites More sharing options...
Plumas Posted October 21, 2014 Author ID:893544 Share Posted October 21, 2014 Naat: I keep getting a "post too long error..." so I will attach the file as an attachment. Here it is... Plumas TDSSKiller.3.0.0.40_20.10.2014_17.59.04_log.txt Link to post Share on other sites More sharing options...
Naathim Posted October 21, 2014 ID:893588 Share Posted October 21, 2014 Scan with RogueKillerPlease download RogueKiller and save the file to your desktop.Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Right-click on icon and select Run as Administrator to start the tool.Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.Accept the Terms of use.When the Scan button becomes available, please click it. RogueKiller will start a full scan.Let this process run uninterrupted!.When finished, a Report button will become available. Click it. You will be presented with a logfile.Please include the content of this logfile in your next reply. Link to post Share on other sites More sharing options...
Plumas Posted October 22, 2014 Author ID:893967 Share Posted October 22, 2014 Hi Naat: RogueKiller was run and following is the logfile. Plumas RogueKiller V10.0.2.0 (x64) [Oct 16 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Hillside3 [Administrator]Mode : Scan -- Date : 10/21/2014 18:28:41¤¤¤ Processes : 0 ¤¤¤¤¤¤ Registry : 19 ¤¤¤[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1263235551-3185265231-852751295-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1263235551-3185265231-852751295-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2BD44437-9BAF-4D2F-83A8-A56A8B141EA4} | NameServer : 199.85.126.20,199.85.127.20 -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2BD44437-9BAF-4D2F-83A8-A56A8B141EA4} | NameServer : 199.85.126.20,199.85.127.20 -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2BD44437-9BAF-4D2F-83A8-A56A8B141EA4} | NameServer : 199.85.126.20,199.85.127.20 -> Found[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1263235551-3185265231-852751295-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1263235551-3185265231-852751295-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found¤¤¤ Tasks : 0 ¤¤¤¤¤¤ Files : 0 ¤¤¤¤¤¤ Hosts File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost¤¤¤ Antirootkit : 34 (Driver: Loaded) ¤¤¤[iAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_DevNode_Status : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd5a30c0[iAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_Device_IDW : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd5a4034[iAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x7fefcec14e8[iAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x7fefcec193c[iAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x7fefcec15e0[iAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x7fefcec15e0[iAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x7fefcec193c[iAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x7fefcec14e8[iAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : C:\Windows\system32\ole32.dll @ 0x7fefeb40680[iAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromCLSID : C:\Windows\system32\ole32.dll @ 0x7fefeb39370[iAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Windows\system32\ole32.dll @ 0x7fefeb62e18[iAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstance : C:\Windows\system32\ole32.dll @ 0x7fefeb57490[iAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeEx : C:\Windows\system32\ole32.dll @ 0x7fefeb52a30[iAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUnmarshalInterface : C:\Windows\system32\ole32.dll @ 0x7fefeb5ea20[iAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\system32\ole32.dll @ 0x7fefeb6bf00[iAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetTreatAsClass : C:\Windows\system32\ole32.dll @ 0x7fefeb43e90[iAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoFreeUnusedLibraries : C:\Windows\system32\ole32.dll @ 0x7fefeb38284[iAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateGuid : C:\Windows\system32\ole32.dll @ 0x7fefeb3d9d0[iAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMarshalSizeMax : C:\Windows\system32\ole32.dll @ 0x7fefeb5ef20[iAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterface : C:\Windows\system32\ole32.dll @ 0x7fefeb5f1ac[iAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromGUID2 : C:\Windows\system32\ole32.dll @ 0x7fefeb53560[iAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromProgID : C:\Windows\system32\ole32.dll @ 0x7fefeb49980[iAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - FreePropVariantArray : C:\Windows\system32\ole32.dll @ 0x7fefec59440[iAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemAlloc : C:\Windows\system32\ole32.dll @ 0x7fefeb58e70[iAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemFree : C:\Windows\system32\ole32.dll @ 0x7fefeb58e20[iAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUninitialize : C:\Windows\system32\ole32.dll @ 0x7fefeb51314[iAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x7fefcec193c[iAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x7fefcec15e0[iAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x7fefcec14e8[iAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x7fefcec15e0[iAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x7fefcec14e8[iAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x7fefcec193c[iAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueA : C:\Windows\system32\version.DLL @ 0x7fefcec1b94[iAT:Addr] (explorer.exe @ acppage.dll) sfc.dll - SfcIsFileProtected : C:\Windows\system32\sfc_os.DLL @ 0x7fef9b616f0¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: WDC WD10EALX-759BA1 +++++--- User ---[MBR] a276e9cc21a7fb666a4f886ebaff18a2[bSP] 41f68ac8d24c18c34b72d5f141d4967c : Windows Vista/7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MBUser = LL1 ... OKUser = LL2 ... OK+++++ PhysicalDrive1: ST2000DM001-1CH164 +++++--- User ---[MBR] a9764d6a1371a462f8595fad6d35d3f6[bSP] b49fc1e549ac314ecc8a5d6992efdd3d : HP MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 79 MB1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 163840 | Size: 17038 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 35057664 | Size: 1890611 MBUser = LL1 ... OKUser = LL2 ... OK+++++ PhysicalDrive2: +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive4: Generic- SM/xD Picture USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) Link to post Share on other sites More sharing options...
Naathim Posted October 22, 2014 ID:894120 Share Posted October 22, 2014 Nothing significant in that logfile. Scan with Farbar Recovery Scan ToolPlease re-run Farbar Recovery Scan Tool.Right-click on icon and select Run as Administrator to start the tool.> XP users click run after receipt of Windows Security Warning - Open File.> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content in your next reply. Link to post Share on other sites More sharing options...
Plumas Posted October 22, 2014 Author ID:894243 Share Posted October 22, 2014 Hi Naat: Farbar was run, but still comes up with a ZeroAccess error. Do you think we still have some bad stuff to fix? Files follow... Plumas Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014Ran by Hillside3 (administrator) on HILLSIDE3-PC on 22-10-2014 06:02:06Running from C:\Users\Hillside3\DesktopLoaded Profile: Hillside3 (Available profiles: Hillside3 & Emily & Geoffrey & Administrator)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)HKLM\...\Run: [seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [395152 2011-06-30] (Seagate)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-04] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)HKLM-x32\...\Run: [updatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [2638152 2011-06-30] (Seagate)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)HKU\S-1-5-21-1263235551-3185265231-852751295-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1104288 2014-09-04] (Adobe Systems Incorporated)HKU\S-1-5-21-1263235551-3185265231-852751295-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.5.lnkShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.5.lnk -> C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmlStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKCU - DefaultScope {C551CED0-A24B-4F52-AF50-0EC0A44A8A61} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGHP_enUS454SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {C551CED0-A24B-4F52-AF50-0EC0A44A8A61} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGHP_enUS454BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileToolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No FileDPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cabDPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cabDPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CABHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg.dll No FileHandler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg32.dll No FileTcpip\Parameters: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{2BD44437-9BAF-4D2F-83A8-A56A8B141EA4}: [NameServer] 199.85.126.20,199.85.127.20FireFox:========FF ProfilePath: C:\Users\Hillside3\AppData\Roaming\Mozilla\Firefox\Profiles\fabf13mb.defaultFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Hillside3\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll (Amazon.com, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\MyCamera.dll (CANON INC.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPCIG.dll (CANON INC.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)FF Extension: Garmin Communicator - C:\Users\Hillside3\AppData\Roaming\Mozill
Recommended Posts