yosoy4ever Posted June 2, 2015 ID:966916 Share Posted June 2, 2015 Hello..I have not been back to this forum in awhile, but the last few days MY PC HAS GOTTEN very slow and lethargic and takes a lot of time to get to ANY website. I ran malewarebytes and found that a PUP.OPTIONAL.MINDSPARK.A seems to have infected my PC. I put the results in quarantine. I also ran SPYBOT and that seemed to find other maleware that Malewarebytes did not, e.g. CouponBar, FunWebProducts,W3i.IQ5.fraud, Casale Media, Burst Media, MediaPlex,DoubleClick. Can you please help me to get rid of all this bad stuff and help me to get my PC running at a good speed ? I await your instructions as to what I need to do. thanks, Susan Tuesday June 2, 2015 at 7:15 pm edst Link to post Share on other sites More sharing options...
Maniac Posted June 3, 2015 ID:967011 Share Posted June 3, 2015 Hello yosoy4ever! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Please follow the instructions here and then post your log files in a new reply in this thread: https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/ Link to post Share on other sites More sharing options...
yosoy4ever Posted June 3, 2015 Author ID:967120 Share Posted June 3, 2015 Here is the frst.txt that MANIAC told me to send in ....... and I DID NOT SEE ANY ADDITION.TXT and when I searced for it it is nowhere to be found.is this possible ? Please let me know what to do to GET YOU an addition.txt if I did something wrong...thanks, Susan Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015Ran by NewDesktop_3_2010 (administrator) on NEWDESKTOP_3_10 on 03-06-2015 13:55:49Running from C:\Users\NewDesktop_3_2010\DownloadsLoaded Profiles: NewDesktop_3_2010 (Available Profiles: NewDesktop_3_2010 & Administrator & DefaultAppPool)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 9 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe(Microsoft Corporation) C:\Windows\System32\alg.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe( ) C:\Windows\System32\lxcycoms.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe(PC Tools) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe(Microsoft Corporation) C:\Windows\System32\Locator.exe(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe(Logitech, Inc.) C:\Windows\LockStatusTray.exe() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe(Eastman Kodak Company) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe(Microsoft Corporation) C:\Windows\splwow64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\nacl64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\nacl64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-07-26] (Memeo Inc.)HKLM-x32\...\Run: [sSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-01-17] (Symantec Corporation)HKLM-x32\...\Run: [LockStatusTray] => C:\Windows\LockStatusTray.exe [192512 2008-02-19] (Logitech, Inc.)Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403224 2015-05-07] (Garmin Ltd. or its subsidiaries)HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Policies\Explorer: [NoInstrumentation] 1Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock.lnk [2014-01-22]ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk [2010-03-10]ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk [2010-03-10]ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk [2013-05-02]ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/SearchScopes: HKLM -> {4FA2740A-3248-40EF-91AD-C4115EBE0A3C} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {5B6DF038-D9DD-484B-B484-F20DAD050321} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002 -> {E86B926B-C848-46AC-B13C-C8558AA4287A} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130937,20028,0,18,0BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle Corporation)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll [2013-05-30] (Symantec Corporation)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle Corporation)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll [2013-05-30] (Symantec Corporation)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cabDPF: HKLM-x32 {15B782AF-55D8-11D1-B477-006097098764} https://lms.aa.com/sumtotal/nas/wbt/d/d1/cab/awswaxd.cabDPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: HKLM-x32 {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabDPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cabDPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cabDPF: HKLM-x32 {413D6754-BFD4-47FE-9346-319559290BFA} https://www.webpcfos.com/webpcfos/websabre/HTEweb_v.cabDPF: HKLM-x32 {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cabDPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CABDPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cabDPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CABDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-24] ()FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-24] ()FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @talk.google.com/O1DPlugin -> C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @tools.google.com/Google Update;version=3 -> C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @tools.google.com/Google Update;version=9 -> C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll [2012-07-24] (Amazon.com, Inc.)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC)FF Plugin ProgramFiles/Appdata: C:\Users\NewDesktop_3_2010\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)FF Plugin ProgramFiles/Appdata: C:\Users\NewDesktop_3_2010\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgnFF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn [2015-06-03]FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.2.0.31\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.2.0.31\coFFPlgn [2015-06-03] Chrome: =======CHR Profile: C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (ShopAtHome.com) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2015-05-31]CHR Extension: (Bookmark Manager) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-20]CHR Extension: (Norton Identity Safe) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-21]CHR Extension: (Hangouts) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2014-10-10]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]CHR Extension: (Skype Click to Call) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-31]CHR Extension: (Hangouts) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-05-31]CHR Extension: (Google Wallet) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]CHR Extension: (Norton Security Toolbar) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-05-31]CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" [Not Found]CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\Exts\Chrome.crx [2013-06-18] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1150592 2014-01-17] (Symantec Corporation)R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [715784 2015-05-07] (Garmin Ltd. or its subsidiaries)R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)R2 lxcy_device; C:\Windows\system32\lxcycoms.exe [566192 2006-11-29] ( )R2 lxcy_device; C:\Windows\SysWOW64\lxcycoms.exe [566192 2006-11-29] ( )S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe [282528 2015-04-01] (Symantec Corporation)R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [795776 2014-01-17] (PC Tools)S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1163904 2014-01-17] (Symantec Corporation)R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\BASHDefs\20150601.001\BHDrvx64.sys [1640152 2015-05-21] (Symantec Corporation)R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1602000.01F\ccSetx64.sys [165080 2015-03-26] (Symantec Corporation)R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\IPSDefs\20150602.001\IDSvia64.sys [684248 2015-05-25] (Symantec Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\VirusDefs\20150602.039\ENG64.SYS [129752 2014-11-15] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\VirusDefs\20150602.039\EX64.SYS [2137304 2014-11-15] (Symantec Corporation)S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.)R0 PxHlpa64; C:\Windows\SysWOW64\Drivers\PxHlpa64.sys [26720 2004-09-23] (Sonic Solutions) [File not signed]R3 SRTSP; C:\Windows\system32\drivers\NSx64\1602000.01F\SRTSP64.SYS [916184 2015-03-26] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1602000.01F\SRTSPX64.SYS [42200 2015-03-26] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\NSx64\1602000.01F\SYMDS64.SYS [490712 2015-03-26] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\NSx64\1602000.01F\SYMEFA64.SYS [1151704 2015-03-26] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-05-21] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\NSx64\1602000.01F\Ironx64.SYS [271576 2015-03-26] (Symantec Corporation)R1 SymNetS; C:\Windows\system32\drivers\NSx64\1602000.01F\SYMNETS.SYS [565464 2015-03-26] (Symantec Corporation)R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-08-10] (TuneUp Software)S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-03 13:54 - 2015-06-03 13:54 - 02108928 _____ (Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64 (1).exe2015-06-03 02:02 - 2015-06-03 02:02 - 00005864 _____ () C:\Windows\system32\cc_20150603_020213.reg2015-06-02 16:29 - 2015-06-02 16:29 - 00285335 _____ () C:\Users\NewDesktop_3_2010\Downloads\HealthSummary20150602.zip2015-06-02 08:40 - 2015-06-02 08:40 - 00003762 _____ () C:\Windows\System32\Tasks\ArcSoft Connect Daemon2015-06-02 07:28 - 2015-06-02 15:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2015-06-02 07:28 - 2015-06-02 07:28 - 00001280 _____ () C:\Users\NewDesktop_3_2010\Desktop\Spybot - Search & Destroy.lnk2015-06-02 07:28 - 2015-06-02 07:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy2015-06-02 07:28 - 2015-06-02 07:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy2015-06-02 07:26 - 2015-06-02 07:26 - 16409960 _____ (Safer Networking Limited ) C:\Users\NewDesktop_3_2010\Downloads\spybotsd162 (1).exe2015-06-02 07:25 - 2015-06-02 07:26 - 16409960 _____ (Safer Networking Limited ) C:\Users\NewDesktop_3_2010\Downloads\spybotsd162.exe2015-05-31 15:55 - 2015-06-03 13:47 - 00103516 _____ () C:\Windows\WindowsUpdate.log2015-05-31 15:54 - 2015-05-31 15:54 - 00081320 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\GDIPFONTCACHEV1.DAT2015-05-31 15:48 - 2015-05-31 15:50 - 00000000 ____D () C:\AdwCleaner2015-05-31 15:42 - 2015-05-31 15:42 - 02223104 _____ () C:\Users\NewDesktop_3_2010\Downloads\adwcleaner_4.205.exe2015-05-28 16:51 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys2015-05-28 16:35 - 2015-05-28 16:35 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Local\{A7EDB781-4C87-4C1B-93B8-2BC47871B562}2015-05-28 15:17 - 2015-05-28 15:17 - 00015139 _____ () C:\Users\NewDesktop_3_2010\Downloads\KATRINA - I STILL HAVE NOT RECEIVED THE REQUESTED FORM, HAVE NOT RECEIVED ANY RESPONSE IN THE MAIL....RE Katrina - I need a copy of the TENANT AUTO INFORMATION FORM SENT TO ME ASAP (1).zip2015-05-26 16:57 - 2015-05-26 16:57 - 06549184 _____ (Piriform Ltd) C:\Users\NewDesktop_3_2010\Downloads\ccsetup506.exe2015-05-25 11:09 - 2015-05-25 11:09 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Local\{E71D18C5-71DF-4AA7-B428-39CD7A2DDBA3}2015-05-24 23:08 - 2015-05-24 23:08 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Local\{D144978D-3187-4479-A82C-ADB43C10113B}2015-05-24 11:07 - 2015-05-24 11:07 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Local\{235E64BE-D04A-44C3-836C-0CBCE003941D}2015-05-23 23:06 - 2015-05-23 23:06 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Local\{BB63F625-D151-49FB-9016-0F7E181DCFDB}2015-05-23 11:06 - 2015-05-23 11:06 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Local\{1DF7316D-01C3-433D-9C80-684FF104037A}2015-05-23 10:33 - 2015-05-23 10:33 - 00048637 _____ () C:\Users\NewDesktop_3_2010\FABAR JAN 8 2015 SECOND RUN.txt2015-05-23 10:32 - 2015-05-23 10:32 - 00050836 _____ () C:\Users\NewDesktop_3_2010\FABAR JAN 8 2015 FIRST RUN.txt2015-05-23 10:31 - 2015-05-23 10:31 - 00001040 _____ () C:\Users\NewDesktop_3_2010\fixlist.txt2015-05-22 15:10 - 2015-05-22 15:10 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-igxRSQcK.exe2015-05-22 15:09 - 2015-05-22 15:09 - 00000000 ____D () C:\Program Files (x86)\Valassis2015-05-22 15:06 - 2015-05-22 15:06 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-VZqT1rla.exe2015-05-21 21:16 - 2015-05-21 21:16 - 00022839 _____ () C:\Users\NewDesktop_3_2010\Downloads\Invoke Solutions may 21 2015 forum for one hundred sixty five dollars for one and a half hour online forum participation by EJO.html2015-05-21 21:16 - 2015-05-21 21:16 - 00000000 ____D () C:\Users\NewDesktop_3_2010\Downloads\Invoke Solutions may 21 2015 forum for one hundred sixty five dollars for one and a half hour online forum participation by EJO_files2015-05-21 17:40 - 2015-05-21 17:40 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (9).exe2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (8).exe2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (7).exe2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (6).exe2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (5).exe2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (4).exe2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (3).exe2015-05-21 17:35 - 2015-05-21 17:35 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (2).exe2015-05-21 16:32 - 2015-05-21 16:32 - 00001088 _____ () C:\Users\Public\Desktop\OneSuite Phone.lnk2015-05-21 16:32 - 2015-05-21 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSuite2015-05-21 16:32 - 2015-05-21 16:32 - 00000000 ____D () C:\Program Files (x86)\OneSuite2015-05-21 16:31 - 2015-05-21 16:31 - 10951142 _____ (OneSuite Corporation ) C:\Users\NewDesktop_3_2010\Downloads\ospsetup.exe2015-05-21 16:31 - 2015-05-21 16:31 - 10951142 _____ (OneSuite Corporation ) C:\Users\NewDesktop_3_2010\Downloads\ospsetup (1).exe2015-05-21 13:22 - 2015-05-21 13:22 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security2015-05-21 13:18 - 2015-05-21 13:18 - 00003216 _____ () C:\Windows\System32\Tasks\Norton WSC Integration2015-05-21 13:17 - 2015-05-21 13:17 - 00102616 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS2015-05-21 13:17 - 2015-05-21 13:17 - 00008214 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT2015-05-21 13:17 - 2015-05-21 13:17 - 00002470 _____ () C:\Users\Public\Desktop\Norton Security.lnk2015-05-21 13:17 - 2015-05-21 13:17 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared2015-05-21 13:15 - 2015-05-21 13:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security2015-05-21 13:15 - 2015-05-21 13:15 - 00000000 ____D () C:\Windows\system32\Drivers\NSx642015-05-21 13:15 - 2015-05-21 13:15 - 00000000 ____D () C:\Program Files (x86)\Norton Security2015-05-21 12:56 - 2015-05-21 13:02 - 01445376 _____ () C:\Users\NewDesktop_3_2010\Desktop\ID Safe BackUp.DAT2015-05-21 11:29 - 2015-05-21 11:29 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (24).exe2015-05-21 11:29 - 2015-05-21 11:29 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (23).exe2015-05-21 11:29 - 2015-05-21 11:29 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (22).exe2015-05-21 10:19 - 2015-05-21 10:36 - 00001046 _____ () C:\Users\NewDesktop_3_2010\Downloads\transcript.txt2015-05-18 14:20 - 2015-05-18 14:20 - 00015139 _____ () C:\Users\NewDesktop_3_2010\Downloads\KATRINA - I STILL HAVE NOT RECEIVED THE REQUESTED FORM, HAVE NOT RECEIVED ANY RESPONSE IN THE MAIL....RE Katrina - I need a copy of the TENANT AUTO INFORMATION FORM SENT TO ME ASAP.zip2015-05-16 14:05 - 2015-05-16 14:05 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Local\{ADE026BA-C1E9-460A-A563-849768108DA5}2015-05-13 03:03 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll2015-05-13 03:03 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2015-05-13 00:46 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2015-05-13 00:46 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2015-05-13 00:46 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll2015-05-13 00:46 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll2015-05-13 00:46 - 2015-04-10 12:54 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-05-13 00:46 - 2015-04-10 12:44 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2015-05-13 00:46 - 2015-04-10 12:43 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-05-13 00:46 - 2015-04-10 12:43 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-05-13 00:46 - 2015-04-10 12:39 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-05-13 00:46 - 2015-04-10 12:39 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-05-13 00:46 - 2015-04-10 12:38 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-05-13 00:46 - 2015-04-10 12:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2015-05-13 00:46 - 2015-04-10 12:37 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-05-13 00:46 - 2015-04-10 12:37 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-05-13 00:46 - 2015-04-10 12:37 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-05-13 00:46 - 2015-04-10 12:37 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-05-13 00:46 - 2015-04-10 12:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-05-13 00:46 - 2015-04-10 12:37 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-05-13 00:46 - 2015-04-10 12:37 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-05-13 00:46 - 2015-04-10 12:37 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2015-05-13 00:46 - 2015-04-10 12:37 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2015-05-13 00:46 - 2015-04-10 12:37 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-05-13 00:46 - 2015-04-10 12:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2015-05-13 00:46 - 2015-04-10 12:37 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2015-05-13 00:46 - 2015-04-10 12:37 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2015-05-13 00:46 - 2015-04-10 12:36 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2015-05-13 00:46 - 2015-04-10 11:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-05-13 00:46 - 2015-04-10 11:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-05-13 00:46 - 2015-04-10 11:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2015-05-13 00:46 - 2015-04-10 11:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-05-13 00:46 - 2015-04-10 11:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-05-13 00:46 - 2015-04-10 11:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-05-13 00:46 - 2015-04-10 11:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-05-13 00:46 - 2015-04-10 11:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-05-13 00:46 - 2015-04-10 11:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-05-13 00:46 - 2015-04-10 11:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-05-13 00:46 - 2015-04-10 11:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-05-13 00:46 - 2015-04-10 11:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-05-13 00:46 - 2015-04-10 11:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2015-05-13 00:46 - 2015-04-10 11:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2015-05-13 00:46 - 2015-04-10 11:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2015-05-13 00:46 - 2015-04-10 11:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2015-05-13 00:46 - 2015-04-10 11:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-05-13 00:46 - 2015-04-10 11:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-05-13 00:46 - 2015-04-10 11:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-05-13 00:46 - 2015-04-10 11:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2015-05-13 00:46 - 2015-04-10 11:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2015-05-13 00:46 - 2015-04-10 11:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2015-05-13 00:45 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-05-13 00:45 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2015-05-13 00:45 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2015-05-13 00:45 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2015-05-13 00:45 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2015-05-13 00:45 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll2015-05-13 00:45 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2015-05-13 00:45 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe2015-05-13 00:45 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe2015-05-13 00:45 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2015-05-13 00:45 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe2015-05-13 00:45 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe2015-05-13 00:45 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe2015-05-13 00:45 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe2015-05-13 00:45 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2015-05-13 00:45 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe2015-05-13 00:45 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe2015-05-13 00:45 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2015-05-13 00:45 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2015-05-13 00:45 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2015-05-13 00:45 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll2015-05-13 00:45 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2015-05-13 00:45 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2015-05-13 00:45 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2015-05-13 00:45 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll2015-05-13 00:45 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2015-05-13 00:45 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2015-05-13 00:45 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2015-05-13 00:45 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2015-05-13 00:45 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll2015-05-13 00:45 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-05-13 00:45 