Jump to content

PUP.OPTIONAL.MINDSPARK.A. seems to be causing severe slowdown of my PC


Recommended Posts

Hello..I have not been back to this forum in awhile, but the last few days MY PC HAS GOTTEN very slow and lethargic and takes a lot of time to get to ANY website.  I ran malewarebytes and found that a PUP.OPTIONAL.MINDSPARK.A seems to have infected my PC.  I put the results in quarantine.  I also ran SPYBOT and that seemed to find other maleware that Malewarebytes did not, e.g. CouponBar, FunWebProducts,W3i.IQ5.fraud, Casale Media, Burst Media, MediaPlex,DoubleClick.  Can you please help me to get rid of all this bad stuff and help me to get my PC running at a good speed ?  I await your instructions as to what I need to do.  thanks,  Susan  Tuesday  June 2, 2015 at 7:15 pm edst

Link to post
Share on other sites

Hello yosoy4ever! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites

Here is the frst.txt that MANIAC told me to send in ....... and I DID NOT SEE ANY ADDITION.TXT and when I searced for it it is nowhere to be found.is this possible ?  Please let me know what to do to GET YOU an addition.txt if I did something wrong...thanks, Susan

 

 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by NewDesktop_3_2010 (administrator) on NEWDESKTOP_3_10 on 03-06-2015 13:55:49
Running from C:\Users\NewDesktop_3_2010\Downloads
Loaded Profiles: NewDesktop_3_2010 (Available Profiles: NewDesktop_3_2010 & Administrator & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
( ) C:\Windows\System32\lxcycoms.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe
(PC Tools) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
(Logitech, Inc.) C:\Windows\LockStatusTray.exe
() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-07-26] (Memeo Inc.)
HKLM-x32\...\Run: [sSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-01-17] (Symantec Corporation)
HKLM-x32\...\Run: [LockStatusTray] => C:\Windows\LockStatusTray.exe [192512 2008-02-19] (Logitech, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403224 2015-05-07] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Policies\Explorer: [NoInstrumentation] 1
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock.lnk [2014-01-22]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk [2010-03-10]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk [2010-03-10]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk [2013-05-02]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
SearchScopes: HKLM -> {4FA2740A-3248-40EF-91AD-C4115EBE0A3C} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {5B6DF038-D9DD-484B-B484-F20DAD050321} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002 -> {E86B926B-C848-46AC-B13C-C8558AA4287A} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130937,20028,0,18,0
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll [2013-05-30] (Symantec Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll [2013-05-30] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {15B782AF-55D8-11D1-B477-006097098764} https://lms.aa.com/sumtotal/nas/wbt/d/d1/cab/awswaxd.cab
DPF: HKLM-x32 {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: HKLM-x32 {413D6754-BFD4-47FE-9346-319559290BFA} https://www.webpcfos.com/webpcfos/websabre/HTEweb_v.cab
DPF: HKLM-x32 {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-24] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-24] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @talk.google.com/O1DPlugin -> C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @tools.google.com/Google Update;version=3 -> C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @tools.google.com/Google Update;version=9 -> C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll [2012-07-24] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\NewDesktop_3_2010\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\NewDesktop_3_2010\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn [2015-06-03]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.2.0.31\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.2.0.31\coFFPlgn [2015-06-03]
 