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe2015-05-13 00:45 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe2015-05-13 00:45 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe2015-05-13 00:45 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe2015-05-13 00:45 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2015-05-13 00:45 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2015-05-13 00:45 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2015-05-13 00:45 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2015-05-13 00:45 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2015-05-13 00:45 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe2015-05-13 00:45 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe2015-05-13 00:45 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2015-05-13 00:45 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll2015-05-13 00:45 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2015-05-13 00:45 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2015-05-13 00:45 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2015-05-13 00:45 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe2015-05-13 00:44 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll2015-05-13 00:44 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll2015-05-13 00:44 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2015-05-13 00:44 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2015-05-13 00:44 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2015-05-13 00:44 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-05-13 00:44 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll2015-05-13 00:44 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll2015-05-13 00:44 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll2015-05-13 00:44 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe2015-05-13 00:44 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe2015-05-13 00:40 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll2015-05-13 00:40 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll2015-05-13 00:40 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe2015-05-13 00:40 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll2015-05-13 00:40 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll2015-05-13 00:40 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll2015-05-13 00:40 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe2015-05-12 18:17 - 2015-05-12 18:17 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (16).exe2015-05-12 18:13 - 2015-05-12 18:13 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (15).exe2015-05-12 18:13 - 2015-05-12 18:13 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (14).exe2015-05-12 12:52 - 2015-05-12 12:53 - 00003684 _____ () C:\Users\NewDesktop_3_2010\Downloads\OPTIONSHOUSE_2015_TRANSACTIONS_AccountHistoryReport.csv2015-05-12 12:28 - 2015-05-12 12:29 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Local\Garmin_Ltd._or_its_subsid2015-05-12 12:26 - 2015-05-12 12:26 - 00003554 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask2015-05-12 12:26 - 2015-05-12 12:26 - 00001892 _____ () C:\Users\Public\Desktop\Garmin Express.lnk2015-05-12 12:26 - 2015-05-12 12:26 - 00000000 ____D () C:\ProgramData\Garmin2015-05-12 12:21 - 2015-05-12 12:22 - 41023360 _____ (Garmin Ltd or its subsidiaries) C:\Users\NewDesktop_3_2010\Downloads\GarminExpress.exe2015-05-12 09:57 - 2015-05-12 09:57 - 00005245 _____ () C:\Users\NewDesktop_3_2010\Downloads\AccountHistoryReport.csv2015-05-12 09:57 - 2015-05-12 09:57 - 00005245 _____ () C:\Users\NewDesktop_3_2010\Downloads\AccountHistoryReport (1).csv2015-05-08 08:29 - 2015-05-08 08:29 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-HzwVgEwY.exe2015-05-07 20:13 - 2015-05-07 20:13 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-vSkdxTR1.exe2015-05-06 19:58 - 2015-05-06 20:00 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64 (5).exe2015-05-06 19:58 - 2015-05-06 20:00 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64 (4).exe2015-05-06 19:58 - 2015-05-06 20:00 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64 (3).exe2015-05-06 19:58 - 2015-05-06 19:58 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64 (2).exe2015-05-06 19:58 - 2015-05-06 19:58 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64 (1).exe2015-05-06 19:57 - 2015-05-06 19:57 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64.exe2015-05-04 17:44 - 2015-05-04 17:44 - 02811464 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\CouponPrinterCPS (3).exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-03 13:55 - 2014-02-19 11:46 - 00000000 ____D () C:\FRST2015-06-03 13:55 - 2014-02-18 14:54 - 00026043 _____ () C:\Users\NewDesktop_3_2010\Downloads\FRST.txt2015-06-03 13:48 - 2013-05-02 14:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-06-03 13:48 - 2011-02-21 11:35 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-06-03 13:48 - 2011-02-21 11:35 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-06-03 13:26 - 2014-10-12 11:57 - 00000956 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA.job2015-06-03 12:35 - 2010-04-07 08:42 - 09903104 ____R () C:\Users\Public\Documents\ESBK.mbb2015-06-03 12:35 - 2010-04-07 08:42 - 04922368 ____R () C:\Users\Public\Documents\ESBK.mb2015-06-03 11:26 - 2014-10-12 11:57 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core.job2015-06-03 09:26 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-06-03 09:26 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-06-03 09:23 - 2015-01-25 18:38 - 00000312 _____ () C:\Windows\Tasks\NUAutoUpdate.job2015-06-03 09:23 - 2013-10-28 09:48 - 00000095 _____ () C:\Users\NewDesktop_3_2010\.accessibility.properties2015-06-03 09:23 - 2010-03-16 21:13 - 00000000 ____D () C:\Users\NewDesktop_3_20102015-06-03 09:23 - 2010-03-15 22:23 - 00000000 ____D () C:\ProgramData\TEMP2015-06-03 09:18 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-06-02 18:00 - 2012-11-07 15:21 - 00000490 _____ () C:\Windows\Tasks\ParetoLogic Registration.job2015-06-02 11:16 - 2015-01-25 18:44 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Roaming\Norton Utilities 162015-06-02 08:39 - 2013-02-02 13:02 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler2015-06-02 08:39 - 2013-01-26 13:59 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program2015-06-02 07:54 - 2013-01-26 13:41 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 20122015-06-02 03:00 - 2015-02-10 12:23 - 00000354 _____ () C:\Windows\Tasks\SpeedDiskSchedule.job2015-06-01 19:59 - 2014-12-28 11:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-05-31 19:22 - 2012-12-17 21:57 - 00004002 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9EC003F4-3A64-4D9A-B092-891289AE3404}2015-05-31 14:57 - 2014-12-28 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-05-31 14:57 - 2014-12-28 11:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-05-31 08:58 - 2015-02-25 16:38 - 00000306 _____ () C:\Windows\Tasks\NUSchedule.job2015-05-31 08:58 - 2015-01-25 20:00 - 00074710 _____ () C:\Windows\SysWOW64\AppLog.log2015-05-27 09:18 - 2014-05-31 13:20 - 00000000 ___RD () C:\Program Files (x86)\Skype2015-05-27 08:49 - 2009-07-13 22:34 - 87031808 _____ () C:\Windows\system32\config\software.rmbak2015-05-27 08:49 - 2009-07-13 22:34 - 00532480 _____ () C:\Windows\system32\config\default.rmbak2015-05-27 08:35 - 2015-03-14 09:52 - 01093632 _____ () C:\Users\Administrator\s-1-5-21-4200233565-3368421019-1326646657-500.rrr2015-05-27 08:35 - 2014-01-22 17:11 - 00000000 ____D () C:\Users\Administrator2015-05-26 16:59 - 2013-05-03 11:55 - 00000000 ____D () C:\Program Files\CCleaner2015-05-25 17:16 - 2010-04-24 09:40 - 00000424 _____ () C:\Windows\Tasks\EasyShare Registration Task.job2015-05-22 19:06 - 2012-02-09 18:00 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Local\LogMeIn Rescue Applet2015-05-21 13:22 - 2010-03-15 22:09 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton2015-05-21 13:22 - 2010-03-15 22:09 - 00000000 ____D () C:\ProgramData\Norton2015-05-21 13:13 - 2012-02-11 19:10 - 00001309 _____ () C:\Users\NewDesktop_3_2010\Desktop\Norton Installation Files.lnk2015-05-21 13:13 - 2010-03-15 22:09 - 00000000 ____D () C:\Users\Public\Downloads\Norton2015-05-18 08:51 - 2013-05-14 14:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2015-05-16 14:08 - 2009-07-14 01:13 - 00862872 _____ () C:\Windows\system32\PerfStringBackup.INI2015-05-16 13:43 - 2011-02-21 11:35 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-05-16 13:43 - 2011-02-21 11:35 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-05-15 11:21 - 2014-10-12 11:57 - 00003950 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA2015-05-15 11:21 - 2014-10-12 11:57 - 00003554 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core2015-05-13 04:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2015-05-13 03:49 - 2013-04-04 18:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2015-05-13 03:49 - 2013-04-04 18:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2015-05-13 03:49 - 2009-07-14 00:45 - 00340480 _____ () C:\Windows\system32\FNTCACHE.DAT2015-05-13 03:44 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal2015-05-13 03:20 - 2013-08-08 12:56 - 00000000 ____D () C:\Windows\system32\MRT2015-05-13 03:08 - 2010-04-15 07:11 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-05-13 03:03 - 2013-04-04 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2015-05-12 12:28 - 2013-01-26 12:49 - 00000000 ____D () C:\Program Files\DIFX2015-05-12 12:27 - 2013-01-26 12:45 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Roaming\Garmin2015-05-12 12:27 - 2013-01-26 12:45 - 00000000 ____D () C:\Program Files (x86)\Garmin2015-05-12 12:26 - 2013-01-26 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin2015-05-12 12:25 - 2012-11-20 23:32 - 00000000 ____D () C:\ProgramData\Package Cache2015-05-06 19:59 - 2014-08-25 12:24 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll2015-05-06 19:59 - 2014-08-25 12:24 - 00000000 ____D () C:\Program Files\Java2015-05-06 19:53 - 2013-10-28 01:46 - 00000000 ____D () C:\ProgramData\Oracle2015-05-06 19:52 - 2010-03-10 06:11 - 00000000 ____D () C:\Program Files (x86)\Java2015-05-06 19:49 - 2015-04-13 10:21 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2015-05-06 19:39 - 2011-11-29 09:56 - 00002037 _____ () C:\Users\NewDesktop_3_2010\Desktop\E-TRADE Pro.lnk ==================== Files in the root of some directories ======= 2010-03-17 18:43 - 2015-04-14 20:46 - 0001948 _____ () C:\Users\NewDesktop_3_2010\AppData\Roaming\wklnhst.dat2014-05-25 01:04 - 2014-05-25 01:04 - 0893239 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\a.zip2014-05-25 01:04 - 2014-05-25 01:04 - 2162416 _____ (Catalina Marketing Corp) C:\Users\NewDesktop_3_2010\AppData\Local\BcsKtYcHW.dll2013-12-13 08:35 - 2013-12-13 08:36 - 0007605 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\Resmon.ResmonCfg2011-10-16 14:03 - 2011-10-16 14:03 - 0000000 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\{62C84699-B853-4384-BF6C-E456B46B3F4F}2011-08-10 22:57 - 2011-08-10 22:57 - 0000000 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\{FDF947EE-4675-4262-A24B-4D2DE1711DBD}2012-04-11 18:44 - 2012-04-13 09:54 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-24 00:21 ==================== End of log ============================ Link to post Share on other sites More sharing options...
yosoy4ever Posted June 3, 2015 Author ID:967122 Share Posted June 3, 2015 I finally found an addition.txt in my NOTEPAD, but it seems to be an OLD ONE that I think I ran back in January, 2015 when I had ANOTHER maleware problem ? Here it is below, let me know what to do or if I should re-run FABAR. thanks, Susan Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-01-2015 Ran by NewDesktop_3_2010 at 2015-01-10 11:43:07 Running from C:\Users\NewDesktop_3_2010\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) AirDroid 3.0.2 (HKLM-x32\...\AirDroid) (Version: 3.0.2 - Sand Studio) Amazon Cloud Player (HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Amazon Amazon Cloud Player) (Version: 2.1.0.381 - Amazon Services LLC) Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC) AnswerWorks 4.0 Runtime - English (HKLM-x32\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies) AnswerWorks 5.0 English Runtime (HKLM-x32\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics) AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies) ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft) ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft) ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft) ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft) ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft) ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft) Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.31 - Avanquest Software) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software) CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden CardRd81 (x32 Version: 4.00.0000.0004 - EASTMAN KODAK Company) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform) CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.4.0 - Conexant) CR2 (x32 Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell) Dell Driver Download Manager (HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc) EPSON Printer Software (HKLM-x32\...\EPSON Printer and Utilities) (Version: - ) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden ESScore (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.) Graboid Video 3.58 (HKLM-x32\...\Graboid Video) (Version: 3.58 - Graboid Inc.) Graboid Video 3.58 Setup (HKLM-x32\...\{bcb1ff51-51a4-4048-b534-3a9b3aa4acce}) (Version: 3.5.8 - FUSENET) IBM ViaVoice Integration With 1-2-3 (HKLM-x32\...\IBM ViaVoice Integration With 123) (Version: - ) IBM ViaVoice Outloud Runtime - US English (HKLM-x32\...\VV_Outloud_En_US) (Version: - ) IBM ViaVoice Technology, Dictation Runtime 5.3 (HKLM-x32\...\DeleteProdRunDictate_US) (Version: - ) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) ItsDeductible Express (HKLM-x32\...\{36495C59-089C-49D1-BD15-9E5BD86DC9A1}) (Version: 1.00.0000 - Intuit) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Keyboard Lock Status (HKLM-x32\...\{144A1586-E16C-448D-910D-E12ACD65DD98}) (Version: 1.00.0000 - Logitech) Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company) Lexmark 3400 Series (HKLM\...\Lexmark 3400 Series) (Version: - Lexmark International, Inc.) Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.) Lotus 1-2-3 (HKLM-x32\...\123Suite V99.0) (Version: - ) LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony) Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony) Media Go Video Playback Engine 2.12.105.06300 (HKLM-x32\...\{14BF28ED-011F-64B1-F830-A5D351E6ACDB}) (Version: 2.12.105.06300 - Sony) Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7494 - Memeo Inc.) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Easy Assist v2 (HKLM-x32\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden Norton Identity Safe (HKLM-x32\...\NST) (Version: 2013.4.0.10 - Symantec Corporation) Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation) Norton Utilities (HKLM-x32\...\Norton Utilities_is1) (Version: 14.5 - Symantec Corporation) novaPDF Professional Desktop 7.5 printer (HKLM\...\novaPDF Professional Desktop 7 printer_is1) (Version: - Softland) OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden OneSuite Phone version 1.0.8.21 (HKLM-x32\...\{247969F9-4B17-47DB-9CDA-457D28BFAD9F}_is1) (Version: 1.0.8.21 - OneSuite Corporation) oneworld Timetables (HKLM-x32\...\ONEWORLD) (Version: - ) P@H-Protocol (HKLM-x32\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis) ParetoLogic Data Recovery (HKLM-x32\...\{B1C2398C-6FAB-46D1-806C-5942F0829994}) (Version: 1.1.0 - ParetoLogic) PDFZilla V1.2.9 (HKLM-x32\...\PDFZilla_is1) (Version: - PDFZilla, Inc.) Power E*TRADE Pro (HKLM-x32\...\{7FFF37C7-94A1-4CC0-B9FE-907F7542999D}) (Version: - ) PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.) Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.9.16 - Intuit) Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5780 - Realtek Semiconductor Corp.) Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio) SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3600.200 - TuneUp Software) TuneUp Utilities 2012 (x32 Version: 12.0.3600.200 - TuneUp Software) Hidden TuneUp Utilities Language Pack (en-US) (x32 Version: 12.0.3600.200 - TuneUp Software) Hidden TurboTax 2008 (HKLM-x32\...\TurboTax 2008) (Version: - ) TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version: - Intuit, Inc) TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc) TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc) TurboTax Deluxe 2004 (HKLM-x32\...\TurboTax Deluxe 2004) (Version: - ) TurboTax Deluxe 2005 (HKLM-x32\...\TurboTax Deluxe 2005) (Version: - ) TurboTax Deluxe 2007 (HKLM-x32\...\TurboTax Deluxe 2007) (Version: - ) TurboTax Deluxe Deduction Maximizer 2006 (HKLM-x32\...\TurboTax Deluxe Deduction Maximizer 2006) (Version: - ) TurboTax ItsDeductible 2006 (HKLM-x32\...\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}) (Version: 10.00.0000 - Intuit) Twacker 64 (HKLM\...\{1220ED8B-4383-4AD8-8C8D-B39801DF58D3}) (Version: 2.0.1 - TWAIN Working Group) VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team) VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live OneCare safety scanner (HKLM-x32\...\Windows Live OneCare safety scanner) (Version: - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version: - ) Yahoo! Internet Mail (HKLM-x32\...\Yahoo! Mail) (Version: - ) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP) CustomCLSID: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP) CustomCLSID: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2015-01-09 16:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {06F5D0B8-77C6-496E-A8DD-BA6AE1253074} - System32\Tasks\{DD15EFC9-E0FB-4407-A27B-54FBD802206A} => C:\Program Files (x86)\Lexmark 3400 Series\lxcylpx.exe [2009-05-01] () Task: {0AD636A0-9C90-4384-906A-349CE863D196} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16 Task: {0B03CE8B-3380-4915-9413-0046E46F555A} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {0DFB4D9D-2E37-4739-8DD5-D43D9F22C74F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {0F49EE9C-82AC-4750-8A30-A5FAB7442C04} - System32\Tasks\{2FFC9F47-8A84-47C8-946F-AD71D943D5EC} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation) Task: {19E33B81-6AC6-4F07-9F28-ABA930F5FC35} - System32\Tasks\{5D16388E-0F47-4E8B-8A3A-083704D8F977} => C:\Program Files (x86)\Lexmark 3400 Series\lxcylpx.exe [2009-05-01] () Task: {1DC2812C-13DF-43D6-B9A7-773FB601E505} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-17] (Google Inc.) Task: {2063A408-5C3D-4C82-99F8-0A407883B2A8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-07] (AVAST Software) Task: {21B4C4CF-7E9A-4918-9478-9B06D65E9A64} - System32\Tasks\{2F2DD988-9046-4D6D-A6AF-367DB9F1B4B6} => C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\ttax.exe [2008-03-05] (Intuit, Inc.) Task: {2581E4DA-73FB-46CA-8CFF-E91223896777} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2013-12-11] (TuneUp Software) Task: {287EEC02-1DED-4B6B-BA15-DBFF56C8E754} - System32\Tasks\{39CE76CA-A8D9-4BC9-8BBC-6BD235E4B3EF} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation) Task: {2EA72069-9960-49C4-8E8A-0F7E8947ABA6} - System32\Tasks\{72CA87D4-B7D0-4568-8D70-4FB453AA42BA} => pcalua.exe -a C:\Users\Administrator\AppData\Local\temp\Temp1_R244364_RoxioBurn_v1.01_120B16F.zip\setup.exe Task: {2F6F4E97-72DC-4266-8006-19A1D865457C} - System32\Tasks\DISK CLEANUP => C:\Windows\System32\cleanmgr.exe [2009-07-13] (Microsoft Corporation) Task: {32AE6E00-7117-499B-9DDA-DAF3A82050EE} - System32\Tasks\{E44CB91F-1D82-4E8F-85B1-E42E2C911234} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation) Task: {3806A751-7493-4193-A4B8-B05FFAF16BDF} - System32\Tasks\{200D7197-5970-4169-A4F3-F345CC8452FB} => pcalua.exe -a C:\Users\NewDesktop_3_2010\Desktop\install_easyshare.exe -d C:\Users\NewDesktop_3_2010\Desktop Task: {38BA02C0-C315-4737-B404-D388038D7622} - System32\Tasks\{AE0BB1A0-72F0-4E38-8C04-8031AB99F902} => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe Task: {3E0EE7E3-7FD4-43C0-8BA1-8822E3EB9C17} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.) Task: {4032A799-6ED8-42CA-B6A6-BFD792409F4E} - System32\Tasks\{052C4A68-22BF-4B73-9BC4-5F9A88CB2208} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S3JPRFZF\20110310-003-i32[1].exe" -d C:\Users\NewDesktop_3_2010\Desktop Task: {41E247AE-5646-4A06-82ED-9DB10B5186F9} - System32\Tasks\{F4F698A3-415F-418C-B509-0727AECB6579} => C:\Windows\twain_32\escndv\escndv.exe Task: {447A36C9-50C2-4E45-AED0-44F74C90E5D7} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-29] (Symantec Corporation) Task: {44E9F06F-CE1F-4A35-8FF9-CE17EE1DFCE7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd) Task: {59939E4C-4ED7-4842-9E97-7C96A4F9A7FF} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {5D5D921F-7BC2-4D8F-B928-428075DBCB5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.) Task: {77C9B7B4-7E6C-4378-9FBB-818D7293373B} - System32\Tasks\Google Updater and Installer => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-17] (Google Inc.) Task: {7BE14C5D-CBAE-4BFF-B406-31E9D1D134F1} - System32\Tasks\{E96EC095-071A-4865-8584-154D5CA9663C} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZEBFJTN\PDFConverterSetup[1].exe" -d C:\Users\NewDesktop_3_2010\Desktop Task: {7DA37FC9-4B70-4104-9E19-C3AA226BCAE4} - System32\Tasks\{F9A1CC91-BCF5-493A-8B79-52B1A3A885B3} => C:\Program Files (x86)\ATT-SST\pcBrowser.exe Task: {811A7948-DF59-423C-A413-7597730A68BF} - System32\Tasks\{5B812AEE-82E3-44F3-B113-A31078F9ADF7} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VJ95BZHL\etradePro[1].exe" -d C:\Users\NewDesktop_3_2010\Desktop Task: {82BC76BD-17D4-4580-BD21-3AC019CF5D6B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation) Task: {867962EE-E055-4A07-92D4-289291D69FED} - System32\Tasks\{3EE07BC5-6785-43D6-8C29-988C7713618C} => C:\Users\NewDesktop_3_2010\Desktop\TFC.exe [2014-02-18] (OldTimer Tools) Task: {86BFC80C-CB31-4814-BC14-8CBAB5379F6B} - System32\Tasks\{FBBF8DFB-200C-4CE7-8343-A982E2F3C5E9} => C:\Program Files (x86)\Norton Utilities 14\nu.exe [2010-08-12] (Symantec Corporation) Task: {8B5FA416-CD44-4E29-AD31-DE8CBBA8C7B3} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-29] (Symantec Corporation) Task: {8D39C46A-0D4E-4FC3-BCFE-FFC04B4DB97F} - System32\Tasks\{4870BE4F-5098-405E-A2E6-4BA94B64623B} => C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\ttax.exe [2008-03-05] (Intuit, Inc.) Task: {92E2BE4F-5661-41CE-9125-6D0350DC68C2} - System32\Tasks\{82BBECFE-07EA-42FB-BC0F-41C21A4EAA7C} => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe Task: {96A0F7C6-E7D4-4FBA-9E6A-DD565F1F112C} - System32\Tasks\{9C7F4169-49BC-4208-AC96-59EA3C25081F} => pcalua.exe -a C:\ProgramData\Kodak\EasyShareSetup\$SETUP_1e0001_1f8b2f\Setup.exe -c /APR-REMOVE Task: {9D0456E8-8F92-44EF-BE22-0C09B05C982B} - System32\Tasks\{8096403C-ECD0-4C43-9BB6-44373E694CAE} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation) Task: {AAE95569-8449-4921-B7F1-B6765939C851} - System32\Tasks\CHECK DISK => C:\Windows\System32\chkdsk.exe [2009-07-13] (Microsoft Corporation) Task: {AC00C3D9-0B84-44FE-8774-00330C4E1FC0} - System32\Tasks\{9836EE3C-E0D8-4292-B783-FB7C4CE84C52} => pcalua.exe -a "C:\Program Files (x86)\McAfee\MSC\mcuninst.exe" Task: {ACF7FB82-2298-4377-AF18-AC3DEEA4002F} - System32\Tasks\{0F75C653-2955-4F67-9A71-54A93DE4AFD0} => pcalua.exe -a C:\lexmark\drivers\3400\Setup.exe -d C:\lexmark\drivers\3400 Task: {AF43C1AD-5FB4-433A-A577-D9B02EC74D58} - System32\Tasks\{12BD2777-6770-4212-8E63-CD3A721F3F2F} => C:\Windows\twain_32\escndv\escndv.exe Task: {AF7EF77C-3273-4B57-9637-ED0C047F58E4} - System32\Tasks\{A3285852-6708-457A-8B6F-8ABF8468183D} => C:\Users\NewDesktop_3_2010\Desktop\TFC.exe [2014-02-18] (OldTimer Tools) Task: {B484C23B-0289-480A-9B06-EC31C82B050B} - System32\Tasks\{E8619932-F191-4511-8042-210B0625E57B} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation) Task: {B985710A-B0D4-4664-97B0-E916BD97E214} - System32\Tasks\{12A10945-3A63-456C-95FC-D7B2779E39B2} => pcalua.exe -a C:\Users\Administrator\AppData\Local\temp\Temp1_R220849.zip\Setup.exe Task: {B9E16D06-6528-4388-A08E-C5FDFC6061DC} - System32\Tasks\{86CE0476-35FA-4F34-8AEC-DF3B82128371} => C:\Users\NewDesktop_3_2010\Desktop\TFC.exe [2014-02-18] (OldTimer Tools) Task: {C0AAA828-2535-4174-9B99-5FC7AF4E6EE1} - System32\Tasks\{AB9D1BE6-0D13-459D-B61A-0368B050C8E9} => C:\Program Files (x86)\Norton Utilities 14\nu.exe [2010-08-12] (Symantec Corporation) Task: {CA810F46-882E-43B4-8862-68C81B5BF193} - System32\Tasks\{D5A3ED5D-AA7F-4185-A839-051111E9D5E9} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALLYR477\epson12958[1].exe" -d C:\Users\NewDesktop_3_2010\Desktop Task: {CC3FC713-2C39-42DA-9B52-02A86F3BFCB3} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns Task: {D8C739D3-6AC8-4D2D-912B-A2D53425EB69} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation) Task: {E4E16228-5003-401C-892B-B63366A8968E} - System32\Tasks\{718BCC9E-6280-4FCF-B879-6DB95E977DE4} => C:\Windows\twain_32\escndv\escndv.exe Task: {EF4862E3-615E-48EE-B09C-C8B3650C2076} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-28] (Adobe Systems Incorporated) Task: {F3BE70BA-488A-4ECA-924D-3375E9705395} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-17] (Google Inc.) Task: {F5A602B7-9464-4497-A394-A700D16FCC3C} - System32\Tasks\{E3391F16-6964-49A8-930A-03BBC6384DEF} => C:\Program Files (x86)\ATT-SST\pcBrowser.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\EasyShare Registration Task.job => ßåFï˜L‡oãµáFv< sÀ €!ßÅ!C:\Windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16NewDesktop_3_20180Þ Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core.job => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA.job => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll ==================== Loaded Modules (whitelisted) ============= 2014-01-22 16:44 - 2006-11-27 03:55 - 00144896 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxcypp6c.dll 2013-11-28 14:04 - 2013-11-24 12:56 - 03139072 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe 2010-07-26 12:24 - 2010-07-26 12:24 - 00322784 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe 2015-01-09 16:01 - 2015-01-09 16:01 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010901\algo.dll 2015-01-10 05:16 - 2015-01-10 05:16 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011000\algo.dll 2010-03-23 18:33 - 2010-03-23 18:33 - 00755712 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll 2010-03-23 18:50 - 2010-03-23 18:50 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll 2010-03-27 14:36 - 2010-03-27 14:36 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll 2010-03-27 14:36 - 2010-03-27 14:36 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll 2014-04-07 19:59 - 2014-04-07 19:59 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll 2013-06-18 08:30 - 2012-05-30 09:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON IDENTITY SAFE\ENGINE\2013.4.0.10\wincfi39.dll 2009-04-09 18:04 - 2009-04-09 18:04 - 02141008 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll 2009-03-03 17:17 - 2009-03-03 17:17 - 07704400 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll 2009-04-22 16:53 - 2009-04-22 16:53 - 00969040 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll 2009-03-03 17:17 - 2009-03-03 17:17 - 00475472 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll 2009-03-03 17:17 - 2009-03-03 17:17 - 00363856 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll 2009-03-03 17:17 - 2009-03-03 17:17 - 00200016 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll 2010-10-29 15:01 - 2010-10-29 15:01 - 00027472 _____ () C:\Program Files (x86)\Logitech\Vid HD\SDL.dll 2009-03-03 17:17 - 2009-03-03 17:17 - 11311952 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll 2009-03-03 17:17 - 2009-03-03 17:17 - 00291664 _____ () C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll 2010-10-29 15:02 - 2010-10-29 15:02 - 00751616 _____ () C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll 2009-03-03 17:18 - 2009-03-03 17:18 - 00029008 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll 2009-03-03 17:18 - 2009-03-03 17:18 - 00035152 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll 2009-03-03 17:18 - 2009-03-03 17:18 - 00138064 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll 2015-01-07 13:40 - 2015-01-07 13:40 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-12-12 06:50 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll 2014-12-12 06:50 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll 2010-07-26 12:25 - 2010-07-26 12:25 - 02887904 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll 2010-07-26 12:25 - 2010-07-26 12:25 - 00025824 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll 2010-04-05 13:52 - 2010-04-05 13:52 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL 2015-01-06 15:43 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll 2015-01-06 15:43 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll 2011-02-23 16:24 - 2011-02-23 16:24 - 00406016 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Kfx.dll 2011-02-23 16:23 - 2011-02-23 16:23 - 00264192 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll 2011-02-23 16:21 - 2011-02-23 16:21 - 00356352 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll 2011-02-23 16:19 - 2011-02-23 16:19 - 00237568 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll 2011-02-23 16:38 - 2011-02-23 16:38 - 00234496 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx 2011-02-23 16:15 - 2011-02-23 16:15 - 00090112 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll 2010-01-27 09:28 - 2010-04-24 08:47 - 00078848 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx 2010-01-27 08:43 - 2010-04-24 08:47 - 00062464 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll 2006-03-07 09:05 - 2010-04-24 08:47 - 01564672 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll 2011-02-23 16:37 - 2011-02-23 16:37 - 00761856 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx 2011-02-23 16:17 - 2011-02-23 16:17 - 00152576 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx 2011-02-23 17:00 - 2011-02-23 17:00 - 00684032 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx 2011-02-23 16:24 - 2011-02-23 16:24 - 00084480 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll 2011-02-23 16:15 - 2011-02-23 16:15 - 00129536 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll 2011-02-23 17:55 - 2011-02-23 17:55 - 11503616 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx 2009-09-28 20:19 - 2010-04-24 08:47 - 00782336 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll 2009-09-28 20:19 - 2010-04-24 08:47 - 00868352 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll 2009-09-28 20:20 - 2010-04-24 08:47 - 00462848 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll 2009-09-28 20:19 - 2010-04-24 08:47 - 00155648 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll 2009-09-28 20:21 - 2010-04-24 08:47 - 00528384 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll 2009-09-28 20:20 - 2010-04-24 08:47 - 02236416 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll 2009-09-28 20:21 - 2010-04-24 08:47 - 00847872 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll 2009-09-28 20:21 - 2010-04-24 08:47 - 01396736 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll 2010-01-27 09:54 - 2010-04-24 08:47 - 00171520 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx 2010-01-27 09:18 - 2010-04-24 08:47 - 00052224 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll 2011-02-23 16:36 - 2011-02-23 16:36 - 00143360 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll 2011-02-23 16:15 - 2011-02-23 16:15 - 00084480 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx 2011-02-23 14:25 - 2011-02-23 14:25 - 00010240 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll 2011-02-23 18:02 - 2011-02-23 18:02 - 00339968 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx 2011-02-23 17:01 - 2011-02-23 17:01 - 00098304 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx 2010-01-27 10:01 - 2010-04-24 08:47 - 00315392 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx 2011-02-23 16:55 - 2011-02-23 16:55 - 00688128 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll 2011-02-23 18:00 - 2011-02-23 18:00 - 00471040 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll 2011-02-23 16:16 - 2011-02-23 16:16 - 00044544 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll 2013-10-06 11:26 - 2013-10-06 11:26 - 00442368 _____ () C:\Windows\assembly\GAC_32\WicFileFormat-PlatOpt\1.1.7323.4563__b0cfd8589c27b05f\WicFileFormat-PlatOpt.dll 2014-12-12 06:50 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:D287FACF AlternateDataStreams: C:\Users\NewDesktop_3_2010\Downloads\Microsoft..how did I get this SPAM on my email -----FW Dear yosoy4ever Your second chance in life just arrived.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AERTFilters => 2 MSCONFIG\Services: NIS => 2 MSCONFIG\Services: SeagateDashboardService => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: sprtsvc_DellSupportCenter => 2 MSCONFIG\startupreg: AirDroid 3 => C:\Program Files (x86)\AirDroid\AirDroid.exe /start MSCONFIG\startupreg: ANIWZCS2Service => C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe MSCONFIG\startupreg: DellSystemDetect => C:\Users\NewDesktop_3_2010\AppData\Local\Apps\2.0\T8MZ2MDX.M6Y\TCMN94HH.7XT\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide MSCONFIG\startupreg: lxcymon.exe => "C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe" MSCONFIG\startupreg: Memeo AutoSync => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent MSCONFIG\startupreg: Memeo Instant Backup => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui ========================= Accounts: ========================== Administrator (S-1-5-21-4200233565-3368421019-1326646657-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-4200233565-3368421019-1326646657-501 - Limited - Disabled) NewDesktop_3_2010 (S-1-5-21-4200233565-3368421019-1326646657-1002 - Administrator - Enabled) => C:\Users\NewDesktop_3_2010 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/10/2015 11:43:15 AM) (Source: VSS) (EventID: 12292) (User: ) Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ]. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (01/10/2015 11:43:15 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (01/10/2015 00:00:08 AM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: The backup was not successful. The error is: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031). Error: (01/10/2015 00:00:08 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine GetProviderMgmtInterface. hr = 0x8004230f, The shadow copy provider had an unexpected error while trying to process the specified operation. . Error: (01/10/2015 00:00:08 AM) (Source: VSS) (EventID: 12292) (User: ) Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ]. Operation: Obtain a callable interface for this provider Obtaining provider management interface Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {00000000-0000-0000-0000-000000000000} Snapshot Context: -1 Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Error: (01/10/2015 00:00:08 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Obtain a callable interface for this provider Obtaining provider management interface Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {00000000-0000-0000-0000-000000000000} Snapshot Context: -1 Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Error: (01/09/2015 04:49:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AcroRd32.exe, version: 11.0.10.32, time stamp: 0x547e9779 Faulting module name: IA32.api_unloaded, version: 0.0.0.0, time stamp: 0x547e960b Exception code: 0xc0000005 Fault offset: 0x74556d28 Faulting process id: 0x2a4 Faulting application start time: 0xAcroRd32.exe0 Faulting application path: AcroRd32.exe1 Faulting module path: AcroRd32.exe2 Report Id: AcroRd32.exe3 Error: (01/09/2015 04:41:14 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/09/2015 04:41:14 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/09/2015 04:22:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: PEV.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8 Faulting module name: PEV.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8 Exception code: 0x40000015 Fault offset: 0x0008d1c0 Faulting process id: 0x1ba8 Faulting application start time: 0xPEV.exe0 Faulting application path: PEV.exe1 Faulting module path: PEV.exe2 Report Id: PEV.exe3 System errors: ============= Error: (01/09/2015 06:09:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: %%1058 Error: (01/09/2015 06:09:16 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (01/09/2015 06:04:06 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80070422 Error: (01/09/2015 04:54:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: %%1058 Error: (01/09/2015 04:51:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Media Center Extender Service service depends on the SSDP Discovery service which failed to start because of the following error: %%1058 Error: (01/09/2015 04:48:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Norton Identity Safe service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (01/09/2015 04:48:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s). Error: (01/09/2015 04:36:39 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80070422 Error: (01/09/2015 04:36:38 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80070422 Error: (01/09/2015 04:30:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Microsoft Office Sessions: ========================= Error: (01/10/2015 11:43:15 AM) (Source: VSS) (EventID: 12292) (User: ) Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (01/10/2015 11:43:15 AM) (Source: VSS) (EventID: 13) (User: ) Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (01/10/2015 00:00:08 AM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031) Error: (01/10/2015 00:00:08 AM) (Source: VSS) (EventID: 8193) (User: ) Description: GetProviderMgmtInterface0x8004230f, The shadow copy provider had an unexpected error while trying to process the specified operation. Error: (01/10/2015 00:00:08 AM) (Source: VSS) (EventID: 12292) (User: ) Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Obtain a callable interface for this provider Obtaining provider management interface Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {00000000-0000-0000-0000-000000000000} Snapshot Context: -1 Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Error: (01/10/2015 00:00:08 AM) (Source: VSS) (EventID: 13) (User: ) Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Obtain a callable interface for this provider Obtaining provider management interface Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {00000000-0000-0000-0000-000000000000} Snapshot Context: -1 Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Error: (01/09/2015 04:49:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: AcroRd32.exe11.0.10.32547e9779IA32.api_unloaded0.0.0.0547e960bc000000574556d282a401d02c561de27b92C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exeIA32.api64b6fe36-9849-11e4-accb-00256400cdd2 Error: (01/09/2015 04:41:14 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files\CCleaner\CCleaner64.exe Error: (01/09/2015 04:41:14 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files\CCleaner\CCleaner64.exe Error: (01/09/2015 04:22:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: PEV.exe0.0.0.04e06cfe8PEV.exe0.0.0.04e06cfe8400000150008d1c01ba801d02c52552ca979C:\ComboFix\PEV.exeC:\ComboFix\PEV.exe94ebd817-9845-11e4-accb-00256400cdd2 CodeIntegrity Errors: =================================== Date: 2015-01-09 16:27:39.328 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-09 16:27:39.177 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-18 13:05:15.370 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-18 13:05:15.198 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-14 10:16:11.185 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-14 10:16:10.967 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Celeron® CPU 450 @ 2.20GHz Percentage of memory in use: 77% Total physical RAM: 4061.05 MB Available physical RAM: 905.55 MB Total Pagefile: 8120.29 MB Available Pagefile: 3420.55 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:587.51 GB) (Free:530.32 GB) NTFS Drive e: (TOSHIBA) (Removable) (Total:7.21 GB) (Free:7.12 GB) FAT32 Drive j: (FreeAgent GoFlex Drive) (Fixed) (Total:931.51 GB) (Free:901.87 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 58000000) Partition 1: (Not Active) - (Size=55 MB) - (Type=DE) Partition 2: (Active) - (Size=8.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=587.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 7.2 GB) (Disk ID: 41AA157C) Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B) ======================================================== Disk: 2 (Size: 931.5 GB) (Disk ID: E3FD5F1D) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Maniac Posted June 5, 2015 ID:967443 Share Posted June 5, 2015 Did you recognize these files? 2015-05-08 08:29 - 2015-05-08 08:29 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-HzwVgEwY.exe 2015-05-07 20:13 - 2015-05-07 20:13 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-vSkdxTR1.exe Step 1 I notice that you are using more than one antivirus program.Avast Free AntivirusNorton Internet SecurityThis is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. Please uninstall one of them. I recommend you to keep Norton Internet Security. When you are ready, reboot your system. Step 2 I saw some remnants from McAfee product. Please follow the instrutions from 2. Download and run the McAfee Consumer Product Removal (MCPR) tool: https://service.mcafee.com/FAQDocument.aspx?id=TS101331 Step 3 Please update Malwarebytes Anti-Malware and perform a threat scan. Post the log file in your next reply here. Step 4 Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. In your next reply, post the following log files:Malwarebytes' Anti-Malware logfixlog logfixlist.txt Link to post Share on other sites More sharing options...
yosoy4ever Posted June 5, 2015 Author ID:967491 Share Posted June 5, 2015 Maniac...I am not sure you READ what I wrote above AND LOOKED AT THE DATE of the addition.txt file - is is BACK IN JANUARY, 2015 - when I had another maleware attack and got someone from the malewarebytes forum to help me FIX IT THEN I checked my c: drive and DO NOT FIND ANY AVAST OR McAFEE on my PC....they USE to be there, but are NO LONGER - so I CANNOT PERFORM STEPS one and two above. As regards to step 3 - I am currently running the malewarebytes threat scan AND WILL SEND YOU THE RESULTS IN ANOTHER REPLY WHEN IT IS COMPLETED - but when I did this the first time, that is when I found the PUP.Optional.Mindspark.A maleware and put it in QUARANTINE...when I ran a follow up Malewarebytes scan..it said all clear and nothing detected. My PC was still very slow and getting slower, so that is why I ran the SPYBOT and found ADDITIONAL maleware on my PC AND THAT IS WHEN I CONTACTED YOU. All this info was in what I wrote you above....so...........I have NOT performed Step 4 as you directed above, as I am not certain that what is in there AND "written specifically for my PC" - may screw up my PC even more if you are looking at my OLD addition.txt file. So please get back to me ASAP and tell me what to do NOW, AS MY PC IS STILL VERY SLOW and I am not certain that the malewarebytes scan is showing ALL THAT IS WRONG AND INFECTING MY PC. thank you. Susan Friday June 5, 2015 at 12:18 pm edst Link to post Share on other sites More sharing options...