Chrome: 
=======
CHR Profile: C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ShopAtHome.com) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2015-05-31]
CHR Extension: (Bookmark Manager) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-20]
CHR Extension: (Norton Identity Safe) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-21]
CHR Extension: (Hangouts) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2014-10-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-31]
CHR Extension: (Hangouts) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-05-31]
CHR Extension: (Google Wallet) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]
CHR Extension: (Norton Security Toolbar) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-05-31]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\Exts\Chrome.crx [2013-06-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1150592 2014-01-17] (Symantec Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [715784 2015-05-07] (Garmin Ltd. or its subsidiaries)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
R2 lxcy_device; C:\Windows\system32\lxcycoms.exe [566192 2006-11-29] ( )
R2 lxcy_device; C:\Windows\SysWOW64\lxcycoms.exe [566192 2006-11-29] ( )
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe [282528 2015-04-01] (Symantec Corporation)
R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [795776 2014-01-17] (PC Tools)
S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1163904 2014-01-17] (Symantec Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\BASHDefs\20150601.001\BHDrvx64.sys [1640152 2015-05-21] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1602000.01F\ccSetx64.sys [165080 2015-03-26] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\IPSDefs\20150602.001\IDSvia64.sys [684248 2015-05-25] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\VirusDefs\20150602.039\ENG64.SYS [129752 2014-11-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\VirusDefs\20150602.039\EX64.SYS [2137304 2014-11-15] (Symantec Corporation)
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.)
R0 PxHlpa64; C:\Windows\SysWOW64\Drivers\PxHlpa64.sys [26720 2004-09-23] (Sonic Solutions) [File not signed]
R3 SRTSP; C:\Windows\system32\drivers\NSx64\1602000.01F\SRTSP64.SYS [916184 2015-03-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1602000.01F\SRTSPX64.SYS [42200 2015-03-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NSx64\1602000.01F\SYMDS64.SYS [490712 2015-03-26] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NSx64\1602000.01F\SYMEFA64.SYS [1151704 2015-03-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-05-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1602000.01F\Ironx64.SYS [271576 2015-03-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NSx64\1602000.01F\SYMNETS.SYS [565464 2015-03-26] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-08-10] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-03 13:54 - 2015-06-03 13:54 - 02108928 _____ (Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64 (1).exe
2015-06-03 02:02 - 2015-06-03 02:02 - 00005864 _____ () C:\Windows\system32\cc_20150603_020213.reg
2015-06-02 16:29 - 2015-06-02 16:29 - 00285335 _____ () C:\Users\NewDesktop_3_2010\Downloads\HealthSummary20150602.zip
2015-06-02 08:40 - 2015-06-02 08:40 - 00003762 _____ () C:\Windows\System32\Tasks\ArcSoft Connect Daemon
2015-06-02 07:28 - 2015-06-02 15:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-06-02 07:28 - 2015-06-02 07:28 - 00001280 _____ () C:\Users\NewDesktop_3_2010\Desktop\Spybot - Search & Destroy.lnk
2015-06-02 07:28 - 2015-06-02 07:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-06-02 07:28 - 2015-06-02 07:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-06-02 07:26 - 2015-06-02 07:26 - 16409960 _____ (Safer Networking Limited ) C:\Users\NewDesktop_3_2010\Downloads\spybotsd162 (1).exe
2015-06-02 07:25 - 2015-06-02 07:26 - 16409960 _____ (Safer Networking Limited ) C:\Users\NewDesktop_3_2010\Downloads\spybotsd162.exe
2015-05-31 15:55 - 2015-06-03 13:47 - 00103516 _____ () C:\Windows\WindowsUpdate.log
2015-05-31 15:54 - 2015-05-31 15:54 - 00081320 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-31 15:48 - 2015-05-31 15:50 - 00000000 ____D () C:\AdwCleaner
2015-05-31 15:42 - 2015-05-31 15:42 - 02223104 _____ () C:\Users\NewDesktop_3_2010\Downloads\adwcleaner_4.205.exe
2015-05-28 16:51 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-05-28 16:35 - 2015-05-28 16:35 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Local\{A7EDB781-4C87-4C1B-93B8-2BC47871B562}
2015-05-28 15:17 - 2015-05-28 15:17 - 00015139 _____ () C:\Users\NewDesktop_3_2010\Downloads\KATRINA - I STILL HAVE NOT RECEIVED THE REQUESTED FORM, HAVE NOT RECEIVED ANY RESPONSE IN THE MAIL....RE Katrina - I need a copy of the TENANT AUTO INFORMATION FORM SENT TO ME ASAP (1).zip
2015-05-26 16:57 - 2015-05-26 16:57 - 06549184 _____ (Piriform Ltd) C:\Users\NewDesktop_3_2010\Downloads\ccsetup506.exe
2015-05-25 11:09 - 2015-05-25 11:09 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Local\{E71D18C5-71DF-4AA7-B428-39CD7A2DDBA3}
2015-05-24 23:08 - 2015-05-24 23:08 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Local\{D144978D-3187-4479-A82C-ADB43C10113B}
2015-05-24 11:07 - 2015-05-24 11:07 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Local\{235E64BE-D04A-44C3-836C-0CBCE003941D}
2015-05-23 23:06 - 2015-05-23 23:06 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Local\{BB63F625-D151-49FB-9016-0F7E181DCFDB}
2015-05-23 11:06 - 2015-05-23 11:06 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Local\{1DF7316D-01C3-433D-9C80-684FF104037A}
2015-05-23 10:33 - 2015-05-23 10:33 - 00048637 _____ () C:\Users\NewDesktop_3_2010\FABAR JAN 8 2015 SECOND RUN.txt
2015-05-23 10:32 - 2015-05-23 10:32 - 00050836 _____ () C:\Users\NewDesktop_3_2010\FABAR JAN 8 2015 FIRST RUN.txt
2015-05-23 10:31 - 2015-05-23 10:31 - 00001040 _____ () C:\Users\NewDesktop_3_2010\fixlist.txt
2015-05-22 15:10 - 2015-05-22 15:10 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-igxRSQcK.exe
2015-05-22 15:09 - 2015-05-22 15:09 - 00000000 ____D () C:\Program Files (x86)\Valassis
2015-05-22 15:06 - 2015-05-22 15:06 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-VZqT1rla.exe
2015-05-21 21:16 - 2015-05-21 21:16 - 00022839 _____ () C:\Users\NewDesktop_3_2010\Downloads\Invoke Solutions may 21 2015 forum for one hundred sixty five dollars for one and a half hour online forum participation by EJO.html
2015-05-21 21:16 - 2015-05-21 21:16 - 00000000 ____D () C:\Users\NewDesktop_3_2010\Downloads\Invoke Solutions may 21 2015 forum for one hundred sixty five dollars for one and a half hour online forum participation by EJO_files
2015-05-21 17:40 - 2015-05-21 17:40 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (9).exe
2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (8).exe
2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (7).exe
2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (6).exe
2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (5).exe
2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (4).exe
2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (3).exe
2015-05-21 17:35 - 2015-05-21 17:35 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (2).exe
2015-05-21 16:32 - 2015-05-21 16:32 - 00001088 _____ () C:\Users\Public\Desktop\OneSuite Phone.lnk
2015-05-21 16:32 - 2015-05-21 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSuite
2015-05-21 16:32 - 2015-05-21 16:32 - 00000000 ____D () C:\Program Files (x86)\OneSuite
2015-05-21 16:31 - 2015-05-21 16:31 - 10951142 _____ (OneSuite Corporation ) C:\Users\NewDesktop_3_2010\Downloads\ospsetup.exe
2015-05-21 16:31 - 2015-05-21 16:31 - 10951142 _____ (OneSuite Corporation ) C:\Users\NewDesktop_3_2010\Downloads\ospsetup (1).exe
2015-05-21 13:22 - 2015-05-21 13:22 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security
2015-05-21 13:18 - 2015-05-21 13:18 - 00003216 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2015-05-21 13:17 - 2015-05-21 13:17 - 00102616 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-05-21 13:17 - 2015-05-21 13:17 - 00008214 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-05-21 13:17 - 2015-05-21 13:17 - 00002470 _____ () C:\Users\Public\Desktop\Norton Security.lnk
2015-05-21 13:17 - 2015-05-21 13:17 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-05-21 13:15 - 2015-05-21 13:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2015-05-21 13:15 - 2015-05-21 13:15 - 00000000 ____D () C:\Windows\system32\Drivers\NSx64
2015-05-21 13:15 - 2015-05-21 13:15 - 00000000 ____D () C:\Program Files (x86)\Norton Security
2015-05-21 12:56 - 2015-05-21 13:02 - 01445376 _____ () C:\Users\NewDesktop_3_2010\Desktop\ID Safe BackUp.DAT
2015-05-21 11:29 - 2015-05-21 11:29 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (24).exe
2015-05-21 11:29 - 2015-05-21 11:29 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (23).exe
2015-05-21 11:29 - 2015-05-21 11:29 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (22).exe
2015-05-21 10:19 - 2015-05-21 10:36 - 00001046 _____ () C:\Users\NewDesktop_3_2010\Downloads\transcript.txt
2015-05-18 14:20 - 2015-05-18 14:20 - 00015139 _____ () C:\Users\NewDesktop_3_2010\Downloads\KATRINA - I STILL HAVE NOT RECEIVED THE REQUESTED FORM, HAVE NOT RECEIVED ANY RESPONSE IN THE MAIL....RE Katrina - I need a copy of the TENANT AUTO INFORMATION FORM SENT TO ME ASAP.zip
2015-05-16 14:05 - 2015-05-16 14:05 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Local\{ADE026BA-C1E9-460A-A563-849768108DA5}
2015-05-13 03:03 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:03 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 00:46 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 00:46 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 00:46 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 00:46 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 00:46 - 2015-04-10 12:54 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 00:46 - 2015-04-10 12:44 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 00:46 - 2015-04-10 12:43 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 00:46 - 2015-04-10 12:43 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 00:46 - 2015-04-10 12:39 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 00:46 - 2015-04-10 12:39 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 00:46 - 2015-04-10 12:38 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 00:46 - 2015-04-10 12:37 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 00:46 - 2015-04-10 12:37 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 00:46 - 2015-04-10 12:37 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-13 00:46 - 2015-04-10 12:36 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-13 00:46 - 2015-04-10 11:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 00:46 - 2015-04-10 11:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 00:46 - 2015-04-10 11:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 00:46 - 2015-04-10 11:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 00:46 - 2015-04-10 11:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 00:46 - 2015-04-10 11:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 00:46 - 2015-04-10 11:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 00:46 - 2015-04-10 11:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 00:46 - 2015-04-10 11:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 00:46 - 2015-04-10 11:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 00:46 - 2015-04-10 11:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 00:46 - 2015-04-10 11:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 00:46 - 2015-04-10 11:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-13 00:46 - 2015-04-10 11:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 00:46 - 2015-04-10 11:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 00:46 - 2015-04-10 11:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 00:46 - 2015-04-10 11:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 00:46 - 2015-04-10 11:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 00:46 - 2015-04-10 11:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 00:46 - 2015-04-10 11:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-13 00:46 - 2015-04-10 11:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-13 00:46 - 2015-04-10 11:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-05-13 00:45 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 00:45 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 00:45 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 00:45 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 00:45 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 00:45 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 00:45 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 00:45 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 00:45 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 00:45 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 00:45 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 00:45 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 00:45 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 00:45 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 00:45 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 00:45 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 00:45 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 00:45 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 00:45 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 00:45 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 00:45 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 00:45 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 00:45 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 00:45 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 00:45 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 00:45 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 00:45 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 00:45 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 00:45 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 00:45 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 00:45 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 00:45 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 00:45 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 00:45 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 00:45 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 00:45 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 00:45 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 00:45 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 00:45 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 00:45 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 00:45 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 00:45 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 00:45 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 00:45 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 00:45 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 00:44 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 00:44 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 00:44 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 00:44 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 00:44 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 00:44 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 00:44 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 00:44 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 00:44 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 00:44 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 00:44 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 00:40 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 00:40 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 00:40 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 00:40 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 00:40 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 00:40 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 00:40 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 18:17 - 2015-05-12 18:17 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (16).exe
2015-05-12 18:13 - 2015-05-12 18:13 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (15).exe
2015-05-12 18:13 - 2015-05-12 18:13 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (14).exe
2015-05-12 12:52 - 2015-05-12 12:53 - 00003684 _____ () C:\Users\NewDesktop_3_2010\Downloads\OPTIONSHOUSE_2015_TRANSACTIONS_AccountHistoryReport.csv
2015-05-12 12:28 - 2015-05-12 12:29 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Local\Garmin_Ltd._or_its_subsid
2015-05-12 12:26 - 2015-05-12 12:26 - 00003554 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2015-05-12 12:26 - 2015-05-12 12:26 - 00001892 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2015-05-12 12:26 - 2015-05-12 12:26 - 00000000 ____D () C:\ProgramData\Garmin
2015-05-12 12:21 - 2015-05-12 12:22 - 41023360 _____ (Garmin Ltd or its subsidiaries) C:\Users\NewDesktop_3_2010\Downloads\GarminExpress.exe
2015-05-12 09:57 - 2015-05-12 09:57 - 00005245 _____ () C:\Users\NewDesktop_3_2010\Downloads\AccountHistoryReport.csv
2015-05-12 09:57 - 2015-05-12 09:57 - 00005245 _____ () C:\Users\NewDesktop_3_2010\Downloads\AccountHistoryReport (1).csv
2015-05-08 08:29 - 2015-05-08 08:29 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-HzwVgEwY.exe
2015-05-07 20:13 - 2015-05-07 20:13 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-vSkdxTR1.exe
2015-05-06 19:58 - 2015-05-06 20:00 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64 (5).exe
2015-05-06 19:58 - 2015-05-06 20:00 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64 (4).exe
2015-05-06 19:58 - 2015-05-06 20:00 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64 (3).exe
2015-05-06 19:58 - 2015-05-06 19:58 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64 (2).exe
2015-05-06 19:58 - 2015-05-06 19:58 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64 (1).exe
2015-05-06 19:57 - 2015-05-06 19:57 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64.exe
2015-05-04 17:44 - 2015-05-04 17:44 - 02811464 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\CouponPrinterCPS (3).exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-03 13:55 - 2014-02-19 11:46 - 00000000 ____D () C:\FRST
2015-06-03 13:55 - 2014-02-18 14:54 - 00026043 _____ () C:\Users\NewDesktop_3_2010\Downloads\FRST.txt
2015-06-03 13:48 - 2013-05-02 14:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-03 13:48 - 2011-02-21 11:35 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-03 13:48 - 2011-02-21 11:35 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-03 13:26 - 2014-10-12 11:57 - 00000956 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA.job
2015-06-03 12:35 - 2010-04-07 08:42 - 09903104 ____R () C:\Users\Public\Documents\ESBK.mbb
2015-06-03 12:35 - 2010-04-07 08:42 - 04922368 ____R () C:\Users\Public\Documents\ESBK.mb
2015-06-03 11:26 - 2014-10-12 11:57 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core.job
2015-06-03 09:26 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-03 09:26 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-03 09:23 - 2015-01-25 18:38 - 00000312 _____ () C:\Windows\Tasks\NUAutoUpdate.job
2015-06-03 09:23 - 2013-10-28 09:48 - 00000095 _____ () C:\Users\NewDesktop_3_2010\.accessibility.properties
2015-06-03 09:23 - 2010-03-16 21:13 - 00000000 ____D () C:\Users\NewDesktop_3_2010
2015-06-03 09:23 - 2010-03-15 22:23 - 00000000 ____D () C:\ProgramData\TEMP
2015-06-03 09:18 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-02 18:00 - 2012-11-07 15:21 - 00000490 _____ () C:\Windows\Tasks\ParetoLogic Registration.job
2015-06-02 11:16 - 2015-01-25 18:44 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Roaming\Norton Utilities 16
2015-06-02 08:39 - 2013-02-02 13:02 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2015-06-02 08:39 - 2013-01-26 13:59 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
2015-06-02 07:54 - 2013-01-26 13:41 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2012
2015-06-02 03:00 - 2015-02-10 12:23 - 00000354 _____ () C:\Windows\Tasks\SpeedDiskSchedule.job
2015-06-01 19:59 - 2014-12-28 11:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-31 19:22 - 2012-12-17 21:57 - 00004002 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9EC003F4-3A64-4D9A-B092-891289AE3404}
2015-05-31 14:57 - 2014-12-28 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-31 14:57 - 2014-12-28 11:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-31 08:58 - 2015-02-25 16:38 - 00000306 _____ () C:\Windows\Tasks\NUSchedule.job
2015-05-31 08:58 - 2015-01-25 20:00 - 00074710 _____ () C:\Windows\SysWOW64\AppLog.log
2015-05-27 09:18 - 2014-05-31 13:20 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-27 08:49 - 2009-07-13 22:34 - 87031808 _____ () C:\Windows\system32\config\software.rmbak
2015-05-27 08:49 - 2009-07-13 22:34 - 00532480 _____ () C:\Windows\system32\config\default.rmbak
2015-05-27 08:35 - 2015-03-14 09:52 - 01093632 _____ () C:\Users\Administrator\s-1-5-21-4200233565-3368421019-1326646657-500.rrr
2015-05-27 08:35 - 2014-01-22 17:11 - 00000000 ____D () C:\Users\Administrator
2015-05-26 16:59 - 2013-05-03 11:55 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-25 17:16 - 2010-04-24 09:40 - 00000424 _____ () C:\Windows\Tasks\EasyShare Registration Task.job
2015-05-22 19:06 - 2012-02-09 18:00 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Local\LogMeIn Rescue Applet
2015-05-21 13:22 - 2010-03-15 22:09 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2015-05-21 13:22 - 2010-03-15 22:09 - 00000000 ____D () C:\ProgramData\Norton
2015-05-21 13:13 - 2012-02-11 19:10 - 00001309 _____ () C:\Users\NewDesktop_3_2010\Desktop\Norton Installation Files.lnk
2015-05-21 13:13 - 2010-03-15 22:09 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2015-05-18 08:51 - 2013-05-14 14:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-16 14:08 - 2009-07-14 01:13 - 00862872 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-16 13:43 - 2011-02-21 11:35 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 13:43 - 2011-02-21 11:35 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 11:21 - 2014-10-12 11:57 - 00003950 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA
2015-05-15 11:21 - 2014-10-12 11:57 - 00003554 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core
2015-05-13 04:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 03:49 - 2013-04-04 18:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 03:49 - 2013-04-04 18:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 03:49 - 2009-07-14 00:45 - 00340480 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 03:44 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 03:20 - 2013-08-08 12:56 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 03:08 - 2010-04-15 07:11 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 03:03 - 2013-04-04 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 12:28 - 2013-01-26 12:49 - 00000000 ____D () C:\Program Files\DIFX
2015-05-12 12:27 - 2013-01-26 12:45 - 00000000 ____D () C:\Users\NewDesktop_3_2010\AppData\Roaming\Garmin
2015-05-12 12:27 - 2013-01-26 12:45 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-05-12 12:26 - 2013-01-26 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-05-12 12:25 - 2012-11-20 23:32 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-06 19:59 - 2014-08-25 12:24 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-05-06 19:59 - 2014-08-25 12:24 - 00000000 ____D () C:\Program Files\Java
2015-05-06 19:53 - 2013-10-28 01:46 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-06 19:52 - 2010-03-10 06:11 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-06 19:49 - 2015-04-13 10:21 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-06 19:39 - 2011-11-29 09:56 - 00002037 _____ () C:\Users\NewDesktop_3_2010\Desktop\E-TRADE Pro.lnk
 