yosoy4ever Posted June 5, 2015 Author ID:967524 Share Posted June 5, 2015 Maniac: I went into my NOTEPAD and found "several files that were remnants of former Malewarebytes tech reps work" on ridding my PC of maleware back in 2013 and 2014 and 2015 and were NEVER REMOVED from the notepad - and realized THIS is why the addition.txt dated back to January, 2015 - so I deleted all these files from the NOTEPAD and ran FABAR again. Here is what was generated on this NEW scan - FRST.txt first: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015 Ran by NewDesktop_3_2010 (administrator) on NEWDESKTOP_3_10 on 05-06-2015 16:06:25 Running from C:\Users\NewDesktop_3_2010\Downloads Loaded Profiles: NewDesktop_3_2010 (Available Profiles: NewDesktop_3_2010 & Administrator & DefaultAppPool) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe ( ) C:\Windows\System32\lxcycoms.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe (PC Tools) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe (Microsoft Corporation) C:\Windows\System32\Locator.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe (Logitech, Inc.) C:\Windows\LockStatusTray.exe () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\nacl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\nacl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64 (5).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-07-26] (Memeo Inc.) HKLM-x32\...\Run: [sSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-01-17] (Symantec Corporation) HKLM-x32\...\Run: [LockStatusTray] => C:\Windows\LockStatusTray.exe [192512 2008-02-19] (Logitech, Inc.) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd) HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403224 2015-05-07] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.) HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Policies\Explorer: [NoInstrumentation] 1 Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock.lnk [2014-01-22] ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk [2010-03-10] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk [2010-03-10] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk [2013-05-02] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/ SearchScopes: HKLM -> {4FA2740A-3248-40EF-91AD-C4115EBE0A3C} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> {5B6DF038-D9DD-484B-B484-F20DAD050321} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002 -> {E86B926B-C848-46AC-B13C-C8558AA4287A} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130937,20028,0,18,0 BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation) BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll [2013-05-30] (Symantec Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation) Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll [2013-05-30] (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation) DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab DPF: HKLM-x32 {15B782AF-55D8-11D1-B477-006097098764} https://lms.aa.com/sumtotal/nas/wbt/d/d1/cab/awswaxd.cab DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab DPF: HKLM-x32 {413D6754-BFD4-47FE-9346-319559290BFA} https://www.webpcfos.com/webpcfos/websabre/HTEweb_v.cab DPF: HKLM-x32 {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-24] () FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-24] () FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @talk.google.com/O1DPlugin -> C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @tools.google.com/Google Update;version=3 -> C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @tools.google.com/Google Update;version=9 -> C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll [2012-07-24] (Amazon.com, Inc.) FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC) FF Plugin ProgramFiles/Appdata: C:\Users\NewDesktop_3_2010\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\NewDesktop_3_2010\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn [2015-06-05] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.2.0.31\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.2.0.31\coFFPlgn [2015-06-05] Chrome: ======= CHR Profile: C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (ShopAtHome.com) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2015-05-31] CHR Extension: (Bookmark Manager) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-20] CHR Extension: (Norton Identity Safe) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-21] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04] CHR Extension: (Skype Click to Call) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-31] CHR Extension: (Hangouts) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-05-31] CHR Extension: (Google Wallet) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26] CHR Extension: (Norton Security Toolbar) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-05-31] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" [Not Found] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\Exts\Chrome.crx [2013-06-18] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1150592 2014-01-17] (Symantec Corporation) R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed] R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [715784 2015-05-07] (Garmin Ltd. or its subsidiaries) R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation) R2 lxcy_device; C:\Windows\system32\lxcycoms.exe [566192 2006-11-29] ( ) R2 lxcy_device; C:\Windows\SysWOW64\lxcycoms.exe [566192 2006-11-29] ( ) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe [282528 2015-04-01] (Symantec Corporation) R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [795776 2014-01-17] (PC Tools) S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1163904 2014-01-17] (Symantec Corporation) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\BASHDefs\20150601.001\BHDrvx64.sys [1640152 2015-05-21] (Symantec Corporation) R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1602000.01F\ccSetx64.sys [165080 2015-03-26] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\IPSDefs\20150604.001\IDSvia64.sys [684248 2015-05-25] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\VirusDefs\20150604.032\ENG64.SYS [129752 2014-11-15] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\VirusDefs\20150604.032\EX64.SYS [2137304 2014-11-15] (Symantec Corporation) S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.) R0 PxHlpa64; C:\Windows\SysWOW64\Drivers\PxHlpa64.sys [26720 2004-09-23] (Sonic Solutions) [File not signed] R3 SRTSP; C:\Windows\system32\drivers\NSx64\1602000.01F\SRTSP64.SYS [916184 2015-03-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1602000.01F\SRTSPX64.SYS [42200 2015-03-26] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NSx64\1602000.01F\SYMDS64.SYS [490712 2015-03-26] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NSx64\1602000.01F\SYMEFA64.SYS [1151704 2015-03-26] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-05-21] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NSx64\1602000.01F\Ironx64.SYS [271576 2015-03-26] (Symantec Corporation) R1 SymNetS; C:\Windows\system32\drivers\NSx64\1602000.01F\SYMNETS.SYS [565464 2015-03-26] (Symantec Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-08-10] (TuneUp Software) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-05 16:06 - 2015-06-05 16:06 - 00026244 _____ C:\Users\NewDesktop_3_2010\Downloads\FRST.txt 2015-06-05 16:05 - 2015-06-05 16:05 - 02108928 _____ (Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64 (5).exe 2015-06-05 14:49 - 2015-06-05 14:49 - 02108928 _____ (Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64 (4).exe 2015-06-05 02:55 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-05 02:55 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-05 02:55 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-05 02:55 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-05 02:55 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-05 02:55 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-05 02:55 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-05 02:55 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-04 00:45 - 2015-06-05 03:03 - 00047334 _____ C:\Windows\setupact.log 2015-06-04 00:45 - 2015-06-04 00:45 - 00000000 _____ C:\Windows\setuperr.log 2015-06-04 00:38 - 2015-06-04 00:38 - 02108928 _____ (Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64 (2).exe 2015-06-03 15:35 - 2015-06-03 15:35 - 00285327 _____ C:\Users\NewDesktop_3_2010\Downloads\HealthSummary20150603.zip 2015-06-03 13:54 - 2015-06-03 13:54 - 02108928 _____ (Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64 (1).exe 2015-06-03 02:02 - 2015-06-03 02:02 - 00005864 _____ C:\Windows\system32\cc_20150603_020213.reg 2015-06-02 16:29 - 2015-06-02 16:29 - 00285335 _____ C:\Users\NewDesktop_3_2010\Downloads\HealthSummary20150602.zip 2015-06-02 08:40 - 2015-06-02 08:40 - 00003762 _____ C:\Windows\System32\Tasks\ArcSoft Connect Daemon 2015-06-02 07:28 - 2015-06-02 15:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2015-06-02 07:28 - 2015-06-02 07:28 - 00001280 _____ C:\Users\NewDesktop_3_2010\Desktop\Spybot - Search & Destroy.lnk 2015-06-02 07:28 - 2015-06-02 07:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2015-06-02 07:28 - 2015-06-02 07:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2015-06-02 07:26 - 2015-06-02 07:26 - 16409960 _____ (Safer Networking Limited ) C:\Users\NewDesktop_3_2010\Downloads\spybotsd162 (1).exe 2015-06-02 07:25 - 2015-06-02 07:26 - 16409960 _____ (Safer Networking Limited ) C:\Users\NewDesktop_3_2010\Downloads\spybotsd162.exe 2015-05-31 15:55 - 2015-06-05 09:24 - 00175330 _____ C:\Windows\WindowsUpdate.log 2015-05-31 15:54 - 2015-05-31 15:54 - 00081320 _____ C:\Users\NewDesktop_3_2010\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-31 15:48 - 2015-05-31 15:50 - 00000000 ____D C:\AdwCleaner 2015-05-31 15:42 - 2015-05-31 15:42 - 02223104 _____ C:\Users\NewDesktop_3_2010\Downloads\adwcleaner_4.205.exe 2015-05-28 16:51 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-05-28 16:35 - 2015-05-28 16:35 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{A7EDB781-4C87-4C1B-93B8-2BC47871B562} 2015-05-28 15:17 - 2015-05-28 15:17 - 00015139 _____ C:\Users\NewDesktop_3_2010\Downloads\KATRINA - I STILL HAVE NOT RECEIVED THE REQUESTED FORM, HAVE NOT RECEIVED ANY RESPONSE IN THE MAIL....RE Katrina - I need a copy of the TENANT AUTO INFORMATION FORM SENT TO ME ASAP (1).zip 2015-05-26 16:57 - 2015-05-26 16:57 - 06549184 _____ (Piriform Ltd) C:\Users\NewDesktop_3_2010\Downloads\ccsetup506.exe 2015-05-25 11:09 - 2015-05-25 11:09 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{E71D18C5-71DF-4AA7-B428-39CD7A2DDBA3} 2015-05-24 23:08 - 2015-05-24 23:08 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{D144978D-3187-4479-A82C-ADB43C10113B} 2015-05-24 11:07 - 2015-05-24 11:07 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{235E64BE-D04A-44C3-836C-0CBCE003941D} 2015-05-23 23:06 - 2015-05-23 23:06 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{BB63F625-D151-49FB-9016-0F7E181DCFDB} 2015-05-23 11:06 - 2015-05-23 11:06 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{1DF7316D-01C3-433D-9C80-684FF104037A} 2015-05-22 15:10 - 2015-05-22 15:10 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-igxRSQcK.exe 2015-05-22 15:09 - 2015-05-22 15:09 - 00000000 ____D C:\Program Files (x86)\Valassis 2015-05-22 15:06 - 2015-05-22 15:06 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-VZqT1rla.exe 2015-05-21 21:16 - 2015-05-21 21:16 - 00022839 _____ C:\Users\NewDesktop_3_2010\Downloads\Invoke Solutions may 21 2015 forum for one hundred sixty five dollars for one and a half hour online forum participation by EJO.html 2015-05-21 21:16 - 2015-05-21 21:16 - 00000000 ____D C:\Users\NewDesktop_3_2010\Downloads\Invoke Solutions may 21 2015 forum for one hundred sixty five dollars for one and a half hour online forum participation by EJO_files 2015-05-21 17:40 - 2015-05-21 17:40 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (9).exe 2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (8).exe 2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (7).exe 2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (6).exe 2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (5).exe 2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (4).exe 2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (3).exe 2015-05-21 17:35 - 2015-05-21 17:35 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (2).exe 2015-05-21 16:32 - 2015-05-21 16:32 - 00001088 _____ C:\Users\Public\Desktop\OneSuite Phone.lnk 2015-05-21 16:32 - 2015-05-21 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSuite 2015-05-21 16:32 - 2015-05-21 16:32 - 00000000 ____D C:\Program Files (x86)\OneSuite 2015-05-21 16:31 - 2015-05-21 16:31 - 10951142 _____ (OneSuite Corporation ) C:\Users\NewDesktop_3_2010\Downloads\ospsetup.exe 2015-05-21 16:31 - 2015-05-21 16:31 - 10951142 _____ (OneSuite Corporation ) C:\Users\NewDesktop_3_2010\Downloads\ospsetup (1).exe 2015-05-21 13:22 - 2015-05-21 13:22 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security 2015-05-21 13:18 - 2015-05-21 13:18 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2015-05-21 13:17 - 2015-05-21 13:17 - 00102616 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2015-05-21 13:17 - 2015-05-21 13:17 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2015-05-21 13:17 - 2015-05-21 13:17 - 00002470 _____ C:\Users\Public\Desktop\Norton Security.lnk 2015-05-21 13:17 - 2015-05-21 13:17 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2015-05-21 13:15 - 2015-05-21 13:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security 2015-05-21 13:15 - 2015-05-21 13:15 - 00000000 ____D C:\Windows\system32\Drivers\NSx64 2015-05-21 13:15 - 2015-05-21 13:15 - 00000000 ____D C:\Program Files (x86)\Norton Security 2015-05-21 12:56 - 2015-05-21 13:02 - 01445376 _____ C:\Users\NewDesktop_3_2010\Desktop\ID Safe BackUp.DAT 2015-05-21 11:29 - 2015-05-21 11:29 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (24).exe 2015-05-21 11:29 - 2015-05-21 11:29 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (23).exe 2015-05-21 11:29 - 2015-05-21 11:29 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (22).exe 2015-05-18 14:20 - 2015-05-18 14:20 - 00015139 _____ C:\Users\NewDesktop_3_2010\Downloads\KATRINA - I STILL HAVE NOT RECEIVED THE REQUESTED FORM, HAVE NOT RECEIVED ANY RESPONSE IN THE MAIL....RE Katrina - I need a copy of the TENANT AUTO INFORMATION FORM SENT TO ME ASAP.zip 2015-05-16 14:05 - 2015-05-16 14:05 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{ADE026BA-C1E9-460A-A563-849768108DA5} 2015-05-13 03:03 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 03:03 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 00:46 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-13 00:46 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-13 00:46 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 00:46 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 00:46 - 2015-04-10 12:54 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-13 00:46 - 2015-04-10 12:44 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-13 00:46 - 2015-04-10 12:43 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-13 00:46 - 2015-04-10 12:43 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-13 00:46 - 2015-04-10 12:39 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-13 00:46 - 2015-04-10 12:39 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-13 00:46 - 2015-04-10 12:38 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-13 00:46 - 2015-04-10 12:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-13 00:46 - 2015-04-10 12:37 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-13 00:46 - 2015-04-10 12:37 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-13 00:46 - 2015-04-10 12:37 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-13 00:46 - 2015-04-10 12:37 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-13 00:46 - 2015-04-10 12:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-13 00:46 - 2015-04-10 12:37 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-13 00:46 - 2015-04-10 12:37 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-13 00:46 - 2015-04-10 12:37 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-05-13 00:46 - 2015-04-10 12:37 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-13 00:46 - 2015-04-10 12:37 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-13 00:46 - 2015-04-10 12:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-13 00:46 - 2015-04-10 12:37 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-05-13 00:46 - 2015-04-10 12:37 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-05-13 00:46 - 2015-04-10 12:36 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-05-13 00:46 - 2015-04-10 11:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-13 00:46 - 2015-04-10 11:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-13 00:46 - 2015-04-10 11:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-13 00:46 - 2015-04-10 11:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-13 00:46 - 2015-04-10 11:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-13 00:46 - 2015-04-10 11:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-13 00:46 - 2015-04-10 11:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-13 00:46 - 2015-04-10 11:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-13 00:46 - 2015-04-10 11:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-13 00:46 - 2015-04-10 11:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-13 00:46 - 2015-04-10 11:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-13 00:46 - 2015-04-10 11:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-05-13 00:46 - 2015-04-10 11:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2015-05-13 00:46 - 2015-04-10 11:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-05-13 00:46 - 2015-04-10 11:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-05-13 00:46 - 2015-04-10 11:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-05-13 00:46 - 2015-04-10 11:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-13 00:46 - 2015-04-10 11:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-05-13 00:46 - 2015-04-10 11:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-13 00:46 - 2015-04-10 11:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2015-05-13 00:46 - 2015-04-10 11:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2015-05-13 00:46 - 2015-04-10 11:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2015-05-13 00:45 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-13 00:45 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-05-13 00:45 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-13 00:45 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-05-13 00:45 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-05-13 00:45 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-05-13 00:45 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-05-13 00:45 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-05-13 00:45 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-13 00:45 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-05-13 00:45 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-05-13 00:45 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-05-13 00:45 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-05-13 00:45 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-05-13 00:45 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-05-13 00:45 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-13 00:45 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-13 00:45 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-05-13 00:45 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-05-13 00:45 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-05-13 00:45 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-05-13 00:45 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-05-13 00:45 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-05-13 00:45 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-05-13 00:45 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-05-13 00:45 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-05-13 00:45 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-05-13 00:45 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-05-13 00:45 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-05-13 00:45 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-05-13 00:45 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-05-13 00:45 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-05-13 00:45 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-05-13 00:45 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-05-13 00:45 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-05-13 00:45 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-05-13 00:45 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-05-13 00:45 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-05-13 00:45 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-05-13 00:45 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-05-13 00:45 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-05-13 00:45 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-13 00:45 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-05-13 00:45 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-05-13 00:45 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 00:45 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-05-13 00:45 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 00:44 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-05-13 00:44 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-05-13 00:44 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 00:44 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 00:44 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 00:44 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-13 00:44 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 00:44 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 00:44 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-13 00:44 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-13 00:44 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-13 00:40 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 00:40 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 00:40 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 00:40 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 00:40 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-13 00:40 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-13 00:40 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-12 18:17 - 2015-05-12 18:17 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (16).exe 2015-05-12 18:13 - 2015-05-12 18:13 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (15).exe 2015-05-12 18:13 - 2015-05-12 18:13 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (14).exe 2015-05-12 12:52 - 2015-05-12 12:53 - 00003684 _____ C:\Users\NewDesktop_3_2010\Downloads\OPTIONSHOUSE_2015_TRANSACTIONS_AccountHistoryReport.csv 2015-05-12 12:28 - 2015-05-12 12:29 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\Garmin_Ltd._or_its_subsid 2015-05-12 12:26 - 2015-05-12 12:26 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask 2015-05-12 12:26 - 2015-05-12 12:26 - 00001892 _____ C:\Users\Public\Desktop\Garmin Express.lnk 2015-05-12 12:26 - 2015-05-12 12:26 - 00000000 ____D C:\ProgramData\Garmin 2015-05-12 12:21 - 2015-05-12 12:22 - 41023360 _____ (Garmin Ltd or its subsidiaries) C:\Users\NewDesktop_3_2010\Downloads\GarminExpress.exe 2015-05-12 09:57 - 2015-05-12 09:57 - 00005245 _____ C:\Users\NewDesktop_3_2010\Downloads\AccountHistoryReport.csv 2015-05-12 09:57 - 2015-05-12 09:57 - 00005245 _____ C:\Users\NewDesktop_3_2010\Downloads\AccountHistoryReport (1).csv 2015-05-08 08:29 - 2015-05-08 08:29 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-HzwVgEwY.exe 2015-05-07 20:13 - 2015-05-07 20:13 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-vSkdxTR1.exe 2015-05-06 19:58 - 2015-05-06 20:00 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64 (5).exe 2015-05-06 19:58 - 2015-05-06 20:00 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64 (4).exe 2015-05-06 19:58 - 2015-05-06 20:00 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64 (3).exe 2015-05-06 19:58 - 2015-05-06 19:58 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64 (2).exe 2015-05-06 19:58 - 2015-05-06 19:58 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64 (1).exe 2015-05-06 19:57 - 2015-05-06 19:57 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-05 16:06 - 2014-02-19 11:46 - 00000000 ____D C:\FRST 2015-06-05 15:48 - 2013-05-02 14:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-05 15:48 - 2011-02-21 11:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-05 15:26 - 2014-10-12 11:57 - 00000956 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA.job 2015-06-05 14:54 - 2010-03-16 21:13 - 00000000 ____D C:\Users\NewDesktop_3_2010 2015-06-05 13:51 - 2011-02-21 11:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-05 13:27 - 2014-12-28 11:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-05 11:42 - 2012-10-21 14:12 - 00000000 ____D C:\Program Files (x86)\Avanquest update 2015-06-05 11:42 - 2010-03-10 06:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-06-05 11:26 - 2014-10-12 11:57 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core.job 2015-06-05 09:19 - 2015-01-25 18:38 - 00000312 _____ C:\Windows\Tasks\NUAutoUpdate.job 2015-06-05 09:19 - 2010-03-15 22:23 - 00000000 ____D C:\ProgramData\TEMP 2015-06-05 09:18 - 2013-10-28 09:48 - 00000095 _____ C:\Users\NewDesktop_3_2010\.accessibility.properties 2015-06-05 03:11 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-05 03:11 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-05 03:03 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-05 03:02 - 2014-12-10 04:26 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-05 03:02 - 2014-04-24 12:24 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-05 03:00 - 2015-02-10 12:23 - 00000354 _____ C:\Windows\Tasks\SpeedDiskSchedule.job 2015-06-04 18:00 - 2012-11-07 15:21 - 00000490 _____ C:\Windows\Tasks\ParetoLogic Registration.job 2015-06-03 12:35 - 2010-04-07 08:42 - 09903104 ____R C:\Users\Public\Documents\ESBK.mbb 2015-06-03 12:35 - 2010-04-07 08:42 - 04922368 ____R C:\Users\Public\Documents\ESBK.mb 2015-06-02 11:16 - 2015-01-25 18:44 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Roaming\Norton Utilities 16 2015-06-02 08:39 - 2013-02-02 13:02 - 00003704 _____ C:\Windows\System32\Tasks\Java Update Scheduler 2015-06-02 08:39 - 2013-01-26 13:59 - 00003694 _____ C:\Windows\System32\Tasks\Adobe online update program 2015-06-02 07:54 - 2013-01-26 13:41 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2012 2015-05-31 19:22 - 2012-12-17 21:57 - 00004002 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9EC003F4-3A64-4D9A-B092-891289AE3404} 2015-05-31 14:57 - 2014-12-28 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-05-31 14:57 - 2014-12-28 11:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-05-31 08:58 - 2015-02-25 16:38 - 00000306 _____ C:\Windows\Tasks\NUSchedule.job 2015-05-31 08:58 - 2015-01-25 20:00 - 00074710 _____ C:\Windows\SysWOW64\AppLog.log 2015-05-27 09:18 - 2014-05-31 13:20 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-05-27 08:49 - 2009-07-13 22:34 - 87031808 _____ C:\Windows\system32\config\software.rmbak 2015-05-27 08:49 - 2009-07-13 22:34 - 00532480 _____ C:\Windows\system32\config\default.rmbak 2015-05-27 08:35 - 2015-03-14 09:52 - 01093632 _____ C:\Users\Administrator\s-1-5-21-4200233565-3368421019-1326646657-500.rrr 2015-05-27 08:35 - 2014-01-22 17:11 - 00000000 ____D C:\Users\Administrator 2015-05-26 16:59 - 2013-05-03 11:55 - 00000000 ____D C:\Program Files\CCleaner 2015-05-25 17:16 - 2010-04-24 09:40 - 00000424 _____ C:\Windows\Tasks\EasyShare Registration Task.job 2015-05-22 19:06 - 2012-02-09 18:00 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\LogMeIn Rescue Applet 2015-05-21 13:22 - 2010-03-15 22:09 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton 2015-05-21 13:22 - 2010-03-15 22:09 - 00000000 ____D C:\ProgramData\Norton 2015-05-21 13:13 - 2012-02-11 19:10 - 00001309 _____ C:\Users\NewDesktop_3_2010\Desktop\Norton Installation Files.lnk 2015-05-21 13:13 - 2010-03-15 22:09 - 00000000 ____D C:\Users\Public\Downloads\Norton 2015-05-18 08:51 - 2013-05-14 14:05 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-16 14:08 - 2009-07-14 01:13 - 00862872 _____ C:\Windows\system32\PerfStringBackup.INI 2015-05-16 13:43 - 2011-02-21 11:35 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-16 13:43 - 2011-02-21 11:35 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-15 11:21 - 2014-10-12 11:57 - 00003950 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA 2015-05-15 11:21 - 2014-10-12 11:57 - 00003554 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core 2015-05-13 04:51 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache 2015-05-13 03:49 - 2013-04-04 18:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-05-13 03:49 - 2013-04-04 18:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-05-13 03:49 - 2009-07-14 00:45 - 00340480 _____ C:\Windows\system32\FNTCACHE.DAT 2015-05-13 03:44 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal 2015-05-13 03:20 - 2013-08-08 12:56 - 00000000 ____D C:\Windows\system32\MRT 2015-05-13 03:08 - 2010-04-15 07:11 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-13 03:03 - 2013-04-04 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-12 12:28 - 2013-01-26 12:49 - 00000000 ____D C:\Program Files\DIFX 2015-05-12 12:27 - 2013-01-26 12:45 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Roaming\Garmin 2015-05-12 12:27 - 2013-01-26 12:45 - 00000000 ____D C:\Program Files (x86)\Garmin 2015-05-12 12:26 - 2013-01-26 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2015-05-12 12:25 - 2012-11-20 23:32 - 00000000 ____D C:\ProgramData\Package Cache 2015-05-06 19:59 - 2014-08-25 12:24 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-05-06 19:59 - 2014-08-25 12:24 - 00000000 ____D C:\Program Files\Java 2015-05-06 19:53 - 2013-10-28 01:46 - 00000000 ____D C:\ProgramData\Oracle 2015-05-06 19:52 - 2010-03-10 06:11 - 00000000 ____D C:\Program Files (x86)\Java 2015-05-06 19:49 - 2015-04-13 10:21 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-05-06 19:39 - 2011-11-29 09:56 - 00002037 _____ C:\Users\NewDesktop_3_2010\Desktop\E-TRADE Pro.lnk ==================== Files in the root of some directories ======= 2010-03-17 18:43 - 2015-04-14 20:46 - 0001948 _____ () C:\Users\NewDesktop_3_2010\AppData\Roaming\wklnhst.dat 2014-05-25 01:04 - 2014-05-25 01:04 - 0893239 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\a.zip 2014-05-25 01:04 - 2014-05-25 01:04 - 2162416 _____ (Catalina Marketing Corp) C:\Users\NewDesktop_3_2010\AppData\Local\BcsKtYcHW.dll 2013-12-13 08:35 - 2013-12-13 08:36 - 0007605 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\Resmon.ResmonCfg 2011-10-16 14:03 - 2011-10-16 14:03 - 0000000 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\{62C84699-B853-4384-BF6C-E456B46B3F4F} 2011-08-10 22:57 - 2011-08-10 22:57 - 0000000 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\{FDF947EE-4675-4262-A24B-4D2DE1711DBD} 2012-04-11 18:44 - 2012-04-13 09:54 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-04 01:15 ==================== End of log ============================ Link to post Share on other sites More sharing options...
yosoy4ever Posted June 5, 2015 Author ID:967525 Share Posted June 5, 2015 Maniac: here is the NEW addition.txt scan results from today's scan - Friday, June 5, 2015: Please let ME KNOW what you want me to do next. Thank you for your continued HELP and I hope this NEW CURRENT SCAN RESULTS will aid you in figuring out what plagues my PC. Regards, Susan Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015 Ran by NewDesktop_3_2010 at 2015-06-05 16:10:17 Running from C:\Users\NewDesktop_3_2010\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4200233565-3368421019-1326646657-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-4200233565-3368421019-1326646657-501 - Limited - Disabled) NewDesktop_3_2010 (S-1-5-21-4200233565-3368421019-1326646657-1002 - Administrator - Enabled) => C:\Users\NewDesktop_3_2010 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Amazon Cloud Player (HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Amazon Amazon Cloud Player) (Version: 2.1.0.381 - Amazon Services LLC) Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC) AnswerWorks 4.0 Runtime - English (HKLM-x32\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies) AnswerWorks 5.0 English Runtime (HKLM-x32\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics) AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft) ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft) ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft) ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft) ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft) ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft) CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden CardRd81 (x32 Version: 4.00.0000.0004 - EASTMAN KODAK Company) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform) CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.4.0 - Conexant) CR2 (x32 Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell) Dell Driver Download Manager (HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc) Elevated Installer (x32 Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Hidden EPSON Printer Software (HKLM-x32\...\EPSON Printer and Utilities) (Version: - ) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden ESScore (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden Garmin Express (HKLM-x32\...\{cc3a3e9f-5960-4162-9538-497b3a82b52e}) (Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.) Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.) Graboid Video 3.58 (HKLM-x32\...\Graboid Video) (Version: 3.58 - Graboid Inc.) Graboid Video 3.58 Setup (HKLM-x32\...\{bcb1ff51-51a4-4048-b534-3a9b3aa4acce}) (Version: 3.5.8 - FUSENET) IBM ViaVoice Integration With 1-2-3 (HKLM-x32\...\IBM ViaVoice Integration With 123) (Version: - ) IBM ViaVoice Outloud Runtime - US English (HKLM-x32\...\VV_Outloud_En_US) (Version: - ) IBM ViaVoice Technology, Dictation Runtime 5.3 (HKLM-x32\...\DeleteProdRunDictate_US) (Version: - ) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) ItsDeductible Express (HKLM-x32\...\{36495C59-089C-49D1-BD15-9E5BD86DC9A1}) (Version: 1.00.0000 - Intuit) Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Keyboard Lock Status (HKLM-x32\...\{144A1586-E16C-448D-910D-E12ACD65DD98}) (Version: 1.00.0000 - Logitech) Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company) Lexmark 3400 Series (HKLM\...\Lexmark 3400 Series) (Version: - Lexmark International, Inc.) LifeScan USB Device Driver vSL2.0 (Driver Removal) (HKLM-x32\...\LFSVCOMM&10C4&85A7) (Version: - LifeScan Inc) Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.) Lotus 1-2-3 (HKLM-x32\...\123Suite V99.0) (Version: - ) LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony) Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony) Media Go Video Playback Engine 2.12.105.06300 (HKLM-x32\...\{14BF28ED-011F-64B1-F830-A5D351E6ACDB}) (Version: 2.12.105.06300 - Sony) Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7494 - Memeo Inc.) Meter Drivers for OneTouch® Software (x32 Version: 1.10.0.0 - LifeScan) Hidden Meter Drivers for OneTouch® Software (x32 Version: 1.9.1.0 - LifeScan) Hidden Meter Drivers for OneTouch® Software v1.10.0.0 (HKLM-x32\...\InstallShield_{A2C173E1-FB29-4B31-8ED6-CBEE8025E00A}) (Version: 1.10.0.0 - LifeScan) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Easy Assist v2 (HKLM-x32\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation) Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.4276.0) (Version: 4.0.4276.0 - Microsoft Corporation) Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{64C12304-7010-43F3-A25B-BDC38DE41E46}) (Version: 4.0.4276.0 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden Norton Identity Safe (HKLM-x32\...\NST) (Version: 2013.4.0.10 - Symantec Corporation) Norton Security (HKLM-x32\...\NS) (Version: 22.2.0.31 - Symantec Corporation) Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation) novaPDF Professional Desktop 7.5 printer (HKLM\...\novaPDF Professional Desktop 7 printer_is1) (Version: - Softland) OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden OneSuite Phone version 1.0.8.21 (HKLM-x32\...\{247969F9-4B17-47DB-9CDA-457D28BFAD9F}_is1) (Version: 1.0.8.21 - OneSuite Corporation) OneTouch Software (HKLM-x32\...\{82FEBE5D-61EC-4365-A213-2B278780945E}) (Version: - ) oneworld Timetables (HKLM-x32\...\ONEWORLD) (Version: - ) P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis) ParetoLogic Data Recovery (HKLM-x32\...\{B1C2398C-6FAB-46D1-806C-5942F0829994}) (Version: 1.1.0 - ParetoLogic) PDFZilla V1.2.9 (HKLM-x32\...\PDFZilla_is1) (Version: - PDFZilla, Inc.) PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC) Power E*TRADE Pro (HKLM-x32\...\{7FFF37C7-94A1-4CC0-B9FE-907F7542999D}) (Version: - ) PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.) Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.9.16 - Intuit) Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5780 - Realtek Semiconductor Corp.) Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio) SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3600.200 - TuneUp Software) TuneUp Utilities 2012 (x32 Version: 12.0.3600.200 - TuneUp Software) Hidden TuneUp Utilities Language Pack (en-US) (x32 Version: 12.0.3600.200 - TuneUp Software) Hidden TurboTax 2008 (HKLM-x32\...\TurboTax 2008) (Version: - ) TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version: - Intuit, Inc) TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc) TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc) TurboTax Deluxe 2004 (HKLM-x32\...\TurboTax Deluxe 2004) (Version: - ) TurboTax Deluxe 2005 (HKLM-x32\...\TurboTax Deluxe 2005) (Version: - ) TurboTax Deluxe 2007 (HKLM-x32\...\TurboTax Deluxe 2007) (Version: - ) TurboTax Deluxe Deduction Maximizer 2006 (HKLM-x32\...\TurboTax Deluxe Deduction Maximizer 2006) (Version: - ) TurboTax ItsDeductible 2006 (HKLM-x32\...\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}) (Version: 10.00.0000 - Intuit) Twacker 64 (HKLM\...\{1220ED8B-4383-4AD8-8C8D-B39801DF58D3}) (Version: 2.0.1 - TWAIN Working Group) VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team) VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live OneCare safety scanner (HKLM-x32\...\Windows Live OneCare safety scanner) (Version: - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version: - ) Yahoo! Internet Mail (HKLM-x32\...\Yahoo! Mail) (Version: - ) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP) CustomCLSID: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP) CustomCLSID: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP) ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2015-01-09 17:29 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {066B9166-C70A-40CB-83AE-904B64B52301} - System32\Tasks\SpeedDiskSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe [2014-01-17] () Task: {06F5D0B8-77C6-496E-A8DD-BA6AE1253074} - System32\Tasks\{DD15EFC9-E0FB-4407-A27B-54FBD802206A} => C:\Program Files (x86)\Lexmark 3400 Series\lxcylpx.exe [2009-05-01] () Task: {0AD636A0-9C90-4384-906A-349CE863D196} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16 Task: {0F49EE9C-82AC-4750-8A30-A5FAB7442C04} - System32\Tasks\{2FFC9F47-8A84-47C8-946F-AD71D943D5EC} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation) Task: {19E33B81-6AC6-4F07-9F28-ABA930F5FC35} - System32\Tasks\{5D16388E-0F47-4E8B-8A3A-083704D8F977} => C:\Program Files (x86)\Lexmark 3400 Series\lxcylpx.exe [2009-05-01] () Task: {1DC2812C-13DF-43D6-B9A7-773FB601E505} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-17] (Google Inc.) Task: {2063A408-5C3D-4C82-99F8-0A407883B2A8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: {21B4C4CF-7E9A-4918-9478-9B06D65E9A64} - System32\Tasks\{2F2DD988-9046-4D6D-A6AF-367DB9F1B4B6} => C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\ttax.exe [2008-03-06] (Intuit, Inc.) Task: {2581E4DA-73FB-46CA-8CFF-E91223896777} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2013-12-11] (TuneUp Software) Task: {287EEC02-1DED-4B6B-BA15-DBFF56C8E754} - System32\Tasks\{39CE76CA-A8D9-4BC9-8BBC-6BD235E4B3EF} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation) Task: {2EA72069-9960-49C4-8E8A-0F7E8947ABA6} - System32\Tasks\{72CA87D4-B7D0-4568-8D70-4FB453AA42BA} => pcalua.exe -a C:\Users\Administrator\AppData\Local\temp\Temp1_R244364_RoxioBurn_v1.01_120B16F.zip\setup.exe Task: {2F6F4E97-72DC-4266-8006-19A1D865457C} - System32\Tasks\DISK CLEANUP => C:\Windows\System32\cleanmgr.exe [2009-07-13] (Microsoft Corporation) Task: {32AE6E00-7117-499B-9DDA-DAF3A82050EE} - System32\Tasks\{E44CB91F-1D82-4E8F-85B1-E42E2C911234} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation) Task: {3806A751-7493-4193-A4B8-B05FFAF16BDF} - System32\Tasks\{200D7197-5970-4169-A4F3-F345CC8452FB} => pcalua.exe -a C:\Users\NewDesktop_3_2010\Desktop\install_easyshare.exe -d C:\Users\NewDesktop_3_2010\Desktop Task: {38BA02C0-C315-4737-B404-D388038D7622} - System32\Tasks\{AE0BB1A0-72F0-4E38-8C04-8031AB99F902} => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe Task: {396B2401-18BC-472A-893A-C787CB1602A9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: {3E0EE7E3-7FD4-43C0-8BA1-8822E3EB9C17} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.) Task: {4032A799-6ED8-42CA-B6A6-BFD792409F4E} - System32\Tasks\{052C4A68-22BF-4B73-9BC4-5F9A88CB2208} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S3JPRFZF\20110310-003-i32[1].exe" -d C:\Users\NewDesktop_3_2010\Desktop Task: {41E247AE-5646-4A06-82ED-9DB10B5186F9} - System32\Tasks\{F4F698A3-415F-418C-B509-0727AECB6579} => C:\Windows\twain_32\escndv\escndv.exe Task: {447A36C9-50C2-4E45-AED0-44F74C90E5D7} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-29] (Symantec Corporation) Task: {44E9F06F-CE1F-4A35-8FF9-CE17EE1DFCE7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd) Task: {45599F81-2FA9-49B5-A0BD-43EE70B58749} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {533999ED-C610-465B-98B4-6B38B4FB844B} - System32\Tasks\NUAutoUpdate => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2015-04-03] (Symantec) Task: {59939E4C-4ED7-4842-9E97-7C96A4F9A7FF} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {5D5D921F-7BC2-4D8F-B928-428075DBCB5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.) Task: {75DA6122-A062-4AE5-85F0-8ACB068B205C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\WSCStub.exe [2015-04-01] (Symantec Corporation) Task: {77C9B7B4-7E6C-4378-9FBB-818D7293373B} - System32\Tasks\Google Updater and Installer => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-17] (Google Inc.) Task: {7B1D529E-7123-4E41-AA6E-6E8EAACBA10A} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation) Task: {7BE14C5D-CBAE-4BFF-B406-31E9D1D134F1} - System32\Tasks\{E96EC095-071A-4865-8584-154D5CA9663C} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZEBFJTN\PDFConverterSetup[1].exe" -d C:\Users\NewDesktop_3_2010\Desktop Task: {7DA37FC9-4B70-4104-9E19-C3AA226BCAE4} - System32\Tasks\{F9A1CC91-BCF5-493A-8B79-52B1A3A885B3} => C:\Program Files (x86)\ATT-SST\pcBrowser.exe Task: {811A7948-DF59-423C-A413-7597730A68BF} - System32\Tasks\{5B812AEE-82E3-44F3-B113-A31078F9ADF7} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VJ95BZHL\etradePro[1].exe" -d C:\Users\NewDesktop_3_2010\Desktop Task: {867962EE-E055-4A07-92D4-289291D69FED} - System32\Tasks\{3EE07BC5-6785-43D6-8C29-988C7713618C} => C:\Users\NewDesktop_3_2010\Desktop\TFC.exe [2014-02-18] (OldTimer Tools) Task: {86BFC80C-CB31-4814-BC14-8CBAB5379F6B} - System32\Tasks\{FBBF8DFB-200C-4CE7-8343-A982E2F3C5E9} => C:\Program Files (x86)\Norton Utilities 14\nu.exe Task: {8B5FA416-CD44-4E29-AD31-DE8CBBA8C7B3} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-29] (Symantec Corporation) Task: {8D39C46A-0D4E-4FC3-BCFE-FFC04B4DB97F} - System32\Tasks\{4870BE4F-5098-405E-A2E6-4BA94B64623B} => C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\ttax.exe [2008-03-06] (Intuit, Inc.) Task: {92E2BE4F-5661-41CE-9125-6D0350DC68C2} - System32\Tasks\{82BBECFE-07EA-42FB-BC0F-41C21A4EAA7C} => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe Task: {96A0F7C6-E7D4-4FBA-9E6A-DD565F1F112C} - System32\Tasks\{9C7F4169-49BC-4208-AC96-59EA3C25081F} => pcalua.exe -a C:\ProgramData\Kodak\EasyShareSetup\$SETUP_1e0001_1f8b2f\Setup.exe -c /APR-REMOVE Task: {9D0456E8-8F92-44EF-BE22-0C09B05C982B} - System32\Tasks\{8096403C-ECD0-4C43-9BB6-44373E694CAE} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation) Task: {AAE95569-8449-4921-B7F1-B6765939C851} - System32\Tasks\CHECK DISK => C:\Windows\System32\chkdsk.exe [2009-07-13] (Microsoft Corporation) Task: {AC00C3D9-0B84-44FE-8774-00330C4E1FC0} - System32\Tasks\{9836EE3C-E0D8-4292-B783-FB7C4CE84C52} => pcalua.exe -a "C:\Program Files (x86)\McAfee\MSC\mcuninst.exe" Task: {ACF7FB82-2298-4377-AF18-AC3DEEA4002F} - System32\Tasks\{0F75C653-2955-4F67-9A71-54A93DE4AFD0} => pcalua.exe -a C:\lexmark\drivers\3400\Setup.exe -d C:\lexmark\drivers\3400 Task: {AF42F048-C0C7-45FE-B1EC-A53027470CAA} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-03-26] (Microsoft Corporation) Task: {AF43C1AD-5FB4-433A-A577-D9B02EC74D58} - System32\Tasks\{12BD2777-6770-4212-8E63-CD3A721F3F2F} => C:\Windows\twain_32\escndv\escndv.exe Task: {AF7EF77C-3273-4B57-9637-ED0C047F58E4} - System32\Tasks\{A3285852-6708-457A-8B6F-8ABF8468183D} => C:\Users\NewDesktop_3_2010\Desktop\TFC.exe [2014-02-18] (OldTimer Tools) Task: {B484C23B-0289-480A-9B06-EC31C82B050B} - System32\Tasks\{E8619932-F191-4511-8042-210B0625E57B} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation) Task: {B985710A-B0D4-4664-97B0-E916BD97E214} - System32\Tasks\{12A10945-3A63-456C-95FC-D7B2779E39B2} => pcalua.exe -a C:\Users\Administrator\AppData\Local\temp\Temp1_R220849.zip\Setup.exe Task: {B9E16D06-6528-4388-A08E-C5FDFC6061DC} - System32\Tasks\{86CE0476-35FA-4F34-8AEC-DF3B82128371} => C:\Users\NewDesktop_3_2010\Desktop\TFC.exe [2014-02-18] (OldTimer Tools) Task: {BA1FF7D9-A329-4098-B80C-F1B9A286BEBE} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.) Task: {C0AAA828-2535-4174-9B99-5FC7AF4E6EE1} - System32\Tasks\{AB9D1BE6-0D13-459D-B61A-0368B050C8E9} => C:\Program Files (x86)\Norton Utilities 14\nu.exe Task: {CA810F46-882E-43B4-8862-68C81B5BF193} - System32\Tasks\{D5A3ED5D-AA7F-4185-A839-051111E9D5E9} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALLYR477\epson12958[1].exe" -d C:\Users\NewDesktop_3_2010\Desktop Task: {CBEB0860-B42A-487F-A00B-63B204D3DA32} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-05-07] () Task: {CC3FC713-2C39-42DA-9B52-02A86F3BFCB3} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns Task: {D6BB517A-36E0-481D-9F39-DBC02E3B8492} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {D8C739D3-6AC8-4D2D-912B-A2D53425EB69} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30] (Oracle Corporation) Task: {DA32E81E-02F0-4042-908F-64AE15E8C519} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {E007B6CE-5360-4676-8718-577302FA59EB} - System32\Tasks\NUSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe [2015-04-03] (Symantec) Task: {E4E16228-5003-401C-892B-B63366A8968E} - System32\Tasks\{718BCC9E-6280-4FCF-B879-6DB95E977DE4} => C:\Windows\twain_32\escndv\escndv.exe Task: {EF4862E3-615E-48EE-B09C-C8B3650C2076} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-24] (Adobe Systems Incorporated) Task: {EFDF39F2-DE1F-4EBA-A691-0D273D70D974} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\SymErr.exe [2015-02-25] (Symantec Corporation) Task: {F3BE70BA-488A-4ECA-924D-3375E9705395} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-17] (Google Inc.) Task: {F5A602B7-9464-4497-A394-A700D16FCC3C} - System32\Tasks\{E3391F16-6964-49A8-930A-03BBC6384DEF} => C:\Program Files (x86)\ATT-SST\pcBrowser.exe Task: {FC6DFFBA-69CB-43EC-9E59-5B273E945793} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\SymErr.exe [2015-02-25] (Symantec Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\EasyShare Registration Task.job => C:\Windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core.job => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA.job => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\NUAutoUpdate.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe Task: C:\Windows\Tasks\NUSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Windows\system32\rundll32.exeFC:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll Task: C:\Windows\Tasks\SpeedDiskSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe ==================== Loaded Modules (Whitelisted) ============== 2014-01-22 17:44 - 2006-11-27 04:55 - 00144896 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxcypp6c.dll 2010-07-26 13:24 - 2010-07-26 13:24 - 00322784 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe 2010-03-23 19:33 - 2010-03-23 19:33 - 00755712 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll 2010-03-23 19:50 - 2010-03-23 19:50 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll 2010-03-27 15:36 - 2010-03-27 15:36 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll 2010-03-27 15:36 - 2010-03-27 15:36 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll 2014-04-07 20:59 - 2014-04-07 20:59 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll 2013-06-18 09:30 - 2012-05-30 10:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON IDENTITY SAFE\ENGINE\2013.4.0.10\wincfi39.dll 2010-07-26 13:25 - 2010-07-26 13:25 - 02887904 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll 2010-07-26 13:25 - 2010-07-26 13:25 - 00025824 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll 2010-04-05 14:52 - 2010-04-05 14:52 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL 2015-01-06 16:43 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll 2015-01-06 16:43 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll 2015-05-25 16:02 - 2015-05-22 16:22 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 AlternateDataStreams: C:\ProgramData\TEMP:D287FACF AlternateDataStreams: C:\Users\NewDesktop_3_2010\Downloads\Microsoft..how did I get this SPAM on my email -----FW Dear yosoy4ever Your second chance in life just arrived.eml:OECustomProperty ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\intuit.com -> hxxps://ttlc.intuit.com IE trusted site: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\turbotax.com -> hxxps://turbotax.