==================== Files in the root of some directories =======
 
2010-03-17 18:43 - 2015-04-14 20:46 - 0001948 _____ () C:\Users\NewDesktop_3_2010\AppData\Roaming\wklnhst.dat
2014-05-25 01:04 - 2014-05-25 01:04 - 0893239 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\a.zip
2014-05-25 01:04 - 2014-05-25 01:04 - 2162416 _____ (Catalina Marketing Corp) C:\Users\NewDesktop_3_2010\AppData\Local\BcsKtYcHW.dll
2013-12-13 08:35 - 2013-12-13 08:36 - 0007605 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\Resmon.ResmonCfg
2011-10-16 14:03 - 2011-10-16 14:03 - 0000000 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\{62C84699-B853-4384-BF6C-E456B46B3F4F}
2011-08-10 22:57 - 2011-08-10 22:57 - 0000000 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\{FDF947EE-4675-4262-A24B-4D2DE1711DBD}
2012-04-11 18:44 - 2012-04-13 09:54 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-24 00:21
 
==================== End of log ============================
 
 

 

Link to post
Share on other sites

I finally found an addition.txt in my NOTEPAD, but it seems to be an OLD ONE that I think I ran back in January, 2015 when I had ANOTHER maleware problem ? Here it is below, let me know what to do or if I should re-run FABAR. thanks, Susan

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-01-2015

Ran by NewDesktop_3_2010 at 2015-01-10 11:43:07

Running from C:\Users\NewDesktop_3_2010\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

AirDroid 3.0.2 (HKLM-x32\...\AirDroid) (Version: 3.0.2 - Sand Studio)

Amazon Cloud Player (HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Amazon Amazon Cloud Player) (Version: 2.1.0.381 - Amazon Services LLC)

Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)

AnswerWorks 4.0 Runtime - English (HKLM-x32\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)

AnswerWorks 5.0 English Runtime (HKLM-x32\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics)

AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)

ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)

ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft)

ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft)

ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)

ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft)

ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft)

ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft)

ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)

Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.31 - Avanquest Software)

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)

CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden

CardRd81 (x32 Version: 4.00.0000.0004 - EASTMAN KODAK Company) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)

CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.4.0 - Conexant)

CR2 (x32 Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)

Dell Driver Download Manager (HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)

Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)

EPSON Printer Software (HKLM-x32\...\EPSON Printer and Utilities) (Version: - )

erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden

ESScore (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden

ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden

ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden

ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden

essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden

Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)

Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)

Graboid Video 3.58 (HKLM-x32\...\Graboid Video) (Version: 3.58 - Graboid Inc.)

Graboid Video 3.58 Setup (HKLM-x32\...\{bcb1ff51-51a4-4048-b534-3a9b3aa4acce}) (Version: 3.5.8 - FUSENET)

IBM ViaVoice Integration With 1-2-3 (HKLM-x32\...\IBM ViaVoice Integration With 123) (Version: - )

IBM ViaVoice Outloud Runtime - US English (HKLM-x32\...\VV_Outloud_En_US) (Version: - )

IBM ViaVoice Technology, Dictation Runtime 5.3 (HKLM-x32\...\DeleteProdRunDictate_US) (Version: - )

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)

Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )

ItsDeductible Express (HKLM-x32\...\{36495C59-089C-49D1-BD15-9E5BD86DC9A1}) (Version: 1.00.0000 - Intuit)

Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Keyboard Lock Status (HKLM-x32\...\{144A1586-E16C-448D-910D-E12ACD65DD98}) (Version: 1.00.0000 - Logitech)

Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)

Lexmark 3400 Series (HKLM\...\Lexmark 3400 Series) (Version: - Lexmark International, Inc.)

Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)

Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)

Lotus 1-2-3 (HKLM-x32\...\123Suite V99.0) (Version: - )

LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)

Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)

Media Go Video Playback Engine 2.12.105.06300 (HKLM-x32\...\{14BF28ED-011F-64B1-F830-A5D351E6ACDB}) (Version: 2.12.105.06300 - Sony)

Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7494 - Memeo Inc.)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Easy Assist v2 (HKLM-x32\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden

Norton Identity Safe (HKLM-x32\...\NST) (Version: 2013.4.0.10 - Symantec Corporation)

Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)

Norton Utilities (HKLM-x32\...\Norton Utilities_is1) (Version: 14.5 - Symantec Corporation)

novaPDF Professional Desktop 7.5 printer (HKLM\...\novaPDF Professional Desktop 7 printer_is1) (Version: - Softland)

OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden

OneSuite Phone version 1.0.8.21 (HKLM-x32\...\{247969F9-4B17-47DB-9CDA-457D28BFAD9F}_is1) (Version: 1.0.8.21 - OneSuite Corporation)

oneworld Timetables (HKLM-x32\...\ONEWORLD) (Version: - )

P@H-Protocol (HKLM-x32\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)

ParetoLogic Data Recovery (HKLM-x32\...\{B1C2398C-6FAB-46D1-806C-5942F0829994}) (Version: 1.1.0 - ParetoLogic)

PDFZilla V1.2.9 (HKLM-x32\...\PDFZilla_is1) (Version: - PDFZilla, Inc.)

Power E*TRADE Pro (HKLM-x32\...\{7FFF37C7-94A1-4CC0-B9FE-907F7542999D}) (Version: - )

PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)

Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.9.16 - Intuit)

Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5780 - Realtek Semiconductor Corp.)

Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)

SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden

SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden

skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)

staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3600.200 - TuneUp Software)

TuneUp Utilities 2012 (x32 Version: 12.0.3600.200 - TuneUp Software) Hidden

TuneUp Utilities Language Pack (en-US) (x32 Version: 12.0.3600.200 - TuneUp Software) Hidden

TurboTax 2008 (HKLM-x32\...\TurboTax 2008) (Version: - )

TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version: - Intuit, Inc)

TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)

TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)

TurboTax Deluxe 2004 (HKLM-x32\...\TurboTax Deluxe 2004) (Version: - )

TurboTax Deluxe 2005 (HKLM-x32\...\TurboTax Deluxe 2005) (Version: - )

TurboTax Deluxe 2007 (HKLM-x32\...\TurboTax Deluxe 2007) (Version: - )

TurboTax Deluxe Deduction Maximizer 2006 (HKLM-x32\...\TurboTax Deluxe Deduction Maximizer 2006) (Version: - )

TurboTax ItsDeductible 2006 (HKLM-x32\...\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}) (Version: 10.00.0000 - Intuit)

Twacker 64 (HKLM\...\{1220ED8B-4383-4AD8-8C8D-B39801DF58D3}) (Version: 2.0.1 - TWAIN Working Group)

VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)

VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live OneCare safety scanner (HKLM-x32\...\Windows Live OneCare safety scanner) (Version: - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version: - )

Yahoo! Internet Mail (HKLM-x32\...\Yahoo! Mail) (Version: - )

Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)

CustomCLSID: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)

CustomCLSID: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-01-09 16:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06F5D0B8-77C6-496E-A8DD-BA6AE1253074} - System32\Tasks\{DD15EFC9-E0FB-4407-A27B-54FBD802206A} => C:\Program Files (x86)\Lexmark 3400 Series\lxcylpx.exe [2009-05-01] ()

Task: {0AD636A0-9C90-4384-906A-349CE863D196} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16

Task: {0B03CE8B-3380-4915-9413-0046E46F555A} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {0DFB4D9D-2E37-4739-8DD5-D43D9F22C74F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {0F49EE9C-82AC-4750-8A30-A5FAB7442C04} - System32\Tasks\{2FFC9F47-8A84-47C8-946F-AD71D943D5EC} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation)

Task: {19E33B81-6AC6-4F07-9F28-ABA930F5FC35} - System32\Tasks\{5D16388E-0F47-4E8B-8A3A-083704D8F977} => C:\Program Files (x86)\Lexmark 3400 Series\lxcylpx.exe [2009-05-01] ()

Task: {1DC2812C-13DF-43D6-B9A7-773FB601E505} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-17] (Google Inc.)

Task: {2063A408-5C3D-4C82-99F8-0A407883B2A8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-07] (AVAST Software)

Task: {21B4C4CF-7E9A-4918-9478-9B06D65E9A64} - System32\Tasks\{2F2DD988-9046-4D6D-A6AF-367DB9F1B4B6} => C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\ttax.exe [2008-03-05] (Intuit, Inc.)

Task: {2581E4DA-73FB-46CA-8CFF-E91223896777} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2013-12-11] (TuneUp Software)

Task: {287EEC02-1DED-4B6B-BA15-DBFF56C8E754} - System32\Tasks\{39CE76CA-A8D9-4BC9-8BBC-6BD235E4B3EF} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation)

Task: {2EA72069-9960-49C4-8E8A-0F7E8947ABA6} - System32\Tasks\{72CA87D4-B7D0-4568-8D70-4FB453AA42BA} => pcalua.exe -a C:\Users\Administrator\AppData\Local\temp\Temp1_R244364_RoxioBurn_v1.01_120B16F.zip\setup.exe

Task: {2F6F4E97-72DC-4266-8006-19A1D865457C} - System32\Tasks\DISK CLEANUP => C:\Windows\System32\cleanmgr.exe [2009-07-13] (Microsoft Corporation)

Task: {32AE6E00-7117-499B-9DDA-DAF3A82050EE} - System32\Tasks\{E44CB91F-1D82-4E8F-85B1-E42E2C911234} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation)

Task: {3806A751-7493-4193-A4B8-B05FFAF16BDF} - System32\Tasks\{200D7197-5970-4169-A4F3-F345CC8452FB} => pcalua.exe -a C:\Users\NewDesktop_3_2010\Desktop\install_easyshare.exe -d C:\Users\NewDesktop_3_2010\Desktop

Task: {38BA02C0-C315-4737-B404-D388038D7622} - System32\Tasks\{AE0BB1A0-72F0-4E38-8C04-8031AB99F902} => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe

Task: {3E0EE7E3-7FD4-43C0-8BA1-8822E3EB9C17} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.)

Task: {4032A799-6ED8-42CA-B6A6-BFD792409F4E} - System32\Tasks\{052C4A68-22BF-4B73-9BC4-5F9A88CB2208} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S3JPRFZF\20110310-003-i32[1].exe" -d C:\Users\NewDesktop_3_2010\Desktop

Task: {41E247AE-5646-4A06-82ED-9DB10B5186F9} - System32\Tasks\{F4F698A3-415F-418C-B509-0727AECB6579} => C:\Windows\twain_32\escndv\escndv.exe

Task: {447A36C9-50C2-4E45-AED0-44F74C90E5D7} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-29] (Symantec Corporation)

Task: {44E9F06F-CE1F-4A35-8FF9-CE17EE1DFCE7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

Task: {59939E4C-4ED7-4842-9E97-7C96A4F9A7FF} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {5D5D921F-7BC2-4D8F-B928-428075DBCB5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.)