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.254 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AERTFilters => 2 MSCONFIG\Services: NIS => 2 MSCONFIG\Services: SeagateDashboardService => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: sprtsvc_DellSupportCenter => 2 MSCONFIG\startupreg: AirDroid 3 => C:\Program Files (x86)\AirDroid\AirDroid.exe /start MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\NewDesktop_3_2010\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" MSCONFIG\startupreg: ANIWZCS2Service => MSCONFIG\startupreg: DellSystemDetect => C:\Users\NewDesktop_3_2010\AppData\Local\Apps\2.0\T8MZ2MDX.M6Y\TCMN94HH.7XT\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide MSCONFIG\startupreg: lxcymon.exe => "C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe" MSCONFIG\startupreg: Memeo AutoSync => MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe MSCONFIG\startupreg: Seagate Dashboard => ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{39BD6CA7-9CD1-48C1-95C2-10444ED618BF}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{3FB76DFF-EBB9-4BA5-88CA-A6199C0C675F}] => (Allow) svchost.exe FirewallRules: [{B522A32F-6301-45BF-8FBC-5461BC08CB91}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe FirewallRules: [{CAC72440-BBB5-4475-A247-770AC3632843}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe FirewallRules: [{42231713-5B92-49DB-902F-6DA081B9B605}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2006\32bit\ttax.exe FirewallRules: [{534517E8-E27B-4FC1-9500-18B94636FDD5}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2006\32bit\ttax.exe FirewallRules: [{ECBB1604-6636-4DF5-A822-A029228C9AC0}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2006\32bit\updatemgr.exe FirewallRules: [{E255D111-1439-4DD2-8FE0-57BCA86A2A08}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2006\32bit\updatemgr.exe FirewallRules: [{64BCD54E-B280-4429-8909-F2555F1B0AA9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{D9955E32-6C92-4D70-8CC6-C5C7278EF345}] => (Allow) LPort=2869 FirewallRules: [{2EC73EB3-D831-48E1-A91E-D84C9D2FA9D7}] => (Allow) LPort=1900 FirewallRules: [{99F55E0D-3635-4542-889F-6F6A4F8F3047}] => (Allow) C:\Windows\SysWOW64\lxcycoms.exe FirewallRules: [{DF71FD38-ACC0-4DF7-8ACF-A56D52B79DDA}] => (Allow) C:\Windows\SysWOW64\lxcycoms.exe FirewallRules: [{716F09CC-AB70-4AB4-8FE9-CD2F295A6954}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\ttax.exe FirewallRules: [{5CF9E526-F3BA-4A62-A694-E530BE1E4812}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\ttax.exe FirewallRules: [{14F8EC0D-4110-4AEB-BF0C-A5C8000291DB}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\updatemgr.exe FirewallRules: [{F703DADD-5004-4900-8C15-6FFEED46FB95}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\updatemgr.exe FirewallRules: [{B3B99210-BCB7-4332-B3F2-668AFDCDF8F5}] => (Allow) C:\Windows\System32\lxcycoms.exe FirewallRules: [{91813F2D-474C-49BF-BCD6-3266F1EAD0D0}] => (Allow) C:\Windows\System32\lxcycoms.exe FirewallRules: [{C05BD69A-007C-4ECF-91FC-BB487BF68A2C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{1A9763F0-098A-48FE-A8CF-0C0C53D82ADC}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{5A99AF40-76E7-4A62-988C-19AA8F44DAEE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{51189F90-43B2-4450-A804-9A6A04EE68FC}] => (Allow) LPort=135 FirewallRules: [{7F1D20C8-5F66-4EE0-8C92-16C981E1B69D}] => (Allow) LPort=5000 FirewallRules: [{ACA4F026-A28D-44CC-8DF4-FF0111238313}] => (Allow) LPort=5001 FirewallRules: [{5C94E9D1-9323-40C5-BFDB-135626390B9B}] => (Allow) LPort=5002 FirewallRules: [{B20C4E3A-DB0E-46AC-B1FE-E67B391B6000}] => (Allow) LPort=5003 FirewallRules: [{99D24B1D-1646-4C47-BB3D-0D60E7C8F5E4}] => (Allow) LPort=5004 FirewallRules: [{6E6A81C8-D294-4E5D-B64E-DC1879FF9393}] => (Allow) LPort=5005 FirewallRules: [{2F9F6FFF-333C-4C32-A9B2-339CC3603096}] => (Allow) LPort=5006 FirewallRules: [{AA724DE6-A804-4BE0-A2B3-574289B0C1A6}] => (Allow) LPort=5007 FirewallRules: [{EE3A7638-F2A4-4C6E-8799-81A3C4861571}] => (Allow) LPort=5008 FirewallRules: [{8DE1D6F9-8A84-4450-BB41-0BF07F5D6EF6}] => (Allow) LPort=5009 FirewallRules: [{33582DBA-10D9-4CAE-92B6-F109E39D9C3A}] => (Allow) LPort=5010 FirewallRules: [{25B8D8B0-7BA9-4DDF-8CE4-F0462DBB3695}] => (Allow) LPort=5011 FirewallRules: [{B034B884-53FE-4DFD-B658-BA1235362057}] => (Allow) LPort=5012 FirewallRules: [{D7B9B4D3-B6CC-4CB1-9265-D229D2907568}] => (Allow) LPort=5013 FirewallRules: [{A331D8FF-50F0-431A-823F-C757CB17BE88}] => (Allow) LPort=5014 FirewallRules: [{D630A0ED-AD2D-47B4-8352-358EFAA7031D}] => (Allow) LPort=5015 FirewallRules: [{61D8C58E-7372-4765-87FA-51DC63673637}] => (Allow) LPort=5016 FirewallRules: [{BDC1EE0B-115A-4695-959A-206BD35362F3}] => (Allow) LPort=5017 FirewallRules: [{31248A67-D96A-48F3-851E-B3DBABB5AAF9}] => (Allow) LPort=5018 FirewallRules: [{1F9EF8BF-FC9E-4139-94DA-1384E0B5A674}] => (Allow) LPort=5019 FirewallRules: [{EA8CD93D-07D7-441F-B0A2-C5F266FD51FC}] => (Allow) LPort=5020 FirewallRules: [{9F7B2D21-2AF5-4BEF-B954-EDE1C4960B44}] => (Allow) C:\Windows\System32\lxcycoms.exe FirewallRules: [{C96262D6-1A02-4018-8EB6-1CA98B1A0983}] => (Allow) C:\Windows\System32\lxcycoms.exe FirewallRules: [{E851DAD5-2E32-43A8-A79C-B3578489CCAF}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\novaclp7.exe FirewallRules: [{C98C6601-AD51-4B46-9E99-D19C8ABE9DE9}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\novaclp7.exe FirewallRules: [{8B0B5B9A-E3EC-4C80-9F58-377E1246D7C0}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\novaclp7.exe FirewallRules: [{32B68B37-E182-47A6-8A15-18C6DC75F9FD}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\novaclp7.exe FirewallRules: [{E5298305-3B14-4CD4-AD7E-0A93C06536C6}] => (Allow) C:\Windows\System32\lxcycoms.exe FirewallRules: [{FD500E61-5AC5-4240-ADD7-444567DE867F}] => (Allow) C:\Windows\System32\lxcycoms.exe FirewallRules: [{BF9BC9F7-B931-4C6E-8CB1-1BB831FD361F}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyjswx.exe FirewallRules: [{68A859B5-F375-4784-9B3A-41790D57C331}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyjswx.exe FirewallRules: [{1415A36C-C099-4AD0-B573-FA2A85DC5F56}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyjswx.exe FirewallRules: [{6081BD0C-563F-407A-8A36-11FBE741F4B5}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyjswx.exe FirewallRules: [{63AF996B-8FFB-4A55-A79D-F7F7C92F565C}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcypswx.exe FirewallRules: [{33D46599-2F64-4615-8BA3-5A17DB0526EA}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcypswx.exe FirewallRules: [{B3093C7B-BBF8-4095-9DBC-693FF75DF6F5}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcypswx.exe FirewallRules: [{8E91EF87-2154-4164-B78C-935AE53EF8A9}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcypswx.exe FirewallRules: [{3A1D3E53-EBD2-4DA5-8636-59929CE8EF1C}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyserv.exe FirewallRules: [{F6FBB5E3-5964-4F17-9DFB-EF36262A508A}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyserv.exe FirewallRules: [{3D1A1F23-6558-47EA-9600-A0C665B03AAA}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyserv.exe FirewallRules: [{334FD2A7-3449-40C3-9B5B-8E6D5F7E34A8}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyserv.exe FirewallRules: [{5F794FAD-852C-4C96-BE66-6B812903A2D3}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcytime.exe FirewallRules: [{86BC4F57-51F5-42D4-8186-7ADEED89A29E}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcytime.exe FirewallRules: [{CC918DB6-4B31-479F-9A8A-484243AA0EBB}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcytime.exe FirewallRules: [{D41DD74D-A95C-4152-9A80-ECCC1CA60280}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcytime.exe FirewallRules: [{3A1A02A4-DF4F-4C48-BAA5-91E0B966BF19}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyupld.exe FirewallRules: [{92B82EB1-F80F-4FF2-BD72-EE4780C3D972}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyupld.exe FirewallRules: [{66197A5B-E56D-44D3-AFFE-A5927A3865D8}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyupld.exe FirewallRules: [{60963516-DBB9-4EAD-83D4-ECD496EFEA43}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyupld.exe FirewallRules: [{9AFAA52C-DE23-4AA2-9B94-4E671668D6B0}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyview.exe FirewallRules: [{B42C4B44-87D3-4F1D-9FBA-CB08800623C9}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyview.exe FirewallRules: [{412186F6-5C17-4038-8D63-8AF4C3FCDA02}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyview.exe FirewallRules: [{1E734410-1944-4391-AAF0-253CC9D75951}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyview.exe FirewallRules: [{247CEFCA-B17B-442E-928C-763B6F93D6D1}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcywavs.exe FirewallRules: [{9DC6AC26-C054-4BE4-9E75-AB85F83FFA62}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcywavs.exe FirewallRules: [{33311D49-141F-4EB6-87AE-BB3DAA3D02D1}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcywavs.exe FirewallRules: [{6231E27D-A48F-4D56-A254-2B59816D04CD}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcywavs.exe FirewallRules: [{E9835CE7-640F-4B38-9D29-8348CC1C5069}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe FirewallRules: [{0693A856-F226-4B4D-B3A1-AFF2315AB873}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe FirewallRules: [{DAC41372-6679-4346-B0E3-A2B874218586}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe FirewallRules: [{BC6BD50B-8B5B-4AED-AEC6-0F6BE79B8491}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe FirewallRules: [{FBB1553F-BB9F-488F-B17A-1D894B6609FD}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lexocr.exe FirewallRules: [{51BDF10D-FE9C-4600-B87F-D1D5ED446BBC}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lexocr.exe FirewallRules: [{FA3CF106-DC17-4880-85FF-26F6D7B6EE8F}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lexocr.exe FirewallRules: [{30196200-C55B-407C-9143-23814F0CE84C}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lexocr.exe FirewallRules: [{34698A92-E6E1-4093-BDFC-CA04D8B887A5}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcylpx.exe FirewallRules: [{D73E2198-442D-4905-9841-2B97DA339B21}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcylpx.exe FirewallRules: [{A143387F-26F2-4075-9AC7-CA7918464629}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcylpx.exe FirewallRules: [{7D9CF289-1406-445B-A238-18FBB7E45454}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcylpx.exe FirewallRules: [{1BBD768A-CAAC-4E56-966C-2EBCD3A6AFFA}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyserv.exe FirewallRules: [{C0CAC8C3-C70B-4CC7-A4A8-9303EF50487C}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyserv.exe FirewallRules: [{FF2E75EB-2069-4AB4-A9EC-29FFD7B714F9}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyserv.exe FirewallRules: [{9AF29271-4789-4813-9CD9-0D77F3401464}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyserv.exe FirewallRules: [{F515F20D-3156-4C6F-AB17-95FC65D4C23E}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcytime.exe FirewallRules: [{8DB627B5-70EB-431F-9CE2-19D8F6A389AD}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcytime.exe FirewallRules: [{16BC1162-BCA3-43C3-8E63-84752BC52991}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcytime.exe FirewallRules: [{FA8B53C3-E338-44B3-BBB9-3A1B570DB4A5}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcytime.exe FirewallRules: [{296C72C7-BDB7-45A6-98B3-5A5279E81229}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyupld.exe FirewallRules: [{36EBBA23-2055-4E1E-9AF2-220AC539C198}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyupld.exe FirewallRules: [{12770EA6-2435-4049-B1C2-083955AF65E3}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyupld.exe FirewallRules: [{DBD8CDCB-4AEC-4AF1-B68B-1F27A722B429}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyupld.exe FirewallRules: [{6169B95B-1241-4A3E-AD1A-DD1906C05C81}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyview.exe FirewallRules: [{AD7D045D-76AA-4B81-9EF5-178F8C0228AD}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyview.exe FirewallRules: [{9F1699B2-5460-429F-B478-6C612EC4D046}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyview.exe FirewallRules: [{6C6F4B07-A280-4FFD-97C7-86B2F7143D42}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyview.exe FirewallRules: [{D604070C-99B7-44DF-8FB7-5175DFD41E2F}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\pheditor.exe FirewallRules: [{596969CD-4F3D-4FBF-AB01-64FD748F312B}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\pheditor.exe FirewallRules: [{42643BC1-17BD-490E-9888-04360A6DB6FF}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\pheditor.exe FirewallRules: [{25CC6A41-1A67-4C5C-80DC-64B0B365E858}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\pheditor.exe FirewallRules: [{C360B30D-812F-4941-B2F4-0E0B8FED411E}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe FirewallRules: [{AA8D2B87-0C3C-45F6-8D08-9697D72E2142}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe FirewallRules: [{B30D87AA-5401-49D1-B14A-B3DBEF18800D}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyaiox.exe FirewallRules: [{6839B864-9CF5-4DCB-B7AF-D339A665A2E6}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyaiox.exe FirewallRules: [{7B7F60D8-C9FE-4155-8E41-CCDF6BA92521}] => (Allow) C:\Windows\System32\lxcycoms.exe FirewallRules: [{A835ECE9-7656-4A8C-A4DF-2C89E0D99F2C}] => (Allow) C:\Windows\System32\lxcycoms.exe FirewallRules: [{5E69FBB8-97EA-481B-A3EA-0C336F815B2D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdater.exe FirewallRules: [{248FD0B7-5628-4952-A9D6-F089EB986C9E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe FirewallRules: [{A148050A-81FC-44FD-A370-93D09F22D1C3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe FirewallRules: [{4B6176DC-A4DF-4248-BD04-B53A3C8AD7E9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe FirewallRules: [{A463BD77-CBE2-4E8E-BE61-BF409D520279}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe FirewallRules: [{AF254E55-4E20-4672-B524-58C1806E1D75}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe FirewallRules: [{AB21F5E2-0AEA-423A-970C-7F14107F4813}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe FirewallRules: [{D422C96D-E0CE-4DA3-A981-0B3EF26CC54C}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe FirewallRules: [{367948ED-38C0-4620-9CA0-7DC68A0F466A}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe FirewallRules: [{B6AC7DBE-940F-424B-9817-BB6C363903D0}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe FirewallRules: [{06FEF072-C562-4D48-A5DF-8463FBFD65AA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe FirewallRules: [{8C7BA47C-8A1C-4459-96F6-8313680385AA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{0C8A477A-2BF8-40AB-89AF-65717192011D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{CFB5F850-469D-4A6C-9A7D-F972E98030E1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{F9AB3CEE-B7C5-4AFB-8327-33D93793268E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{2AD7E69E-0BDA-4EDA-8415-5DF074B586E1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{170A22F6-1DED-4289-904C-883DE85874E6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/05/2015 04:10:21 PM) (Source: VSS) (EventID: 12292) (User: ) Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ]. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (06/05/2015 04:10:21 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (06/05/2015 02:03:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 9.0.8112.16644, time stamp: 0x5527ea05 Faulting module name: MSHTML.dll, version: 9.0.8112.16644, time stamp: 0x5527ec3d Exception code: 0xc0000005 Fault offset: 0x0029ad72 Faulting process id: 0x15cc Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (06/05/2015 01:06:07 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 9.0.8112.16644 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 14c8 Start Time: 01d09fb1c1a16a96 Termination Time: 7931 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error: (06/05/2015 01:05:00 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 9.0.8112.16644 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1334 Start Time: 01d09fb17fcbbaef Termination Time: 8681 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error: (06/05/2015 03:00:14 AM) (Source: VSS) (EventID: 12292) (User: ) Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ]. Operation: Obtain a callable interface for this provider Obtaining provider management interface Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {00000000-0000-0000-0000-000000000000} Snapshot Context: -1 Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Error: (06/05/2015 03:00:14 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Obtain a callable interface for this provider Obtaining provider management interface Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {00000000-0000-0000-0000-000000000000} Snapshot Context: -1 Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Error: (06/05/2015 01:20:40 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error: (06/05/2015 01:20:29 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. Invalid Xml syntax. Error: (06/04/2015 01:16:24 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. System errors: ============= Error: (06/05/2015 09:19:00 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80070422 Error: (06/05/2015 03:03:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Media Center Extender Service service depends on the SSDP Discovery service which failed to start because of the following error: %%1058 Error: (06/04/2015 09:08:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Media Center Extender Service service depends on the SSDP Discovery service which failed to start because of the following error: %%1058 Error: (06/04/2015 07:29:47 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80070422 Error: (06/04/2015 00:45:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Media Center Extender Service service depends on the SSDP Discovery service which failed to start because of the following error: %%1058 Error: (06/03/2015 09:23:54 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80070422 Error: (06/03/2015 09:18:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (06/03/2015 09:18:19 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473535. Error: (06/03/2015 09:18:08 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Media Center Extender Service service depends on the SSDP Discovery service which failed to start because of the following error: %%1058 Error: (06/02/2015 09:59:17 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 43. The internal error state is 252. Microsoft Office: ========================= Error: (06/05/2015 04:10:21 PM) (Source: VSS) (EventID: 12292) (User: ) Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (06/05/2015 04:10:21 PM) (Source: VSS) (EventID: 13) (User: ) Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (06/05/2015 02:03:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe9.0.8112.166445527ea05MSHTML.dll9.0.8112.166445527ec3dc00000050029ad7215cc01d09fb17fcca552C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll34510016-0bad-11e5-992d-00256400cdd2 Error: (06/05/2015 01:06:07 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.1664414c801d09fb1c1a16a967931C:\Program Files (x86)\Internet Explorer\iexplore.exe Error: (06/05/2015 01:05:00 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.16644133401d09fb17fcbbaef8681C:\Program Files (x86)\Internet Explorer\iexplore.exe Error: (06/05/2015 03:00:14 AM) (Source: VSS) (EventID: 12292) (User: ) Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Obtain a callable interface for this provider Obtaining provider management interface Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {00000000-0000-0000-0000-000000000000} Snapshot Context: -1 Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Error: (06/05/2015 03:00:14 AM) (Source: VSS) (EventID: 13) (User: ) Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Obtain a callable interface for this provider Obtaining provider management interface Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {00000000-0000-0000-0000-000000000000} Snapshot Context: -1 Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Error: (06/05/2015 01:20:40 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8 Error: (06/05/2015 01:20:29 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dllC:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll2 Error: (06/04/2015 01:16:24 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8 CodeIntegrity Errors: =================================== Date: 2015-01-09 16:27:39.328 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-09 16:27:39.177 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-18 13:05:15.370 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-18 13:05:15.198 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-14 10:16:11.185 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-14 10:16:10.967 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Celeron® CPU 450 @ 2.20GHz Percentage of memory in use: 65% Total physical RAM: 4061.05 MB Available physical RAM: 1391.7 MB Total Pagefile: 8120.32 MB Available Pagefile: 4678.35 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:587.51 GB) (Free:518.97 GB) NTFS Drive j: (FreeAgent GoFlex Drive) (Fixed) (Total:931.51 GB) (Free:874.44 GB) NTFS Link to post Share on other sites More sharing options...
Maniac Posted June 8, 2015 ID:967934 Share Posted June 8, 2015 Let's talk about McAfee again. You have remnants from this product. Follow the instructions here to download and run their uninstaller tool to find and clean their remnants: Step 1 Please follow the instrutions from 2. Download and run the McAfee Consumer Product Removal (MCPR) tool: https://service.mcafee.com/FAQDocument.aspx?id=TS101331 There are remnants from Avast too. So follow the instructions here: https://www.avast.com/uninstall-utility When you are done, please reboot your system. Step 2 Please launch Malwarebytes Anti-Malware, update it and perform a threat scan. Post your log file. Step 3 Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. In your next reply, post the following log files:Malwarebytes' Anti-Malware logFRST logfixlist.txt Link to post Share on other sites More sharing options...
yosoy4ever Posted June 8, 2015 Author ID:967979 Share Posted June 8, 2015 Malwarebytes Anti-Malwarewww.malwarebytes.org Error, 6/8/2015 9:58:53 AM, SYSTEM, NEWDESKTOP_3_10, Protection, IsLicensed, 13, Protection, 6/8/2015 9:58:53 AM, SYSTEM, NEWDESKTOP_3_10, Protection, Malware Protection, Stopping, Protection, 6/8/2015 9:58:53 AM, SYSTEM, NEWDESKTOP_3_10, Protection, Malware Protection, Stopped, Error, 6/8/2015 10:16:19 AM, SYSTEM, NEWDESKTOP_3_10, Protection, IsLicensed, 13, Protection, 6/8/2015 10:16:19 AM, SYSTEM, NEWDESKTOP_3_10, Protection, Malware Protection, Stopping, Protection, 6/8/2015 10:16:19 AM, SYSTEM, NEWDESKTOP_3_10, Protection, Malware Protection, Stopped, Update, 6/8/2015 10:45:41 AM, SYSTEM, NEWDESKTOP_3_10, Manual, Malware Database, 2015.6.5.3, 2015.6.8.3, Scan, 6/8/2015 12:21:25 PM, SYSTEM, NEWDESKTOP_3_10, Manual, Start:6/8/2015 10:45:48 AM, Duration:1 hr 35 min 37 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, (end) Link to post Share on other sites More sharing options...
yosoy4ever Posted June 8, 2015 Author ID:967980 Share Posted June 8, 2015 Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 6/8/2015Scan Time: 10:45:48 AMLogfile: malware bytes page two of june 8 2015.txtAdministrator: Yes Version: 2.01.6.1022Malware Database: v2015.06.08.03Rootkit Database: v2015.06.02.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: NewDesktop_3_2010 Scan Type: Threat ScanResult: CompletedObjects Scanned: 553559Time Elapsed: 1 hr, 35 min, 37 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
yosoy4ever Posted June 8, 2015 Author ID:967983 Share Posted June 8, 2015 THERE WAS NO WAY TO MAKE THIS "RUN" - please advise asap. thanks, Susan startCloseProcesses:Task: {2063A408-5C3D-4C82-99F8-0A407883B2A8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exeTask: {AC00C3D9-0B84-44FE-8774-00330C4E1FC0} - System32\Tasks\{9836EE3C-E0D8-4292-B783-FB7C4CE84C52} => pcalua.exe -a "C:\Program Files (x86)\McAfee\MSC\mcuninst.exe"SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =CHR Extension: (ShopAtHome.com) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2015-05-31]CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx2015-05-21 17:40 - 2015-05-21 17:40 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (9).exe2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (8).exe2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (7).exe2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (6).exe2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (5).exe2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (4).exe2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (3).exe2015-05-21 17:35 - 2015-05-21 17:35 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (2).exe2014-05-25 01:04 - 2014-05-25 01:04 - 2162416 _____ (Catalina Marketing Corp) C:\Users\NewDesktop_3_2010\AppData\Local\BcsKtYcHW.dllAlternateDataStreams: C:\ProgramData\TEMP:792D4CF1AlternateDataStreams: C:\ProgramData\TEMP:D287FACFC:\Program Files\AVAST SoftwareC:\Program Files (x86)\McAfeeEmptyTemp:end Link to post Share on other sites More sharing options...