Task: {77C9B7B4-7E6C-4378-9FBB-818D7293373B} - System32\Tasks\Google Updater and Installer => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-17] (Google Inc.)

Task: {7BE14C5D-CBAE-4BFF-B406-31E9D1D134F1} - System32\Tasks\{E96EC095-071A-4865-8584-154D5CA9663C} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZEBFJTN\PDFConverterSetup[1].exe" -d C:\Users\NewDesktop_3_2010\Desktop

Task: {7DA37FC9-4B70-4104-9E19-C3AA226BCAE4} - System32\Tasks\{F9A1CC91-BCF5-493A-8B79-52B1A3A885B3} => C:\Program Files (x86)\ATT-SST\pcBrowser.exe

Task: {811A7948-DF59-423C-A413-7597730A68BF} - System32\Tasks\{5B812AEE-82E3-44F3-B113-A31078F9ADF7} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VJ95BZHL\etradePro[1].exe" -d C:\Users\NewDesktop_3_2010\Desktop

Task: {82BC76BD-17D4-4580-BD21-3AC019CF5D6B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)

Task: {867962EE-E055-4A07-92D4-289291D69FED} - System32\Tasks\{3EE07BC5-6785-43D6-8C29-988C7713618C} => C:\Users\NewDesktop_3_2010\Desktop\TFC.exe [2014-02-18] (OldTimer Tools)

Task: {86BFC80C-CB31-4814-BC14-8CBAB5379F6B} - System32\Tasks\{FBBF8DFB-200C-4CE7-8343-A982E2F3C5E9} => C:\Program Files (x86)\Norton Utilities 14\nu.exe [2010-08-12] (Symantec Corporation)

Task: {8B5FA416-CD44-4E29-AD31-DE8CBBA8C7B3} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-29] (Symantec Corporation)

Task: {8D39C46A-0D4E-4FC3-BCFE-FFC04B4DB97F} - System32\Tasks\{4870BE4F-5098-405E-A2E6-4BA94B64623B} => C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\ttax.exe [2008-03-05] (Intuit, Inc.)

Task: {92E2BE4F-5661-41CE-9125-6D0350DC68C2} - System32\Tasks\{82BBECFE-07EA-42FB-BC0F-41C21A4EAA7C} => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe

Task: {96A0F7C6-E7D4-4FBA-9E6A-DD565F1F112C} - System32\Tasks\{9C7F4169-49BC-4208-AC96-59EA3C25081F} => pcalua.exe -a C:\ProgramData\Kodak\EasyShareSetup\$SETUP_1e0001_1f8b2f\Setup.exe -c /APR-REMOVE

Task: {9D0456E8-8F92-44EF-BE22-0C09B05C982B} - System32\Tasks\{8096403C-ECD0-4C43-9BB6-44373E694CAE} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation)

Task: {AAE95569-8449-4921-B7F1-B6765939C851} - System32\Tasks\CHECK DISK => C:\Windows\System32\chkdsk.exe [2009-07-13] (Microsoft Corporation)

Task: {AC00C3D9-0B84-44FE-8774-00330C4E1FC0} - System32\Tasks\{9836EE3C-E0D8-4292-B783-FB7C4CE84C52} => pcalua.exe -a "C:\Program Files (x86)\McAfee\MSC\mcuninst.exe"

Task: {ACF7FB82-2298-4377-AF18-AC3DEEA4002F} - System32\Tasks\{0F75C653-2955-4F67-9A71-54A93DE4AFD0} => pcalua.exe -a C:\lexmark\drivers\3400\Setup.exe -d C:\lexmark\drivers\3400

Task: {AF43C1AD-5FB4-433A-A577-D9B02EC74D58} - System32\Tasks\{12BD2777-6770-4212-8E63-CD3A721F3F2F} => C:\Windows\twain_32\escndv\escndv.exe

Task: {AF7EF77C-3273-4B57-9637-ED0C047F58E4} - System32\Tasks\{A3285852-6708-457A-8B6F-8ABF8468183D} => C:\Users\NewDesktop_3_2010\Desktop\TFC.exe [2014-02-18] (OldTimer Tools)

Task: {B484C23B-0289-480A-9B06-EC31C82B050B} - System32\Tasks\{E8619932-F191-4511-8042-210B0625E57B} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation)

Task: {B985710A-B0D4-4664-97B0-E916BD97E214} - System32\Tasks\{12A10945-3A63-456C-95FC-D7B2779E39B2} => pcalua.exe -a C:\Users\Administrator\AppData\Local\temp\Temp1_R220849.zip\Setup.exe

Task: {B9E16D06-6528-4388-A08E-C5FDFC6061DC} - System32\Tasks\{86CE0476-35FA-4F34-8AEC-DF3B82128371} => C:\Users\NewDesktop_3_2010\Desktop\TFC.exe [2014-02-18] (OldTimer Tools)

Task: {C0AAA828-2535-4174-9B99-5FC7AF4E6EE1} - System32\Tasks\{AB9D1BE6-0D13-459D-B61A-0368B050C8E9} => C:\Program Files (x86)\Norton Utilities 14\nu.exe [2010-08-12] (Symantec Corporation)

Task: {CA810F46-882E-43B4-8862-68C81B5BF193} - System32\Tasks\{D5A3ED5D-AA7F-4185-A839-051111E9D5E9} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALLYR477\epson12958[1].exe" -d C:\Users\NewDesktop_3_2010\Desktop

Task: {CC3FC713-2C39-42DA-9B52-02A86F3BFCB3} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns

Task: {D8C739D3-6AC8-4D2D-912B-A2D53425EB69} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)

Task: {E4E16228-5003-401C-892B-B63366A8968E} - System32\Tasks\{718BCC9E-6280-4FCF-B879-6DB95E977DE4} => C:\Windows\twain_32\escndv\escndv.exe

Task: {EF4862E3-615E-48EE-B09C-C8B3650C2076} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-28] (Adobe Systems Incorporated)

Task: {F3BE70BA-488A-4ECA-924D-3375E9705395} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-17] (Google Inc.)

Task: {F5A602B7-9464-4497-A394-A700D16FCC3C} - System32\Tasks\{E3391F16-6964-49A8-930A-03BBC6384DEF} => C:\Program Files (x86)\ATT-SST\pcBrowser.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\EasyShare Registration Task.job => ßåFï˜L‡oãµáFv<

sÀ €!ßÅ!C:\Windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16NewDesktop_3_20180Þ

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core.job => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA.job => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll

==================== Loaded Modules (whitelisted) =============

2014-01-22 16:44 - 2006-11-27 03:55 - 00144896 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxcypp6c.dll

2013-11-28 14:04 - 2013-11-24 12:56 - 03139072 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

2010-07-26 12:24 - 2010-07-26 12:24 - 00322784 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

2015-01-09 16:01 - 2015-01-09 16:01 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010901\algo.dll

2015-01-10 05:16 - 2015-01-10 05:16 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011000\algo.dll

2010-03-23 18:33 - 2010-03-23 18:33 - 00755712 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll

2010-03-23 18:50 - 2010-03-23 18:50 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

2010-03-27 14:36 - 2010-03-27 14:36 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll

2010-03-27 14:36 - 2010-03-27 14:36 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

2014-04-07 19:59 - 2014-04-07 19:59 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

2013-06-18 08:30 - 2012-05-30 09:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON IDENTITY SAFE\ENGINE\2013.4.0.10\wincfi39.dll

2009-04-09 18:04 - 2009-04-09 18:04 - 02141008 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll

2009-03-03 17:17 - 2009-03-03 17:17 - 07704400 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll

2009-04-22 16:53 - 2009-04-22 16:53 - 00969040 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll

2009-03-03 17:17 - 2009-03-03 17:17 - 00475472 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll

2009-03-03 17:17 - 2009-03-03 17:17 - 00363856 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll

2009-03-03 17:17 - 2009-03-03 17:17 - 00200016 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll

2010-10-29 15:01 - 2010-10-29 15:01 - 00027472 _____ () C:\Program Files (x86)\Logitech\Vid HD\SDL.dll

2009-03-03 17:17 - 2009-03-03 17:17 - 11311952 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll

2009-03-03 17:17 - 2009-03-03 17:17 - 00291664 _____ () C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll

2010-10-29 15:02 - 2010-10-29 15:02 - 00751616 _____ () C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll

2009-03-03 17:18 - 2009-03-03 17:18 - 00029008 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll

2009-03-03 17:18 - 2009-03-03 17:18 - 00035152 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll

2009-03-03 17:18 - 2009-03-03 17:18 - 00138064 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll

2015-01-07 13:40 - 2015-01-07 13:40 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-12-12 06:50 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-12 06:50 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

2010-07-26 12:25 - 2010-07-26 12:25 - 02887904 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll

2010-07-26 12:25 - 2010-07-26 12:25 - 00025824 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll

2010-04-05 13:52 - 2010-04-05 13:52 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL

2015-01-06 15:43 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll

2015-01-06 15:43 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

2011-02-23 16:24 - 2011-02-23 16:24 - 00406016 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Kfx.dll

2011-02-23 16:23 - 2011-02-23 16:23 - 00264192 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll

2011-02-23 16:21 - 2011-02-23 16:21 - 00356352 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll

2011-02-23 16:19 - 2011-02-23 16:19 - 00237568 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll

2011-02-23 16:38 - 2011-02-23 16:38 - 00234496 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx

2011-02-23 16:15 - 2011-02-23 16:15 - 00090112 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll

2010-01-27 09:28 - 2010-04-24 08:47 - 00078848 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx

2010-01-27 08:43 - 2010-04-24 08:47 - 00062464 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll

2006-03-07 09:05 - 2010-04-24 08:47 - 01564672 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll

2011-02-23 16:37 - 2011-02-23 16:37 - 00761856 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx

2011-02-23 16:17 - 2011-02-23 16:17 - 00152576 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx

2011-02-23 17:00 - 2011-02-23 17:00 - 00684032 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx

2011-02-23 16:24 - 2011-02-23 16:24 - 00084480 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll

2011-02-23 16:15 - 2011-02-23 16:15 - 00129536 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll

2011-02-23 17:55 - 2011-02-23 17:55 - 11503616 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx

2009-09-28 20:19 - 2010-04-24 08:47 - 00782336 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll

2009-09-28 20:19 - 2010-04-24 08:47 - 00868352 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll

2009-09-28 20:20 - 2010-04-24 08:47 - 00462848 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll

2009-09-28 20:19 - 2010-04-24 08:47 - 00155648 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll

2009-09-28 20:21 - 2010-04-24 08:47 - 00528384 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll

2009-09-28 20:20 - 2010-04-24 08:47 - 02236416 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll

2009-09-28 20:21 - 2010-04-24 08:47 - 00847872 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll

2009-09-28 20:21 - 2010-04-24 08:47 - 01396736 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll

2010-01-27 09:54 - 2010-04-24 08:47 - 00171520 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx

2010-01-27 09:18 - 2010-04-24 08:47 - 00052224 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll

2011-02-23 16:36 - 2011-02-23 16:36 - 00143360 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll

2011-02-23 16:15 - 2011-02-23 16:15 - 00084480 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx

2011-02-23 14:25 - 2011-02-23 14:25 - 00010240 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll

2011-02-23 18:02 - 2011-02-23 18:02 - 00339968 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx

2011-02-23 17:01 - 2011-02-23 17:01 - 00098304 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx

2010-01-27 10:01 - 2010-04-24 08:47 - 00315392 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx

2011-02-23 16:55 - 2011-02-23 16:55 - 00688128 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll

2011-02-23 18:00 - 2011-02-23 18:00 - 00471040 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll

2011-02-23 16:16 - 2011-02-23 16:16 - 00044544 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll

2013-10-06 11:26 - 2013-10-06 11:26 - 00442368 _____ () C:\Windows\assembly\GAC_32\WicFileFormat-PlatOpt\1.1.7323.4563__b0cfd8589c27b05f\WicFileFormat-PlatOpt.dll

2014-12-12 06:50 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D287FACF

AlternateDataStreams: C:\Users\NewDesktop_3_2010\Downloads\Microsoft..how did I get this SPAM on my email -----FW Dear yosoy4ever Your second chance in life just arrived.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AERTFilters => 2

MSCONFIG\Services: NIS => 2

MSCONFIG\Services: SeagateDashboardService => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: sprtsvc_DellSupportCenter => 2

MSCONFIG\startupreg: AirDroid 3 => C:\Program Files (x86)\AirDroid\AirDroid.exe /start

MSCONFIG\startupreg: ANIWZCS2Service => C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe

MSCONFIG\startupreg: DellSystemDetect => C:\Users\NewDesktop_3_2010\AppData\Local\Apps\2.0\T8MZ2MDX.M6Y\TCMN94HH.7XT\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe

MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe

MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

MSCONFIG\startupreg: lxcymon.exe => "C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe"

MSCONFIG\startupreg: Memeo AutoSync => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent

MSCONFIG\startupreg: Memeo Instant Backup => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui

MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui

========================= Accounts: ==========================

Administrator (S-1-5-21-4200233565-3368421019-1326646657-500 - Administrator - Enabled) => C:\Users\Administrator

Guest (S-1-5-21-4200233565-3368421019-1326646657-501 - Limited - Disabled)

NewDesktop_3_2010 (S-1-5-21-4200233565-3368421019-1326646657-1002 - Administrator - Enabled) => C:\Users\NewDesktop_3_2010

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (01/10/2015 11:43:15 AM) (Source: VSS) (EventID: 12292) (User: )

Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

].

Operation:

Obtain a callable interface for this provider

List interfaces for all providers supporting this context

Query Shadow Copies

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}

Snapshot Context: 13

Snapshot Context: 13

Execution Context: Coordinator

Error: (01/10/2015 11:43:15 AM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

]

Operation:

Obtain a callable interface for this provider

List interfaces for all providers supporting this context

Query Shadow Copies

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}

Snapshot Context: 13

Snapshot Context: 13

Execution Context: Coordinator

Error: (01/10/2015 00:00:08 AM) (Source: Windows Backup) (EventID: 4104) (User: )

Description: The backup was not successful. The error is: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031).

Error: (01/10/2015 00:00:08 AM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine GetProviderMgmtInterface. hr = 0x8004230f, The shadow copy provider had an unexpected error while trying to process the specified operation.

.

Error: (01/10/2015 00:00:08 AM) (Source: VSS) (EventID: 12292) (User: )

Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

].

Operation:

Obtain a callable interface for this provider

Obtaining provider management interface

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Class ID: {00000000-0000-0000-0000-000000000000}

Snapshot Context: -1

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (01/10/2015 00:00:08 AM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

]

Operation:

Obtain a callable interface for this provider

Obtaining provider management interface

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Class ID: {00000000-0000-0000-0000-000000000000}

Snapshot Context: -1

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (01/09/2015 04:49:32 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: AcroRd32.exe, version: 11.0.10.32, time stamp: 0x547e9779

Faulting module name: IA32.api_unloaded, version: 0.0.0.0, time stamp: 0x547e960b

Exception code: 0xc0000005

Fault offset: 0x74556d28

Faulting process id: 0x2a4

Faulting application start time: 0xAcroRd32.exe0

Faulting application path: AcroRd32.exe1

Faulting module path: AcroRd32.exe2

Report Id: AcroRd32.exe3

Error: (01/09/2015 04:41:14 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/09/2015 04:41:14 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/09/2015 04:22:15 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: PEV.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8

Faulting module name: PEV.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8

Exception code: 0x40000015

Fault offset: 0x0008d1c0

Faulting process id: 0x1ba8

Faulting application start time: 0xPEV.exe0

Faulting application path: PEV.exe1

Faulting module path: PEV.exe2

Report Id: PEV.exe3

System errors:

=============

Error: (01/09/2015 06:09:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:

%%1058

Error: (01/09/2015 06:09:16 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/09/2015 06:04:06 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: WMPNetworkSvc0x80070422

Error: (01/09/2015 04:54:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:

%%1058

Error: (01/09/2015 04:51:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Media Center Extender Service service depends on the SSDP Discovery service which failed to start because of the following error:

%%1058

Error: (01/09/2015 04:48:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Norton Identity Safe service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (01/09/2015 04:48:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).

Error: (01/09/2015 04:36:39 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: WMPNetworkSvc0x80070422

Error: (01/09/2015 04:36:38 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: WMPNetworkSvc0x80070422

Error: (01/09/2015 04:30:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Microsoft Office Sessions:

=========================

Error: (01/10/2015 11:43:15 AM) (Source: VSS) (EventID: 12292) (User: )

Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Operation:

Obtain a callable interface for this provider

List interfaces for all providers supporting this context

Query Shadow Copies

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}

Snapshot Context: 13

Snapshot Context: 13

Execution Context: Coordinator

Error: (01/10/2015 11:43:15 AM) (Source: VSS) (EventID: 13) (User: )

Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Operation:

Obtain a callable interface for this provider

List interfaces for all providers supporting this context

Query Shadow Copies

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}

Snapshot Context: 13

Snapshot Context: 13

Execution Context: Coordinator

Error: (01/10/2015 00:00:08 AM) (Source: Windows Backup) (EventID: 4104) (User: )

Description: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031)

Error: (01/10/2015 00:00:08 AM) (Source: VSS) (EventID: 8193) (User: )

Description: GetProviderMgmtInterface0x8004230f, The shadow copy provider had an unexpected error while trying to process the specified operation.

Error: (01/10/2015 00:00:08 AM) (Source: VSS) (EventID: 12292) (User: )

Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Operation:

Obtain a callable interface for this provider

Obtaining provider management interface

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Class ID: {00000000-0000-0000-0000-000000000000}

Snapshot Context: -1

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (01/10/2015 00:00:08 AM) (Source: VSS) (EventID: 13) (User: )

Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Operation:

Obtain a callable interface for this provider

Obtaining provider management interface

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Class ID: {00000000-0000-0000-0000-000000000000}

Snapshot Context: -1

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (01/09/2015 04:49:32 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: AcroRd32.exe11.0.10.32547e9779IA32.api_unloaded0.0.0.0547e960bc000000574556d282a401d02c561de27b92C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exeIA32.api64b6fe36-9849-11e4-accb-00256400cdd2

Error: (01/09/2015 04:41:14 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files\CCleaner\CCleaner64.exe

Error: (01/09/2015 04:41:14 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files\CCleaner\CCleaner64.exe

Error: (01/09/2015 04:22:15 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: PEV.exe0.0.0.04e06cfe8PEV.exe0.0.0.04e06cfe8400000150008d1c01ba801d02c52552ca979C:\ComboFix\PEV.exeC:\ComboFix\PEV.exe94ebd817-9845-11e4-accb-00256400cdd2

CodeIntegrity Errors:

===================================

Date: 2015-01-09 16:27:39.328

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-09 16:27:39.177

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-18 13:05:15.370

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-18 13:05:15.198

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-14 10:16:11.185

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-14 10:16:10.967

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Celeron® CPU 450 @ 2.20GHz

Percentage of memory in use: 77%

Total physical RAM: 4061.05 MB

Available physical RAM: 905.55 MB

Total Pagefile: 8120.29 MB

Available Pagefile: 3420.55 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:587.51 GB) (Free:530.32 GB) NTFS

Drive e: (TOSHIBA) (Removable) (Total:7.21 GB) (Free:7.12 GB) FAT32

Drive j: (FreeAgent GoFlex Drive) (Fixed) (Total:931.51 GB) (Free:901.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 58000000)

Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)

Partition 2: (Active) - (Size=8.6 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=587.5 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 7.2 GB) (Disk ID: 41AA157C)

Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B)

========================================================

Disk: 2 (Size: 931.5 GB) (Disk ID: E3FD5F1D)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Did you recognize these files?

2015-05-08 08:29 - 2015-05-08 08:29 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-HzwVgEwY.exe

2015-05-07 20:13 - 2015-05-07 20:13 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-vSkdxTR1.exe

Step 1

I notice that you are using more than one antivirus program.

  • Avast Free Antivirus
  • Norton Internet Security
This is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. Please uninstall one of them. I recommend you to keep Norton Internet Security. When you are ready, reboot your system.

Step 2

I saw some remnants from McAfee product. Please follow the instrutions from 2. Download and run the McAfee Consumer Product Removal (MCPR) tool:

https://service.mcafee.com/FAQDocument.aspx?id=TS101331

Step 3

Please update Malwarebytes Anti-Malware and perform a threat scan. Post the log file in your next reply here.

Step 4

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • fixlog log

fixlist.txt

Link to post
Share on other sites

Maniac...I am not sure you READ what I wrote above AND LOOKED AT THE DATE of the addition.txt file - is is BACK IN JANUARY, 2015 - when I had another maleware attack and got someone from the malewarebytes forum to help me FIX IT THEN I checked my c: drive and DO NOT FIND ANY AVAST OR McAFEE on my PC....they USE to be there, but are NO LONGER - so I CANNOT PERFORM STEPS one and two above. As regards to step 3 - I am currently running the malewarebytes threat scan AND WILL SEND YOU THE RESULTS IN ANOTHER REPLY WHEN IT IS COMPLETED - but when I did this the first time, that is when I found the PUP.Optional.Mindspark.A maleware and put it in QUARANTINE...when I ran a follow up Malewarebytes scan..it said all clear and nothing detected. My PC was still very slow and getting slower, so that is why I ran the SPYBOT and found ADDITIONAL maleware on my PC AND THAT IS WHEN I CONTACTED YOU. All this info was in what I wrote you above....so...........I have NOT performed Step 4 as you directed above, as I am not certain that what is in there AND "written specifically for my PC" - may screw up my PC even more if you are looking at my OLD addition.txt file. So please get back to me ASAP and tell me what to do NOW, AS MY PC IS STILL VERY SLOW and I am not certain that the malewarebytes scan is showing ALL THAT IS WRONG AND INFECTING MY PC. thank you. Susan Friday June 5, 2015 at 12:18 pm edst

Link to post
Share on other sites

Maniac: I went into my NOTEPAD and found "several files that were remnants of former Malewarebytes tech reps work" on ridding my PC of maleware back in 2013 and 2014 and 2015 and were NEVER REMOVED from the notepad - and realized THIS is why the addition.txt dated back to January, 2015 - so I deleted all these files from the NOTEPAD and ran FABAR again. Here is what was generated on this NEW scan - FRST.txt first:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015

Ran by NewDesktop_3_2010 (administrator) on NEWDESKTOP_3_10 on 05-06-2015 16:06:25

Running from C:\Users\NewDesktop_3_2010\Downloads

Loaded Profiles: NewDesktop_3_2010 (Available Profiles: NewDesktop_3_2010 & Administrator & DefaultAppPool)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 9 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe

(Microsoft Corporation) C:\Windows\System32\alg.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe

( ) C:\Windows\System32\lxcycoms.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe

(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe

(PC Tools) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe

(Microsoft Corporation) C:\Windows\System32\Locator.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe

(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe

(Logitech, Inc.) C:\Windows\LockStatusTray.exe

() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\nacl64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\nacl64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64 (5).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-07-26] (Memeo Inc.)