yosoy4ever Posted June 8, 2015 Author ID:968004 Share Posted June 8, 2015 HERE IS WHAT WAS I GENERATED TODAY - I will send it to you in this post and additional posts: let me know what to do next. thank you, susan mon. 6/8/2015 2:02 pm edst Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015Ran by NewDesktop_3_2010 (administrator) on NEWDESKTOP_3_10 on 08-06-2015 12:56:09Running from C:\Users\NewDesktop_3_2010\DownloadsLoaded Profiles: NewDesktop_3_2010 & (Available Profiles: NewDesktop_3_2010 & Administrator & DefaultAppPool)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 9 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe(Microsoft Corporation) C:\Windows\System32\alg.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe( ) C:\Windows\System32\lxcycoms.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe(PC Tools) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe(Microsoft Corporation) C:\Windows\System32\Locator.exe(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe(Logitech, Inc.) C:\Windows\LockStatusTray.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\nacl64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\nacl64.exe() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\splwow64.exe(Microsoft Corporation) C:\Windows\System32\taskmgr.exe(Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64 (2).exe(Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64 (2).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-07-26] (Memeo Inc.)HKLM-x32\...\Run: [sSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-01-17] (Symantec Corporation)HKLM-x32\...\Run: [LockStatusTray] => C:\Windows\LockStatusTray.exe [192512 2008-02-19] (Logitech, Inc.)Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403224 2015-05-07] (Garmin Ltd. or its subsidiaries)HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Policies\Explorer: [NoInstrumentation] 1HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403224 2015-05-07] (Garmin Ltd. or its subsidiaries)HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoInstrumentation] 1HKU\S-1-5-21-4200233565-3368421019-1326646657-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.)HKU\S-1-5-21-4200233565-3368421019-1326646657-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Cloud Player] => C:\Users\NewDesktop_3_2010\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3139072 2013-11-24] ()Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock.lnk [2014-01-22]ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk [2010-03-10]ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk [2010-03-10]ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk [2013-05-02]ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/SearchScopes: HKLM -> {4FA2740A-3248-40EF-91AD-C4115EBE0A3C} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {5B6DF038-D9DD-484B-B484-F20DAD050321} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002 -> {E86B926B-C848-46AC-B13C-C8558AA4287A} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130937,20028,0,18,0SearchScopes: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E86B926B-C848-46AC-B13C-C8558AA4287A} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130937,20028,0,18,0SearchScopes: HKU\S-1-5-21-4200233565-3368421019-1326646657-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle Corporation)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll [2013-05-30] (Symantec Corporation)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle Corporation)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll [2013-05-30] (Symantec Corporation)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)Toolbar: HKU\S-1-5-21-4200233565-3368421019-1326646657-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)Toolbar: HKU\S-1-5-21-4200233565-3368421019-1326646657-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cabDPF: HKLM-x32 {15B782AF-55D8-11D1-B477-006097098764} https://lms.aa.com/sumtotal/nas/wbt/d/d1/cab/awswaxd.cabDPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: HKLM-x32 {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabDPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cabDPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cabDPF: HKLM-x32 {413D6754-BFD4-47FE-9346-319559290BFA} https://www.webpcfos.com/webpcfos/websabre/HTEweb_v.cabDPF: HKLM-x32 {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cabDPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CABDPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cabDPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CABDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-24] ()FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-24] ()FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @talk.google.com/O1DPlugin -> C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @tools.google.com/Google Update;version=3 -> C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @tools.google.com/Google Update;version=9 -> C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll [2012-07-24] (Amazon.com, Inc.)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll [2012-07-24] (Amazon.com, Inc.)FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC)FF Plugin ProgramFiles/Appdata: C:\Users\NewDesktop_3_2010\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)FF Plugin ProgramFiles/Appdata: C:\Users\NewDesktop_3_2010\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgnFF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn [2015-06-08]FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.2.0.31\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.2.0.31\coFFPlgn [2015-06-08] Chrome: =======CHR Profile: C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (ShopAtHome.com) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2015-05-31]CHR Extension: (Bookmark Manager) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-20]CHR Extension: (Norton Identity Safe) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-21]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]CHR Extension: (Skype Click to Call) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-31]CHR Extension: (Hangouts) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-05-31]CHR Extension: (Google Wallet) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]CHR Extension: (Norton Security Toolbar) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-05-31]CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" [Not Found]CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\Exts\Chrome.crx [2013-06-18] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1150592 2014-01-17] (Symantec Corporation)R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [715784 2015-05-07] (Garmin Ltd. or its subsidiaries)R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)R2 lxcy_device; C:\Windows\system32\lxcycoms.exe [566192 2006-11-29] ( )R2 lxcy_device; C:\Windows\SysWOW64\lxcycoms.exe [566192 2006-11-29] ( )S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe [282528 2015-04-01] (Symantec Corporation)R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [795776 2014-01-17] (PC Tools)S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1163904 2014-01-17] (Symantec Corporation)R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\BASHDefs\20150601.001\BHDrvx64.sys [1640152 2015-05-21] (Symantec Corporation)R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1602000.01F\ccSetx64.sys [165080 2015-03-26] (Symantec Corporation)R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\IPSDefs\20150605.001\IDSvia64.sys [684248 2015-05-25] (Symantec Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-08] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\VirusDefs\20150607.020\ENG64.SYS [129752 2014-11-15] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\VirusDefs\20150607.020\EX64.SYS [2137304 2014-11-15] (Symantec Corporation)S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.)R0 PxHlpa64; C:\Windows\SysWOW64\Drivers\PxHlpa64.sys [26720 2004-09-23] (Sonic Solutions) [File not signed]R3 SRTSP; C:\Windows\system32\drivers\NSx64\1602000.01F\SRTSP64.SYS [916184 2015-03-26] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1602000.01F\SRTSPX64.SYS [42200 2015-03-26] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\NSx64\1602000.01F\SYMDS64.SYS [490712 2015-03-26] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\NSx64\1602000.01F\SYMEFA64.SYS [1151704 2015-03-26] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-05-21] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\NSx64\1602000.01F\Ironx64.SYS [271576 2015-03-26] (Symantec Corporation)R1 SymNetS; C:\Windows\system32\drivers\NSx64\1602000.01F\SYMNETS.SYS [565464 2015-03-26] (Symantec Corporation)R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-08-10] (TuneUp Software)S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-08 12:56 - 2015-06-08 13:12 - 00031003 _____ C:\Users\NewDesktop_3_2010\Downloads\FRST.txt2015-06-08 12:40 - 2015-06-08 12:53 - 00002296 _____ C:\Users\NewDesktop_3_2010\Desktop\fixlist (1).txt2015-06-08 12:39 - 2015-06-08 12:39 - 00002296 _____ C:\Users\NewDesktop_3_2010\Downloads\fixlist (1).txt2015-06-08 12:38 - 2015-06-08 12:39 - 00002296 _____ C:\Users\NewDesktop_3_2010\Downloads\fixlist.txt2015-06-08 12:37 - 2015-06-08 12:37 - 00001107 _____ C:\malware bytes page two of june 8 2015.txt2015-06-08 12:31 - 2015-06-08 12:31 - 00000934 _____ C:\maleware bytes june 8 2015.txt2015-06-08 10:15 - 2015-06-08 10:15 - 00000000 ____D C:\Program Files\AVAST Software2015-06-08 10:08 - 2015-06-08 10:09 - 05684904 _____ (Avast Software s.r.o.) C:\Users\NewDesktop_3_2010\Downloads\avastclear (2).exe2015-06-08 09:58 - 2015-06-08 10:15 - 00005870 _____ C:\Windows\PFRO.log2015-06-08 09:51 - 2015-06-08 09:51 - 04798416 _____ (McAfee, Inc.) C:\Users\NewDesktop_3_2010\Downloads\MCPR.exe2015-06-07 09:47 - 2015-06-07 09:47 - 00000000 ____D C:\NPE2015-06-07 09:44 - 2015-06-07 09:44 - 03060320 ____N (Symantec Corporation) C:\Users\NewDesktop_3_2010\Downloads\NPE.exe2015-06-07 09:44 - 2015-06-07 09:44 - 03060320 _____ (Symantec Corporation) C:\Users\NewDesktop_3_2010\Downloads\NPE (2).exe2015-06-07 09:44 - 2015-06-07 09:44 - 03060320 _____ (Symantec Corporation) C:\Users\NewDesktop_3_2010\Downloads\NPE (1).exe2015-06-06 12:54 - 2015-06-06 13:05 - 00004592 _____ C:\Users\NewDesktop_3_2010\Desktop\output.txt2015-06-06 12:53 - 2015-06-06 12:55 - 00000506 _____ C:\Users\NewDesktop_3_2010\Desktop\FrontierPingTest.bat2015-06-06 12:53 - 2015-06-06 12:53 - 00000000 _____ C:\Users\NewDesktop_3_2010\Desktop\Frontier.txt2015-06-06 12:40 - 2015-06-06 12:40 - 01478976 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (26).exe2015-06-06 12:40 - 2015-06-06 12:40 - 01478976 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (25).exe2015-06-05 17:27 - 2015-06-05 17:27 - 00061774 _____ C:\Users\NewDesktop_3_2010\Downloads\Nick - here is a copy of the NEW LEASE and cover letter for your review (1).zip2015-06-05 17:26 - 2015-06-05 17:26 - 00061774 _____ C:\Users\NewDesktop_3_2010\Downloads\Nick - here is a copy of the NEW LEASE and cover letter for your review.zip2015-06-05 02:55 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-06-05 02:55 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2015-06-05 02:55 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2015-06-05 02:55 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2015-06-05 02:55 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2015-06-05 02:55 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2015-06-05 02:55 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2015-06-05 02:55 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2015-06-04 00:45 - 2015-06-08 10:16 - 00110446 _____ C:\Windows\setupact.log2015-06-04 00:45 - 2015-06-04 00:45 - 00000000 _____ C:\Windows\setuperr.log2015-06-04 00:38 - 2015-06-04 00:38 - 02108928 _____ (Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64 (2).exe2015-06-03 15:35 - 2015-06-03 15:35 - 00285327 _____ C:\Users\NewDesktop_3_2010\Downloads\HealthSummary20150603.zip2015-06-03 02:02 - 2015-06-03 02:02 - 00005864 _____ C:\Windows\system32\cc_20150603_020213.reg2015-06-02 16:29 - 2015-06-02 16:29 - 00285335 _____ C:\Users\NewDesktop_3_2010\Downloads\HealthSummary20150602.zip2015-06-02 08:40 - 2015-06-02 08:40 - 00003762 _____ C:\Windows\System32\Tasks\ArcSoft Connect Daemon2015-06-02 07:28 - 2015-06-02 15:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2015-06-02 07:28 - 2015-06-02 07:28 - 00001280 _____ C:\Users\NewDesktop_3_2010\Desktop\Spybot - Search & Destroy.lnk2015-06-02 07:28 - 2015-06-02 07:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy2015-06-02 07:28 - 2015-06-02 07:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy2015-06-02 07:26 - 2015-06-02 07:26 - 16409960 _____ (Safer Networking Limited ) C:\Users\NewDesktop_3_2010\Downloads\spybotsd162 (1).exe2015-06-02 07:25 - 2015-06-02 07:26 - 16409960 _____ (Safer Networking Limited ) C:\Users\NewDesktop_3_2010\Downloads\spybotsd162.exe2015-05-31 15:55 - 2015-06-08 12:35 - 00264447 _____ C:\Windows\WindowsUpdate.log2015-05-31 15:54 - 2015-05-31 15:54 - 00081320 _____ C:\Users\NewDesktop_3_2010\AppData\Local\GDIPFONTCACHEV1.DAT2015-05-31 15:48 - 2015-05-31 15:50 - 00000000 ____D C:\AdwCleaner2015-05-31 15:42 - 2015-05-31 15:42 - 02223104 _____ C:\Users\NewDesktop_3_2010\Downloads\adwcleaner_4.205.exe2015-05-28 16:51 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys2015-05-28 16:35 - 2015-05-28 16:35 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{A7EDB781-4C87-4C1B-93B8-2BC47871B562}2015-05-28 15:17 - 2015-05-28 15:17 - 00015139 _____ C:\Users\NewDesktop_3_2010\Downloads\KATRINA - I STILL HAVE NOT RECEIVED THE REQUESTED FORM, HAVE NOT RECEIVED ANY RESPONSE IN THE MAIL....RE Katrina - I need a copy of the TENANT AUTO INFORMATION FORM SENT TO ME ASAP (1).zip2015-05-26 16:57 - 2015-05-26 16:57 - 06549184 _____ (Piriform Ltd) C:\Users\NewDesktop_3_2010\Downloads\ccsetup506.exe2015-05-25 11:09 - 2015-05-25 11:09 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{E71D18C5-71DF-4AA7-B428-39CD7A2DDBA3}2015-05-24 23:08 - 2015-05-24 23:08 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{D144978D-3187-4479-A82C-ADB43C10113B}2015-05-24 11:07 - 2015-05-24 11:07 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{235E64BE-D04A-44C3-836C-0CBCE003941D}2015-05-23 23:06 - 2015-05-23 23:06 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{BB63F625-D151-49FB-9016-0F7E181DCFDB}2015-05-23 11:06 - 2015-05-23 11:06 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{1DF7316D-01C3-433D-9C80-684FF104037A}2015-05-22 15:10 - 2015-05-22 15:10 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-igxRSQcK.exe2015-05-22 15:09 - 2015-05-22 15:09 - 00000000 ____D C:\Program Files (x86)\Valassis2015-05-22 15:06 - 2015-05-22 15:06 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-VZqT1rla.exe2015-05-21 21:16 - 2015-05-21 21:16 - 00022839 _____ C:\Users\NewDesktop_3_2010\Downloads\Invoke Solutions may 21 2015 forum for one hundred sixty five dollars for one and a half hour online forum participation by EJO.html2015-05-21 21:16 - 2015-05-21 21:16 - 00000000 ____D C:\Users\NewDesktop_3_2010\Downloads\Invoke Solutions may 21 2015 forum for one hundred sixty five dollars for one and a half hour online forum participation by EJO_files2015-05-21 17:40 - 2015-05-21 17:40 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (9).exe2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (8).exe2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (7).exe2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (6).exe2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (5).exe2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (4).exe2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (3).exe2015-05-21 17:35 - 2015-05-21 17:35 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (2).exe2015-05-21 16:32 - 2015-05-21 16:32 - 00001088 _____ C:\Users\Public\Desktop\OneSuite Phone.lnk2015-05-21 16:32 - 2015-05-21 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSuite2015-05-21 16:32 - 2015-05-21 16:32 - 00000000 ____D C:\Program Files (x86)\OneSuite2015-05-21 16:31 - 2015-05-21 16:31 - 10951142 _____ (OneSuite Corporation ) C:\Users\NewDesktop_3_2010\Downloads\ospsetup.exe2015-05-21 16:31 - 2015-05-21 16:31 - 10951142 _____ (OneSuite Corporation ) C:\Users\NewDesktop_3_2010\Downloads\ospsetup (1).exe2015-05-21 13:22 - 2015-05-21 13:22 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security2015-05-21 13:18 - 2015-05-21 13:18 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration2015-05-21 13:17 - 2015-05-21 13:17 - 00102616 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS2015-05-21 13:17 - 2015-05-21 13:17 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT2015-05-21 13:17 - 2015-05-21 13:17 - 00002470 _____ C:\Users\Public\Desktop\Norton Security.lnk2015-05-21 13:17 - 2015-05-21 13:17 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared2015-05-21 13:15 - 2015-05-21 13:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security2015-05-21 13:15 - 2015-05-21 13:15 - 00000000 ____D C:\Windows\system32\Drivers\NSx642015-05-21 13:15 - 2015-05-21 13:15 - 00000000 ____D C:\Program Files (x86)\Norton Security2015-05-21 12:56 - 2015-05-21 13:02 - 01445376 _____ C:\Users\NewDesktop_3_2010\Desktop\ID Safe BackUp.DAT2015-05-21 11:29 - 2015-05-21 11:29 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (24).exe2015-05-21 11:29 - 2015-05-21 11:29 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (23).exe2015-05-21 11:29 - 2015-05-21 11:29 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (22).exe2015-05-18 14:20 - 2015-05-18 14:20 - 00015139 _____ C:\Users\NewDesktop_3_2010\Downloads\KATRINA - I STILL HAVE NOT RECEIVED THE REQUESTED FORM, HAVE NOT RECEIVED ANY RESPONSE IN THE MAIL....RE Katrina - I need a copy of the TENANT AUTO INFORMATION FORM SENT TO ME ASAP.zip2015-05-16 14:05 - 2015-05-16 14:05 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{ADE026BA-C1E9-460A-A563-849768108DA5}2015-05-13 03:03 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll2015-05-13 03:03 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2015-05-13 00:46 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2015-05-13 00:46 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2015-05-13 00:46 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll2015-05-13 00:46 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll2015-05-13 00:46 - 2015-04-10 12:54 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-05-13 00:46 - 2015-04-10 12:44 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2015-05-13 00:46 - 2015-04-10 12:43 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-05-13 00:46 - 2015-04-10 12:43 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-05-13 00:46 - 2015-04-10 12:39 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-05-13 00:46 - 2015-04-10 12:39 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-05-13 00:46 - 2015-04-10 12:38 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-05-13 00:46 - 2015-04-10 12:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2015-05-13 00:46 - 2015-04-10 12:37 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-05-13 00:46 - 2015-04-10 12:37 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-05-13 00:46 - 2015-04-10 12:37 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-05-13 00:46 - 2015-04-10 12:37 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-05-13 00:46 - 2015-04-10 12:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-05-13 00:46 - 2015-04-10 12:37 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-05-13 00:46 - 2015-04-10 12:37 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-05-13 00:46 - 2015-04-10 12:37 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2015-05-13 00:46 - 2015-04-10 12:37 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2015-05-13 00:46 - 2015-04-10 12:37 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-05-13 00:46 - 2015-04-10 12:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2015-05-13 00:46 - 2015-04-10 12:37 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2015-05-13 00:46 - 2015-04-10 12:37 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2015-05-13 00:46 - 2015-04-10 12:36 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2015-05-13 00:46 - 2015-04-10 11:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-05-13 00:46 - 2015-04-10 11:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-05-13 00:46 - 2015-04-10 11:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2015-05-13 00:46 - 2015-04-10 11:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-05-13 00:46 - 2015-04-10 11:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-05-13 00:46 - 2015-04-10 11:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-05-13 00:46 - 2015-04-10 11:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-05-13 00:46 - 2015-04-10 11:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-05-13 00:46 - 2015-04-10 11:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-05-13 00:46 - 2015-04-10 11:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-05-13 00:46 - 2015-04-10 11:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-05-13 00:46 - 2015-04-10 11:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-05-13 00:46 - 2015-04-10 11:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2015-05-13 00:46 - 2015-04-10 11:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2015-05-13 00:46 - 2015-04-10 11:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2015-05-13 00:46 - 2015-04-10 11:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2015-05-13 00:46 - 2015-04-10 11:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-05-13 00:46 - 2015-04-10 11:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-05-13 00:46 - 2015-04-10 11:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-05-13 00:46 - 2015-04-10 11:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2015-05-13 00:46 - 2015-04-10 11:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2015-05-13 00:46 - 2015-04-10 11:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2015-05-13 00:45 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-05-13 00:45 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2015-05-13 00:45 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2015-05-13 00:45 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2015-05-13 00:45 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2015-05-13 00:45 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll2015-05-13 00:45 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2015-05-13 00:45 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2015-05-13 00:45 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe2015-05-13 00:45 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe2015-05-13 00:45 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2015-05-13 00:45 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe2015-05-13 00:45 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe2015-05-13 00:45 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe2015-05-13 00:45 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe2015-05-13 00:45 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2015-05-13 00:45 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe2015-05-13 00:45 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe2015-05-13 00:45 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2015-05-13 00:45 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2015-05-13 00:45 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2015-05-13 00:45 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll2015-05-13 00:45 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2015-05-13 00:45 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2015-05-13 00:45 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2015-05-13 00:45 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll2015-05-13 00:45 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2015-05-13 00:45 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2015-05-13 00:45 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2015-05-13 00:45 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2015-05-13 00:45 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll2015-05-13 00:45 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-05-13 00:45 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe2015-05-13 00:45 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe2015-05-13 00:45 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe2015-05-13 00:45 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe2015-05-13 00:45 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2015-05-13 00:45 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2015-05-13 00:45 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2015-05-13 00:45 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2015-05-13 00:45 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2015-05-13 00:45 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe2015-05-13 00:45 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe2015-05-13 00:45 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2015-05-13 00:45 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll2015-05-13 00:45 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2015-05-13 00:45 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2015-05-13 00:45 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2015-05-13 00:45 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2015-05-13 00:45 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe2015-05-13 00:44 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll2015-05-13 00:44 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll2015-05-13 00:44 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2015-05-13 00:44 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2015-05-13 00:44 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2015-05-13 00:44 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-05-13 00:44 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll2015-05-13 00:44 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll2015-05-13 00:44 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll2015-05-13 00:44 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe2015-05-13 00:44 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe2015-05-13 00:40 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll2015-05-13 00:40 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll2015-05-13 00:40 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe2015-05-13 00:40 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll2015-05-13 00:40 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll2015-05-13 00:40 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll2015-05-13 00:40 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe2015-05-12 18:17 - 2015-05-12 18:17 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (16).exe2015-05-12 18:13 - 2015-05-12 18:13 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (15).exe2015-05-12 18:13 - 2015-05-12 18:13 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (14).exe2015-05-12 12:52 - 2015-05-12 12:53 - 00003684 _____ C:\Users\NewDesktop_3_2010\Downloads\OPTIONSHOUSE_2015_TRANSACTIONS_AccountHistoryReport.csv2015-05-12 12:28 - 2015-05-12 12:29 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\Garmin_Ltd._or_its_subsid2015-05-12 12:26 - 2015-05-12 12:26 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask2015-05-12 12:26 - 2015-05-12 12:26 - 00001892 _____ C:\Users\Public\Desktop\Garmin Express.lnk2015-05-12 12:26 - 2015-05-12 12:26 - 00000000 ____D C:\ProgramData\Garmin2015-05-12 12:21 - 2015-05-12 12:22 - 41023360 _____ (Garmin Ltd or its subsidiaries) C:\Users\NewDesktop_3_2010\Downloads\GarminExpress.exe2015-05-12 09:57 - 2015-05-12 09:57 - 00005245 _____ C:\Users\NewDesktop_3_2010\Downloads\AccountHistoryReport.csv2015-05-12 09:57 - 2015-05-12 09:57 - 00005245 _____ C:\Users\NewDesktop_3_2010\Downloads\AccountHistoryReport (1).csv ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-08 13:27 - 2014-10-12 11:57 - 00000956 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA.job2015-06-08 12:56 - 2014-02-19 11:46 - 00000000 ____D C:\FRST2015-06-08 12:49 - 2013-05-02 14:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-06-08 12:48 - 2011-02-21 11:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-06-08 12:29 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-06-08 12:29 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-06-08 11:27 - 2014-10-12 11:57 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core.job2015-06-08 10:45 - 2014-12-28 11:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-06-08 10:17 - 2015-01-25 18:38 - 00000312 _____ C:\Windows\Tasks\NUAutoUpdate.job2015-06-08 10:17 - 2010-03-15 22:23 - 00000000 ____D C:\ProgramData\TEMP2015-06-08 10:16 - 2013-10-28 09:48 - 00000095 _____ C:\Users\NewDesktop_3_2010\.accessibility.properties2015-06-08 10:16 - 2011-02-21 11:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-06-08 10:16 - 2010-03-16 21:13 - 00000000 ____D C:\Users\NewDesktop_3_20102015-06-08 10:16 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-06-08 03:00 - 2015-02-10 12:23 - 00000354 _____ C:\Windows\Tasks\SpeedDiskSchedule.job2015-06-07 22:11 - 2012-12-17 21:57 - 00004002 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9EC003F4-3A64-4D9A-B092-891289AE3404}2015-06-07 18:00 - 2012-11-07 15:21 - 00000490 _____ C:\Windows\Tasks\ParetoLogic Registration.job2015-06-07 10:41 - 2010-07-27 16:45 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\NPE2015-06-07 09:27 - 2015-02-25 16:38 - 00000306 _____ C:\Windows\Tasks\NUSchedule.job2015-06-07 09:27 - 2015-01-25 20:00 - 00074710 _____ C:\Windows\SysWOW64\AppLog.log2015-06-07 09:27 - 2015-01-25 18:44 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Roaming\Norton Utilities 162015-06-06 16:07 - 2012-02-09 18:00 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\LogMeIn Rescue Applet2015-06-05 11:42 - 2012-10-21 14:12 - 00000000 ____D C:\Program Files (x86)\Avanquest update2015-06-05 11:42 - 2010-03-10 06:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information2015-06-05 03:02 - 2014-12-10 04:26 - 00000000 ____D C:\Windows\system32\appraiser2015-06-05 03:02 - 2014-04-24 12:24 - 00000000 ___SD C:\Windows\system32\CompatTel2015-06-03 12:35 - 2010-04-07 08:42 - 09903104 ____R C:\Users\Public\Documents\ESBK.mbb2015-06-03 12:35 - 2010-04-07 08:42 - 04922368 ____R C:\Users\Public\Documents\ESBK.mb2015-06-02 08:39 - 2013-02-02 13:02 - 00003704 _____ C:\Windows\System32\Tasks\Java Update Scheduler2015-06-02 08:39 - 2013-01-26 13:59 - 00003694 _____ C:\Windows\System32\Tasks\Adobe online update program2015-06-02 07:54 - 2013-01-26 13:41 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 20122015-05-31 14:57 - 2014-12-28 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-05-31 14:57 - 2014-12-28 11:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-05-27 09:18 - 2014-05-31 13:20 - 00000000 ___RD C:\Program Files (x86)\Skype2015-05-27 08:49 - 2009-07-13 22:34 - 87031808 _____ C:\Windows\system32\config\software.rmbak2015-05-27 08:49 - 2009-07-13 22:34 - 00532480 _____ C:\Windows\system32\config\default.rmbak2015-05-27 08:35 - 2015-03-14 09:52 - 01093632 _____ C:\Users\Administrator\s-1-5-21-4200233565-3368421019-1326646657-500.rrr2015-05-27 08:35 - 2014-01-22 17:11 - 00000000 ____D C:\Users\Administrator2015-05-26 16:59 - 2013-05-03 11:55 - 00000000 ____D C:\Program Files\CCleaner2015-05-25 17:16 - 2010-04-24 09:40 - 00000424 _____ C:\Windows\Tasks\EasyShare Registration Task.job2015-05-21 13:22 - 2010-03-15 22:09 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton2015-05-21 13:22 - 2010-03-15 22:09 - 00000000 ____D C:\ProgramData\Norton2015-05-21 13:13 - 2012-02-11 19:10 - 00001309 _____ C:\Users\NewDesktop_3_2010\Desktop\Norton Installation Files.lnk2015-05-21 13:13 - 2010-03-15 22:09 - 00000000 ____D C:\Users\Public\Downloads\Norton2015-05-18 08:51 - 2013-05-14 14:05 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2015-05-16 14:08 - 2009-07-14 01:13 - 00862872 _____ C:\Windows\system32\PerfStringBackup.INI2015-05-16 13:43 - 2011-02-21 11:35 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-05-16 13:43 - 2011-02-21 11:35 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-05-15 11:21 - 2014-10-12 11:57 - 00003950 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA2015-05-15 11:21 - 2014-10-12 11:57 - 00003554 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core2015-05-13 04:51 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache2015-05-13 03:49 - 2013-04-04 18:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight2015-05-13 03:49 - 2013-04-04 18:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2015-05-13 03:49 - 2009-07-14 00:45 - 00340480 _____ C:\Windows\system32\FNTCACHE.DAT2015-05-13 03:44 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal2015-05-13 03:20 - 2013-08-08 12:56 - 00000000 ____D C:\Windows\system32\MRT2015-05-13 03:08 - 2010-04-15 07:11 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-05-13 03:03 - 2013-04-04 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2015-05-12 12:28 - 2013-01-26 12:49 - 00000000 ____D C:\Program Files\DIFX2015-05-12 12:27 - 2013-01-26 12:45 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Roaming\Garmin2015-05-12 12:27 - 2013-01-26 12:45 - 00000000 ____D C:\Program Files (x86)\Garmin2015-05-12 12:26 - 2013-01-26 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin2015-05-12 12:25 - 2012-11-20 23:32 - 00000000 ____D C:\ProgramData\Package Cache ==================== Files in the root of some directories ======= 2010-03-17 18:43 - 2015-04-14 20:46 - 0001948 _____ () C:\Users\NewDesktop_3_2010\AppData\Roaming\wklnhst.dat2014-05-25 01:04 - 2014-05-25 01:04 - 0893239 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\a.zip2014-05-25 01:04 - 2014-05-25 01:04 - 2162416 _____ (Catalina Marketing Corp) C:\Users\NewDesktop_3_2010\AppData\Local\BcsKtYcHW.dll2013-12-13 08:35 - 2013-12-13 08:36 - 0007605 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\Resmon.ResmonCfg2011-10-16 14:03 - 2011-10-16 14:03 - 0000000 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\{62C84699-B853-4384-BF6C-E456B46B3F4F}2011-08-10 22:57 - 2011-08-10 22:57 - 0000000 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\{FDF947EE-4675-4262-A24B-4D2DE1711DBD}2012-04-11 18:44 - 2012-04-13 09:54 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-04 01:15 ==================== End of log ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 9, 2015 Root Admin ID:968151 Share Posted June 9, 2015 I will go ahead and take over this topic per request. Please go ahead and run through the following steps and post back the logs when ready. STEP 04Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts.Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.The tool will open and start scanning your system.Please be patient as this can take a while to complete.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next reply messageWhen completed make sure to re-enable your antivirusSTEP 05Lets clean out any adware now: (this will require a reboot so save all your work)Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.STEP 06Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... linkOpen up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats foundOnce completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.STEP 07Please go here to run the online antivirus scannner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is untickedClick on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth TechnologyClick ScanWait for the scan to finishIf any threats were found, click the 'List of found threats' , then click Export to text file....Save it to your desktop, then please copy and paste that log as a reply to this topic.STEP 08Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bitDouble-click to run it. When the tool opens click Yes to disclaimer.Press the Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Link to post Share on other sites More sharing options...
yosoy4ever Posted June 9, 2015 Author ID:968185 Share Posted June 9, 2015 Hello..I ran the JRT in step 4 above and it SAVED the jrt.txt file to my desktop and I saw that MANY files had been deleted - BUT THEN when I went in to download the Adwcleaner in step 5 - SOMEHOW the jrt ran AGAIN, and in the MIDST of it running I had a brown out electrical disruption to my home and my pc rebooted and when I went in to go to step 5 - I saw that the jrt.txt log WAS GONE from my desktop and when I went into the search box after going to the bottom left windows globe...it was not there either ! So I ran the jrt all OVER AGAIN, and I got back the CLEAN log which I show you here !! Now I will go back and perform the OTHER STEPS you have outlined and will get back to you shortly. thank you, and please let me know if having done STEP 4 the second time did not screw us up !! Susan ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.9.1 (06.08.2015:1)OS: Windows 7 Home Premium x64Ran by NewDesktop_3_2010 on Tue 06/09/2015 at 10:13:34.55~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Chrome [C:\Users\NewDesktop_3_2010\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\NewDesktop_3_2010\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\NewDesktop_3_2010\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\NewDesktop_3_2010\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:[] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 06/09/2015 at 10:23:25.08End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
yosoy4ever Posted June 9, 2015 Author ID:968187 Share Posted June 9, 2015 I cannot run AdwCleaner...get when I try to run it and it says a problem caused it to shut down and Windows is working on a solution and will get back to me once a solution is found ? I disbled my Norton firewall and anti virus protection and get the SAME error pop up ? what do I do next to get Step 5 to work or should I go on to step 6 ? please advise. thanks, Susan Link to post Share on other sites More sharing options...
yosoy4ever Posted June 9, 2015 Author ID:968231 Share Posted June 9, 2015 I skipped number 5 since I was having trouble with it, and here are the two text files for STEP 6: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/9/2015 Scan Time: 2:07:26 PM Logfile: malwarebytes 6 9 2015 text file.txt Administrator: Yes Version: 2.01.6.1022 Malware Database: v2015.06.09.04 Rootkit Database: v2015.06.02.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: NewDesktop_3_2010 Scan Type: Threat Scan Result: Completed Objects Scanned: 553350 Time Elapsed: 2 hr, 8 min, 15 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Malwarebytes Anti-Malware www.malwarebytes.org Error, 6/9/2015 9:06:25 AM, SYSTEM, NEWDESKTOP_3_10, Protection, IsLicensed, 13, Protection, 6/9/2015 9:06:25 AM, SYSTEM, NEWDESKTOP_3_10, Protection, Malware Protection, Stopping, Protection, 6/9/2015 9:06:25 AM, SYSTEM, NEWDESKTOP_3_10, Protection, Malware Protection, Stopped, Error, 6/9/2015 10:48:46 AM, SYSTEM, NEWDESKTOP_3_10, Protection, IsLicensed, 13, Protection, 6/9/2015 10:48:46 AM, SYSTEM, NEWDESKTOP_3_10, Protection, Malware Protection, Stopping, Protection, 6/9/2015 10:48:46 AM, SYSTEM, NEWDESKTOP_3_10, Protection, Malware Protection, Stopped, Update, 6/9/2015 2:05:00 PM, SYSTEM, NEWDESKTOP_3_10, Manual, Malware Database, 2015.6.8.3, 2015.6.9.4, Scan, 6/9/2015 4:16:04 PM, SYSTEM, NEWDESKTOP_3_10, Manual, Start:6/9/2015 2:07:26 PM, Duration:2 hr 8 min 15 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, (end) Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 10, 2015 Root Admin ID:968270 Share Posted June 10, 2015 Well a power outage is not a good thing for any computer to reboot from. I had one actually just the other day and it ended up corrupting the controller front panel board and I had to replace it from Dell.Please click on START and type in CMD.EXE and wait for it to show on your menu. When it does then using the mouse right click over it and choose "Run as administrator" then type the following exactly. CHKDSK C: /RThen it will tell you that it cannot lock the drive and ask if you want to run it after a restart. Press the Y key and the Enter key and then restart your computer to let it run. C:\>chkdsk c: /RThe type of the file system is NTFS.Cannot lock current drive.Chkdsk cannot run because the volume is in use by anotherprocess. Would you like to schedule this volume to bechecked the next time the system restarts? (Y/N) On Windows 7 the disk check log is in the Event Logs under Application with a heading source of Wininit How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8 When the disk check is done then please copy the results from the Event Log here on your next reply. How to access it is in the link above. Once that's done then you'll need to find your copy of AdAware Cleaner and delete it. Then temporarily disable your antivirus and download a new copy of AdwCleaner and save it to your desktop and quit your Browser. Then find the downloaded file and right click over it and choose "Run as administrator" to run it. Once done with the "clean" it should restart the computer again. Make sure your antivirus is then re-enabled if it did not do so on its' own. So basically follow STEP 5 again after reboot and make sure antivirus is disabled. Thanks Link to post Share on other sites More sharing options...
yosoy4ever Posted June 10, 2015 Author ID:968302 Share Posted June 10, 2015 Here are STEP 7 results which identified 18 files. It took SEVERAL HOURS to run this ESET scan. C:\Users\NewDesktop_3_2010\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\NewDesktop_3_2010\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\NewDesktop_3_2010\Downloads\ccsetup504.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\NewDesktop_3_2010\Downloads\ccsetup505.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\NewDesktop_3_2010\Downloads\ccsetup506.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2014-10-10_09-27-42\Memeo\2014-10-10_09-27-42\C_\Users\NewDesktop_3_2010\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2014-10-10_09-27-42\Memeo\2014-10-10_09-27-42\C_\Users\NewDesktop_3_2010\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2014-10-10_09-27-42\Memeo\2014-10-10_09-27-42\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 225330.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2014-10-10_09-27-42\Memeo\2014-10-10_09-27-42\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 477364.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\ccsetup504.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\ccsetup505.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\ccsetup506.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 424170.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 424170@2015-03-31T19;37;06.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 80959.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 827091.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application Link to post Share on other sites More sharing options...
yosoy4ever Posted June 10, 2015 Author ID:968305 Share Posted June 10, 2015 here are the TWO logs for STEP 8 scans: C:\Users\NewDesktop_3_2010\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\NewDesktop_3_2010\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\NewDesktop_3_2010\Downloads\ccsetup504.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\NewDesktop_3_2010\Downloads\ccsetup505.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\NewDesktop_3_2010\Downloads\ccsetup506.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2014-10-10_09-27-42\Memeo\2014-10-10_09-27-42\C_\Users\NewDesktop_3_2010\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2014-10-10_09-27-42\Memeo\2014-10-10_09-27-42\C_\Users\NewDesktop_3_2010\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2014-10-10_09-27-42\Memeo\2014-10-10_09-27-42\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 225330.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2014-10-10_09-27-42\Memeo\2014-10-10_09-27-42\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 477364.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\ccsetup504.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\ccsetup505.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\ccsetup506.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 424170.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 424170@2015-03-31T19;37;06.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 80959.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 827091.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015 Ran by NewDesktop_3_2010 at 2015-06-10 01:57:18 Running from C:\Users\NewDesktop_3_2010\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4200233565-3368421019-1326646657-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-4200233565-3368421019-1326646657-501 - Limited - Disabled) NewDesktop_3_2010 (S-1-5-21-4200233565-3368421019-1326646657-1002 - Administrator - Enabled) => C:\Users\NewDesktop_3_2010 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Amazon Cloud Player (HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Amazon Amazon Cloud Player) (Version: 2.1.0.381 - Amazon Services LLC) Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC) AnswerWorks 4.0 Runtime - English (HKLM-x32\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies) AnswerWorks 5.0 English Runtime (HKLM-x32\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics) AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft) ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft) ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft) ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft) ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft) ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft) CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden CardRd81 (x32 Version: 4.00.0000.0004 - EASTMAN KODAK Company) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform) CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.4.0 - Conexant) CR2 (x32 Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell) Dell Driver Download Manager (HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc) Elevated Installer (x32 Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Hidden EPSON Printer Software (HKLM-x32\...\EPSON Printer and Utilities) (Version: - ) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden ESScore (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden Garmin Express (HKLM-x32\...\{cc3a3e9f-5960-4162-9538-497b3a82b52e}) (Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.) Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.) Graboid Video 3.58 (HKLM-x32\...\Graboid Video) (Version: 3.58 - Graboid Inc.) Graboid Video 3.58 Setup (HKLM-x32\...\{bcb1ff51-51a4-4048-b534-3a9b3aa4acce}) (Version: 3.5.8 - FUSENET) IBM ViaVoice Integration With 1-2-3 (HKLM-x32\...\IBM ViaVoice Integration With 123) (Version: - ) IBM ViaVoice Outloud Runtime - US English (HKLM-x32\...\VV_Outloud_En_US) (Version: - ) IBM ViaVoice Technology, Dictation Runtime 5.3 (HKLM-x32\...\DeleteProdRunDictate_US) (Version: - ) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) ItsDeductible Express (HKLM-x32\...\{36495C59-089C-49D1-BD15-9E5BD86DC9A1}) (Version: 1.00.0000 - Intuit) Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Keyboard Lock Status (HKLM-x32\...\{144A1586-E16C-448D-910D-E12ACD65DD98}) (Version: 1.00.0000 - Logitech) Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company) Lexmark 3400 Series (HKLM\...\Lexmark 3400 Series) (Version: - Lexmark International, Inc.) LifeScan USB Device Driver vSL2.0 (Driver Removal) (HKLM-x32\...\LFSVCOMM&10C4&85A7) (Version: - LifeScan Inc) Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.) Lotus 1-2-3 (HKLM-x32\...\123Suite V99.0) (Version: - ) LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony) Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony) Media Go Video Playback Engine 2.12.105.06300 (HKLM-x32\...\{14BF28ED-011F-64B1-F830-A5D351E6ACDB}) (Version: 2.12.105.06300 - Sony) Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7494 - Memeo Inc.) Meter Drivers for OneTouch® Software (x32 Version: 1.10.0.0 - LifeScan) Hidden Meter Drivers for OneTouch® Software (x32 Version: 1.9.1.0 - LifeScan) Hidden Meter Drivers for OneTouch® Software v1.10.0.0 (HKLM-x32\...\InstallShield_{A2C173E1-FB29-4B31-8ED6-CBEE8025E00A}) (Version: 1.10.0.0 - LifeScan) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Easy Assist v2 (HKLM-x32\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation) Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.4276.0) (Version: 4.0.4276.0 - Microsoft Corporation) Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{64C12304-7010-43F3-A25B-BDC38DE41E46}) (Version: 4.0.4276.0 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden Norton Identity Safe (HKLM-x32\...\NST) (Version: 2013.4.0.10 - Symantec Corporation) Norton Security (HKLM-x32\...\NS) (Version: 22.2.0.31 - Symantec Corporation) Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation) novaPDF Professional Desktop 7.5 printer (HKLM\...\novaPDF Professional Desktop 7 printer_is1) (Version: - Softland) OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden OneSuite Phone version 1.0.8.21 (HKLM-x32\...\{247969F9-4B17-47DB-9CDA-457D28BFAD9F}_is1) (Version: 1.0.8.21 - OneSuite Corporation) OneTouch Software (HKLM-x32\...\{82FEBE5D-61EC-4365-A213-2B278780945E}) (Version: - ) oneworld Timetables (HKLM-x32\...\ONEWORLD) (Version: - ) P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis) ParetoLogic Data Recovery (HKLM-x32\...\{B1C2398C-6FAB-46D1-806C-5942F0829994}) (Version: 1.1.0 - ParetoLogic) PDFZilla V1.2.9 (HKLM-x32\...\PDFZilla_is1) (Version: - PDFZilla, Inc.) PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC) Power E*TRADE Pro (HKLM-x32\...\{7FFF37C7-94A1-4CC0-B9FE-907F7542999D}) (Version: - ) PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.) Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.9.16 - Intuit) Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek) Realtek High Definit
Recommended Posts