HKLM-x32\...\Run: [sSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-01-17] (Symantec Corporation)

HKLM-x32\...\Run: [LockStatusTray] => C:\Windows\LockStatusTray.exe [192512 2008-02-19] (Logitech, Inc.)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)

HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403224 2015-05-07] (Garmin Ltd. or its subsidiaries)

HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)

HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Policies\Explorer: [NoInstrumentation] 1

Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock.lnk [2014-01-22]

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk [2010-03-10]

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk [2010-03-10]

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk [2013-05-02]

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/

SearchScopes: HKLM -> {4FA2740A-3248-40EF-91AD-C4115EBE0A3C} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {5B6DF038-D9DD-484B-B484-F20DAD050321} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002 -> {E86B926B-C848-46AC-B13C-C8558AA4287A} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130937,20028,0,18,0

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle Corporation)

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)

BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll [2013-05-30] (Symantec Corporation)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll [2013-05-30] (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)

DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab

DPF: HKLM-x32 {15B782AF-55D8-11D1-B477-006097098764} https://lms.aa.com/sumtotal/nas/wbt/d/d1/cab/awswaxd.cab

DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: HKLM-x32 {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab

DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

DPF: HKLM-x32 {413D6754-BFD4-47FE-9346-319559290BFA} https://www.webpcfos.com/webpcfos/websabre/HTEweb_v.cab

DPF: HKLM-x32 {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab

DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB

DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-24] ()

FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-24] ()

FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @talk.google.com/O1DPlugin -> C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @tools.google.com/Google Update;version=3 -> C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)

FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @tools.google.com/Google Update;version=9 -> C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)

FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll [2012-07-24] (Amazon.com, Inc.)

FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC)

FF Plugin ProgramFiles/Appdata: C:\Users\NewDesktop_3_2010\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\NewDesktop_3_2010\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)

FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn

FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn [2015-06-05]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.2.0.31\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.2.0.31\coFFPlgn [2015-06-05]

Chrome:

=======

CHR Profile: C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (ShopAtHome.com) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2015-05-31]

CHR Extension: (Bookmark Manager) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-20]

CHR Extension: (Norton Identity Safe) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-21]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]

CHR Extension: (Skype Click to Call) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-31]

CHR Extension: (Hangouts) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-05-31]

CHR Extension: (Google Wallet) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]

CHR Extension: (Norton Security Toolbar) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-05-31]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\Exts\Chrome.crx [2013-06-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)

S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1150592 2014-01-17] (Symantec Corporation)

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]

R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [715784 2015-05-07] (Garmin Ltd. or its subsidiaries)

R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)

R2 lxcy_device; C:\Windows\system32\lxcycoms.exe [566192 2006-11-29] ( )

R2 lxcy_device; C:\Windows\SysWOW64\lxcycoms.exe [566192 2006-11-29] ( )

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)

R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe [282528 2015-04-01] (Symantec Corporation)

R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [795776 2014-01-17] (PC Tools)

S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1163904 2014-01-17] (Symantec Corporation)

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)

R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\BASHDefs\20150601.001\BHDrvx64.sys [1640152 2015-05-21] (Symantec Corporation)

R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1602000.01F\ccSetx64.sys [165080 2015-03-26] (Symantec Corporation)

R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\IPSDefs\20150604.001\IDSvia64.sys [684248 2015-05-25] (Symantec Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)

S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))

R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\VirusDefs\20150604.032\ENG64.SYS [129752 2014-11-15] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\VirusDefs\20150604.032\EX64.SYS [2137304 2014-11-15] (Symantec Corporation)

S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.)

R0 PxHlpa64; C:\Windows\SysWOW64\Drivers\PxHlpa64.sys [26720 2004-09-23] (Sonic Solutions) [File not signed]

R3 SRTSP; C:\Windows\system32\drivers\NSx64\1602000.01F\SRTSP64.SYS [916184 2015-03-26] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1602000.01F\SRTSPX64.SYS [42200 2015-03-26] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NSx64\1602000.01F\SYMDS64.SYS [490712 2015-03-26] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NSx64\1602000.01F\SYMEFA64.SYS [1151704 2015-03-26] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-05-21] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NSx64\1602000.01F\Ironx64.SYS [271576 2015-03-26] (Symantec Corporation)

R1 SymNetS; C:\Windows\system32\drivers\NSx64\1602000.01F\SYMNETS.SYS [565464 2015-03-26] (Symantec Corporation)

R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-08-10] (TuneUp Software)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]

S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-05 16:06 - 2015-06-05 16:06 - 00026244 _____ C:\Users\NewDesktop_3_2010\Downloads\FRST.txt

2015-06-05 16:05 - 2015-06-05 16:05 - 02108928 _____ (Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64 (5).exe

2015-06-05 14:49 - 2015-06-05 14:49 - 02108928 _____ (Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64 (4).exe

2015-06-05 02:55 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-06-05 02:55 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-06-05 02:55 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-06-05 02:55 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-06-05 02:55 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-06-05 02:55 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-06-05 02:55 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-06-05 02:55 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2015-06-04 00:45 - 2015-06-05 03:03 - 00047334 _____ C:\Windows\setupact.log

2015-06-04 00:45 - 2015-06-04 00:45 - 00000000 _____ C:\Windows\setuperr.log

2015-06-04 00:38 - 2015-06-04 00:38 - 02108928 _____ (Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64 (2).exe

2015-06-03 15:35 - 2015-06-03 15:35 - 00285327 _____ C:\Users\NewDesktop_3_2010\Downloads\HealthSummary20150603.zip

2015-06-03 13:54 - 2015-06-03 13:54 - 02108928 _____ (Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64 (1).exe

2015-06-03 02:02 - 2015-06-03 02:02 - 00005864 _____ C:\Windows\system32\cc_20150603_020213.reg

2015-06-02 16:29 - 2015-06-02 16:29 - 00285335 _____ C:\Users\NewDesktop_3_2010\Downloads\HealthSummary20150602.zip

2015-06-02 08:40 - 2015-06-02 08:40 - 00003762 _____ C:\Windows\System32\Tasks\ArcSoft Connect Daemon

2015-06-02 07:28 - 2015-06-02 15:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2015-06-02 07:28 - 2015-06-02 07:28 - 00001280 _____ C:\Users\NewDesktop_3_2010\Desktop\Spybot - Search & Destroy.lnk

2015-06-02 07:28 - 2015-06-02 07:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

2015-06-02 07:28 - 2015-06-02 07:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy

2015-06-02 07:26 - 2015-06-02 07:26 - 16409960 _____ (Safer Networking Limited ) C:\Users\NewDesktop_3_2010\Downloads\spybotsd162 (1).exe

2015-06-02 07:25 - 2015-06-02 07:26 - 16409960 _____ (Safer Networking Limited ) C:\Users\NewDesktop_3_2010\Downloads\spybotsd162.exe

2015-05-31 15:55 - 2015-06-05 09:24 - 00175330 _____ C:\Windows\WindowsUpdate.log

2015-05-31 15:54 - 2015-05-31 15:54 - 00081320 _____ C:\Users\NewDesktop_3_2010\AppData\Local\GDIPFONTCACHEV1.DAT

2015-05-31 15:48 - 2015-05-31 15:50 - 00000000 ____D C:\AdwCleaner

2015-05-31 15:42 - 2015-05-31 15:42 - 02223104 _____ C:\Users\NewDesktop_3_2010\Downloads\adwcleaner_4.205.exe

2015-05-28 16:51 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys

2015-05-28 16:35 - 2015-05-28 16:35 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{A7EDB781-4C87-4C1B-93B8-2BC47871B562}

2015-05-28 15:17 - 2015-05-28 15:17 - 00015139 _____ C:\Users\NewDesktop_3_2010\Downloads\KATRINA - I STILL HAVE NOT RECEIVED THE REQUESTED FORM, HAVE NOT RECEIVED ANY RESPONSE IN THE MAIL....RE Katrina - I need a copy of the TENANT AUTO INFORMATION FORM SENT TO ME ASAP (1).zip

2015-05-26 16:57 - 2015-05-26 16:57 - 06549184 _____ (Piriform Ltd) C:\Users\NewDesktop_3_2010\Downloads\ccsetup506.exe

2015-05-25 11:09 - 2015-05-25 11:09 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{E71D18C5-71DF-4AA7-B428-39CD7A2DDBA3}

2015-05-24 23:08 - 2015-05-24 23:08 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{D144978D-3187-4479-A82C-ADB43C10113B}

2015-05-24 11:07 - 2015-05-24 11:07 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{235E64BE-D04A-44C3-836C-0CBCE003941D}

2015-05-23 23:06 - 2015-05-23 23:06 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{BB63F625-D151-49FB-9016-0F7E181DCFDB}

2015-05-23 11:06 - 2015-05-23 11:06 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{1DF7316D-01C3-433D-9C80-684FF104037A}

2015-05-22 15:10 - 2015-05-22 15:10 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-igxRSQcK.exe

2015-05-22 15:09 - 2015-05-22 15:09 - 00000000 ____D C:\Program Files (x86)\Valassis

2015-05-22 15:06 - 2015-05-22 15:06 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-VZqT1rla.exe

2015-05-21 21:16 - 2015-05-21 21:16 - 00022839 _____ C:\Users\NewDesktop_3_2010\Downloads\Invoke Solutions may 21 2015 forum for one hundred sixty five dollars for one and a half hour online forum participation by EJO.html

2015-05-21 21:16 - 2015-05-21 21:16 - 00000000 ____D C:\Users\NewDesktop_3_2010\Downloads\Invoke Solutions may 21 2015 forum for one hundred sixty five dollars for one and a half hour online forum participation by EJO_files

2015-05-21 17:40 - 2015-05-21 17:40 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (9).exe

2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (8).exe

2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (7).exe

2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (6).exe

2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (5).exe

2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (4).exe

2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (3).exe

2015-05-21 17:35 - 2015-05-21 17:35 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (2).exe

2015-05-21 16:32 - 2015-05-21 16:32 - 00001088 _____ C:\Users\Public\Desktop\OneSuite Phone.lnk

2015-05-21 16:32 - 2015-05-21 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSuite

2015-05-21 16:32 - 2015-05-21 16:32 - 00000000 ____D C:\Program Files (x86)\OneSuite

2015-05-21 16:31 - 2015-05-21 16:31 - 10951142 _____ (OneSuite Corporation ) C:\Users\NewDesktop_3_2010\Downloads\ospsetup.exe

2015-05-21 16:31 - 2015-05-21 16:31 - 10951142 _____ (OneSuite Corporation ) C:\Users\NewDesktop_3_2010\Downloads\ospsetup (1).exe

2015-05-21 13:22 - 2015-05-21 13:22 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security

2015-05-21 13:18 - 2015-05-21 13:18 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration

2015-05-21 13:17 - 2015-05-21 13:17 - 00102616 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

2015-05-21 13:17 - 2015-05-21 13:17 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT

2015-05-21 13:17 - 2015-05-21 13:17 - 00002470 _____ C:\Users\Public\Desktop\Norton Security.lnk

2015-05-21 13:17 - 2015-05-21 13:17 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared

2015-05-21 13:15 - 2015-05-21 13:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security

2015-05-21 13:15 - 2015-05-21 13:15 - 00000000 ____D C:\Windows\system32\Drivers\NSx64

2015-05-21 13:15 - 2015-05-21 13:15 - 00000000 ____D C:\Program Files (x86)\Norton Security

2015-05-21 12:56 - 2015-05-21 13:02 - 01445376 _____ C:\Users\NewDesktop_3_2010\Desktop\ID Safe BackUp.DAT

2015-05-21 11:29 - 2015-05-21 11:29 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (24).exe

2015-05-21 11:29 - 2015-05-21 11:29 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (23).exe

2015-05-21 11:29 - 2015-05-21 11:29 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (22).exe

2015-05-18 14:20 - 2015-05-18 14:20 - 00015139 _____ C:\Users\NewDesktop_3_2010\Downloads\KATRINA - I STILL HAVE NOT RECEIVED THE REQUESTED FORM, HAVE NOT RECEIVED ANY RESPONSE IN THE MAIL....RE Katrina - I need a copy of the TENANT AUTO INFORMATION FORM SENT TO ME ASAP.zip

2015-05-16 14:05 - 2015-05-16 14:05 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{ADE026BA-C1E9-460A-A563-849768108DA5}

2015-05-13 03:03 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2015-05-13 03:03 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2015-05-13 00:46 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-05-13 00:46 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-05-13 00:46 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2015-05-13 00:46 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2015-05-13 00:46 - 2015-04-10 12:54 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-05-13 00:46 - 2015-04-10 12:44 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-05-13 00:46 - 2015-04-10 12:43 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-05-13 00:46 - 2015-04-10 12:43 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-05-13 00:46 - 2015-04-10 12:39 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-05-13 00:46 - 2015-04-10 12:39 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-05-13 00:46 - 2015-04-10 12:38 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-05-13 00:46 - 2015-04-10 12:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-05-13 00:46 - 2015-04-10 12:37 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-05-13 00:46 - 2015-04-10 12:37 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-05-13 00:46 - 2015-04-10 12:37 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-05-13 00:46 - 2015-04-10 12:37 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-05-13 00:46 - 2015-04-10 12:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-05-13 00:46 - 2015-04-10 12:37 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-05-13 00:46 - 2015-04-10 12:37 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-05-13 00:46 - 2015-04-10 12:37 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2015-05-13 00:46 - 2015-04-10 12:37 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-05-13 00:46 - 2015-04-10 12:37 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-05-13 00:46 - 2015-04-10 12:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-05-13 00:46 - 2015-04-10 12:37 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2015-05-13 00:46 - 2015-04-10 12:37 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2015-05-13 00:46 - 2015-04-10 12:36 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2015-05-13 00:46 - 2015-04-10 11:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-05-13 00:46 - 2015-04-10 11:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-05-13 00:46 - 2015-04-10 11:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-05-13 00:46 - 2015-04-10 11:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-05-13 00:46 - 2015-04-10 11:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-05-13 00:46 - 2015-04-10 11:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-05-13 00:46 - 2015-04-10 11:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-05-13 00:46 - 2015-04-10 11:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-05-13 00:46 - 2015-04-10 11:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-05-13 00:46 - 2015-04-10 11:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-05-13 00:46 - 2015-04-10 11:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-05-13 00:46 - 2015-04-10 11:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-05-13 00:46 - 2015-04-10 11:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2015-05-13 00:46 - 2015-04-10 11:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-05-13 00:46 - 2015-04-10 11:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-05-13 00:46 - 2015-04-10 11:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-05-13 00:46 - 2015-04-10 11:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-05-13 00:46 - 2015-04-10 11:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-05-13 00:46 - 2015-04-10 11:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-05-13 00:46 - 2015-04-10 11:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2015-05-13 00:46 - 2015-04-10 11:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2015-05-13 00:46 - 2015-04-10 11:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2015-05-13 00:45 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-05-13 00:45 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-05-13 00:45 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-05-13 00:45 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-05-13 00:45 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-05-13 00:45 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe

2015-05-13 00:45 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-05-13 00:45 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-05-13 00:45 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-05-13 00:45 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe

2015-05-13 00:45 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe

2015-05-13 00:45 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe

2015-05-13 00:45 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-05-13 00:45 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe

2015-05-13 00:45 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-05-13 00:45 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-05-13 00:45 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-05-13 00:45 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-05-13 00:45 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2015-05-13 00:45 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-05-13 00:45 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-05-13 00:45 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-05-13 00:45 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll

2015-05-13 00:45 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-05-13 00:45 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-05-13 00:45 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-05-13 00:45 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-05-13 00:45 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2015-05-13 00:45 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-05-13 00:45 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe

2015-05-13 00:45 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe

2015-05-13 00:45 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe

2015-05-13 00:45 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe

2015-05-13 00:45 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-05-13 00:45 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-05-13 00:45 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2015-05-13 00:45 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2015-05-13 00:45 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-05-13 00:45 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-05-13 00:45 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe

2015-05-13 00:45 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-05-13 00:45 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll

2015-05-13 00:45 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-05-13 00:45 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-05-13 00:45 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-05-13 00:45 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-05-13 00:45 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe

2015-05-13 00:44 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-05-13 00:44 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-05-13 00:44 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2015-05-13 00:44 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2015-05-13 00:44 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2015-05-13 00:44 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-05-13 00:44 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll

2015-05-13 00:44 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll

2015-05-13 00:44 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

2015-05-13 00:44 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

2015-05-13 00:44 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

2015-05-13 00:40 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll

2015-05-13 00:40 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll

2015-05-13 00:40 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe

2015-05-13 00:40 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll

2015-05-13 00:40 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll

2015-05-13 00:40 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll

2015-05-13 00:40 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe

2015-05-12 18:17 - 2015-05-12 18:17 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (16).exe

2015-05-12 18:13 - 2015-05-12 18:13 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (15).exe

2015-05-12 18:13 - 2015-05-12 18:13 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (14).exe

2015-05-12 12:52 - 2015-05-12 12:53 - 00003684 _____ C:\Users\NewDesktop_3_2010\Downloads\OPTIONSHOUSE_2015_TRANSACTIONS_AccountHistoryReport.csv

2015-05-12 12:28 - 2015-05-12 12:29 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\Garmin_Ltd._or_its_subsid

2015-05-12 12:26 - 2015-05-12 12:26 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask

2015-05-12 12:26 - 2015-05-12 12:26 - 00001892 _____ C:\Users\Public\Desktop\Garmin Express.lnk

2015-05-12 12:26 - 2015-05-12 12:26 - 00000000 ____D C:\ProgramData\Garmin

2015-05-12 12:21 - 2015-05-12 12:22 - 41023360 _____ (Garmin Ltd or its subsidiaries) C:\Users\NewDesktop_3_2010\Downloads\GarminExpress.exe

2015-05-12 09:57 - 2015-05-12 09:57 - 00005245 _____ C:\Users\NewDesktop_3_2010\Downloads\AccountHistoryReport.csv

2015-05-12 09:57 - 2015-05-12 09:57 - 00005245 _____ C:\Users\NewDesktop_3_2010\Downloads\AccountHistoryReport (1).csv

2015-05-08 08:29 - 2015-05-08 08:29 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-HzwVgEwY.exe

2015-05-07 20:13 - 2015-05-07 20:13 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-vSkdxTR1.exe

2015-05-06 19:58 - 2015-05-06 20:00 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64 (5).exe

2015-05-06 19:58 - 2015-05-06 20:00 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64 (4).exe

2015-05-06 19:58 - 2015-05-06 20:00 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64 (3).exe

2015-05-06 19:58 - 2015-05-06 19:58 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64 (2).exe

2015-05-06 19:58 - 2015-05-06 19:58 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64 (1).exe

2015-05-06 19:57 - 2015-05-06 19:57 - 43189344 _____ (Oracle Corporation) C:\Users\NewDesktop_3_2010\Downloads\jre-8u45-windows-x64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-05 16:06 - 2014-02-19 11:46 - 00000000 ____D C:\FRST

2015-06-05 15:48 - 2013-05-02 14:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-06-05 15:48 - 2011-02-21 11:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-06-05 15:26 - 2014-10-12 11:57 - 00000956 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA.job

2015-06-05 14:54 - 2010-03-16 21:13 - 00000000 ____D C:\Users\NewDesktop_3_2010

2015-06-05 13:51 - 2011-02-21 11:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-06-05 13:27 - 2014-12-28 11:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-06-05 11:42 - 2012-10-21 14:12 - 00000000 ____D C:\Program Files (x86)\Avanquest update

2015-06-05 11:42 - 2010-03-10 06:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2015-06-05 11:26 - 2014-10-12 11:57 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core.job

2015-06-05 09:19 - 2015-01-25 18:38 - 00000312 _____ C:\Windows\Tasks\NUAutoUpdate.job

2015-06-05 09:19 - 2010-03-15 22:23 - 00000000 ____D C:\ProgramData\TEMP

2015-06-05 09:18 - 2013-10-28 09:48 - 00000095 _____ C:\Users\NewDesktop_3_2010\.accessibility.properties

2015-06-05 03:11 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-06-05 03:11 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-06-05 03:03 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-06-05 03:02 - 2014-12-10 04:26 - 00000000 ____D C:\Windows\system32\appraiser

2015-06-05 03:02 - 2014-04-24 12:24 - 00000000 ___SD C:\Windows\system32\CompatTel

2015-06-05 03:00 - 2015-02-10 12:23 - 00000354 _____ C:\Windows\Tasks\SpeedDiskSchedule.job

2015-06-04 18:00 - 2012-11-07 15:21 - 00000490 _____ C:\Windows\Tasks\ParetoLogic Registration.job

2015-06-03 12:35 - 2010-04-07 08:42 - 09903104 ____R C:\Users\Public\Documents\ESBK.mbb

2015-06-03 12:35 - 2010-04-07 08:42 - 04922368 ____R C:\Users\Public\Documents\ESBK.mb

2015-06-02 11:16 - 2015-01-25 18:44 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Roaming\Norton Utilities 16

2015-06-02 08:39 - 2013-02-02 13:02 - 00003704 _____ C:\Windows\System32\Tasks\Java Update Scheduler

2015-06-02 08:39 - 2013-01-26 13:59 - 00003694 _____ C:\Windows\System32\Tasks\Adobe online update program

2015-06-02 07:54 - 2013-01-26 13:41 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2012

2015-05-31 19:22 - 2012-12-17 21:57 - 00004002 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9EC003F4-3A64-4D9A-B092-891289AE3404}

2015-05-31 14:57 - 2014-12-28 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-05-31 14:57 - 2014-12-28 11:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-05-31 08:58 - 2015-02-25 16:38 - 00000306 _____ C:\Windows\Tasks\NUSchedule.job

2015-05-31 08:58 - 2015-01-25 20:00 - 00074710 _____ C:\Windows\SysWOW64\AppLog.log

2015-05-27 09:18 - 2014-05-31 13:20 - 00000000 ___RD C:\Program Files (x86)\Skype

2015-05-27 08:49 - 2009-07-13 22:34 - 87031808 _____ C:\Windows\system32\config\software.rmbak

2015-05-27 08:49 - 2009-07-13 22:34 - 00532480 _____ C:\Windows\system32\config\default.rmbak

2015-05-27 08:35 - 2015-03-14 09:52 - 01093632 _____ C:\Users\Administrator\s-1-5-21-4200233565-3368421019-1326646657-500.rrr

2015-05-27 08:35 - 2014-01-22 17:11 - 00000000 ____D C:\Users\Administrator

2015-05-26 16:59 - 2013-05-03 11:55 - 00000000 ____D C:\Program Files\CCleaner

2015-05-25 17:16 - 2010-04-24 09:40 - 00000424 _____ C:\Windows\Tasks\EasyShare Registration Task.job

2015-05-22 19:06 - 2012-02-09 18:00 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\LogMeIn Rescue Applet

2015-05-21 13:22 - 2010-03-15 22:09 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton

2015-05-21 13:22 - 2010-03-15 22:09 - 00000000 ____D C:\ProgramData\Norton

2015-05-21 13:13 - 2012-02-11 19:10 - 00001309 _____ C:\Users\NewDesktop_3_2010\Desktop\Norton Installation Files.lnk

2015-05-21 13:13 - 2010-03-15 22:09 - 00000000 ____D C:\Users\Public\Downloads\Norton

2015-05-18 08:51 - 2013-05-14 14:05 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2015-05-16 14:08 - 2009-07-14 01:13 - 00862872 _____ C:\Windows\system32\PerfStringBackup.INI

2015-05-16 13:43 - 2011-02-21 11:35 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-05-16 13:43 - 2011-02-21 11:35 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-05-15 11:21 - 2014-10-12 11:57 - 00003950 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA

2015-05-15 11:21 - 2014-10-12 11:57 - 00003554 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core

2015-05-13 04:51 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

2015-05-13 03:49 - 2013-04-04 18:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2015-05-13 03:49 - 2013-04-04 18:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2015-05-13 03:49 - 2009-07-14 00:45 - 00340480 _____ C:\Windows\system32\FNTCACHE.DAT

2015-05-13 03:44 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal

2015-05-13 03:20 - 2013-08-08 12:56 - 00000000 ____D C:\Windows\system32\MRT

2015-05-13 03:08 - 2010-04-15 07:11 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-05-13 03:03 - 2013-04-04 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-05-12 12:28 - 2013-01-26 12:49 - 00000000 ____D C:\Program Files\DIFX

2015-05-12 12:27 - 2013-01-26 12:45 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Roaming\Garmin

2015-05-12 12:27 - 2013-01-26 12:45 - 00000000 ____D C:\Program Files (x86)\Garmin

2015-05-12 12:26 - 2013-01-26 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin

2015-05-12 12:25 - 2012-11-20 23:32 - 00000000 ____D C:\ProgramData\Package Cache

2015-05-06 19:59 - 2014-08-25 12:24 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2015-05-06 19:59 - 2014-08-25 12:24 - 00000000 ____D C:\Program Files\Java

2015-05-06 19:53 - 2013-10-28 01:46 - 00000000 ____D C:\ProgramData\Oracle

2015-05-06 19:52 - 2010-03-10 06:11 - 00000000 ____D C:\Program Files (x86)\Java

2015-05-06 19:49 - 2015-04-13 10:21 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-05-06 19:39 - 2011-11-29 09:56 - 00002037 _____ C:\Users\NewDesktop_3_2010\Desktop\E-TRADE Pro.lnk

==================== Files in the root of some directories =======

2010-03-17 18:43 - 2015-04-14 20:46 - 0001948 _____ () C:\Users\NewDesktop_3_2010\AppData\Roaming\wklnhst.dat

2014-05-25 01:04 - 2014-05-25 01:04 - 0893239 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\a.zip

2014-05-25 01:04 - 2014-05-25 01:04 - 2162416 _____ (Catalina Marketing Corp) C:\Users\NewDesktop_3_2010\AppData\Local\BcsKtYcHW.dll

2013-12-13 08:35 - 2013-12-13 08:36 - 0007605 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\Resmon.ResmonCfg

2011-10-16 14:03 - 2011-10-16 14:03 - 0000000 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\{62C84699-B853-4384-BF6C-E456B46B3F4F}

2011-08-10 22:57 - 2011-08-10 22:57 - 0000000 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\{FDF947EE-4675-4262-A24B-4D2DE1711DBD}

2012-04-11 18:44 - 2012-04-13 09:54 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-04 01:15

==================== End of log ============================

Link to post
Share on other sites

Maniac: here is the NEW addition.txt scan results from today's scan - Friday, June 5, 2015: Please let ME KNOW what you want me to do next. Thank you for your continued HELP and I hope this NEW CURRENT SCAN RESULTS will aid you in figuring out what plagues my PC. Regards, Susan

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015

Ran by NewDesktop_3_2010 at 2015-06-05 16:10:17

Running from C:\Users\NewDesktop_3_2010\Downloads

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4200233565-3368421019-1326646657-500 - Administrator - Enabled) => C:\Users\Administrator

Guest (S-1-5-21-4200233565-3368421019-1326646657-501 - Limited - Disabled)

NewDesktop_3_2010 (S-1-5-21-4200233565-3368421019-1326646657-1002 - Administrator - Enabled) => C:\Users\NewDesktop_3_2010

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}

FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)

Amazon Cloud Player (HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Amazon Amazon Cloud Player) (Version: 2.1.0.381 - Amazon Services LLC)

Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)

AnswerWorks 4.0 Runtime - English (HKLM-x32\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)

AnswerWorks 5.0 English Runtime (HKLM-x32\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics)

AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)

ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft)

ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft)

ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)

ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft)

ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft)

ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft)

ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)

CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden

CardRd81 (x32 Version: 4.00.0000.0004 - EASTMAN KODAK Company) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)

CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.4.0 - Conexant)

CR2 (x32 Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)

Dell Driver Download Manager (HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)

Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)

Elevated Installer (x32 Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Hidden

EPSON Printer Software (HKLM-x32\...\EPSON Printer and Utilities) (Version: - )

erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden

ESScore (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden

ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden

ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden

ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden

essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden

Garmin Express (HKLM-x32\...\{cc3a3e9f-5960-4162-9538-497b3a82b52e}) (Version: 4.0.20.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)

Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)

Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden

GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)

Graboid Video 3.58 (HKLM-x32\...\Graboid Video) (Version: 3.58 - Graboid Inc.)

Graboid Video 3.58 Setup (HKLM-x32\...\{bcb1ff51-51a4-4048-b534-3a9b3aa4acce}) (Version: 3.5.8 - FUSENET)

IBM ViaVoice Integration With 1-2-3 (HKLM-x32\...\IBM ViaVoice Integration With 123) (Version: - )

IBM ViaVoice Outloud Runtime - US English (HKLM-x32\...\VV_Outloud_En_US) (Version: - )

IBM ViaVoice Technology, Dictation Runtime 5.3 (HKLM-x32\...\DeleteProdRunDictate_US) (Version: - )

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)

Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )

ItsDeductible Express (HKLM-x32\...\{36495C59-089C-49D1-BD15-9E5BD86DC9A1}) (Version: 1.00.0000 - Intuit)

Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)

Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Keyboard Lock Status (HKLM-x32\...\{144A1586-E16C-448D-910D-E12ACD65DD98}) (Version: 1.00.0000 - Logitech)

Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)

Lexmark 3400 Series (HKLM\...\Lexmark 3400 Series) (Version: - Lexmark International, Inc.)

LifeScan USB Device Driver vSL2.0 (Driver Removal) (HKLM-x32\...\LFSVCOMM&10C4&85A7) (Version: - LifeScan Inc)

Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)

Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)

Lotus 1-2-3 (HKLM-x32\...\123Suite V99.0) (Version: - )

LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden

Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)

Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)

Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)

Media Go Video Playback Engine 2.12.105.06300 (HKLM-x32\...\{14BF28ED-011F-64B1-F830-A5D351E6ACDB}) (Version: 2.12.105.06300 - Sony)

Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7494 - Memeo Inc.)

Meter Drivers for OneTouch® Software (x32 Version: 1.10.0.0 - LifeScan) Hidden

Meter Drivers for OneTouch® Software (x32 Version: 1.9.1.0 - LifeScan) Hidden

Meter Drivers for OneTouch® Software v1.10.0.0 (HKLM-x32\...\InstallShield_{A2C173E1-FB29-4B31-8ED6-CBEE8025E00A}) (Version: 1.10.0.0 - LifeScan)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Easy Assist v2 (HKLM-x32\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation)

Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.4276.0) (Version: 4.0.4276.0 - Microsoft Corporation)

Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{64C12304-7010-43F3-A25B-BDC38DE41E46}) (Version: 4.0.4276.0 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden

Norton Identity Safe (HKLM-x32\...\NST) (Version: 2013.4.0.10 - Symantec Corporation)

Norton Security (HKLM-x32\...\NS) (Version: 22.2.0.31 - Symantec Corporation)

Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation)

novaPDF Professional Desktop 7.5 printer (HKLM\...\novaPDF Professional Desktop 7 printer_is1) (Version: - Softland)

OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden

OneSuite Phone version 1.0.8.21 (HKLM-x32\...\{247969F9-4B17-47DB-9CDA-457D28BFAD9F}_is1) (Version: 1.0.8.21 - OneSuite Corporation)

OneTouch Software (HKLM-x32\...\{82FEBE5D-61EC-4365-A213-2B278780945E}) (Version: - )

oneworld Timetables (HKLM-x32\...\ONEWORLD) (Version: - )

P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)

ParetoLogic Data Recovery (HKLM-x32\...\{B1C2398C-6FAB-46D1-806C-5942F0829994}) (Version: 1.1.0 - ParetoLogic)

PDFZilla V1.2.9 (HKLM-x32\...\PDFZilla_is1) (Version: - PDFZilla, Inc.)

PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)

Power E*TRADE Pro (HKLM-x32\...\{7FFF37C7-94A1-4CC0-B9FE-907F7542999D}) (Version: - )

PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)

Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.9.16 - Intuit)

Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5780 - Realtek Semiconductor Corp.)

Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)

SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden

SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden

skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)

staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3600.200 - TuneUp Software)

TuneUp Utilities 2012 (x32 Version: 12.0.3600.200 - TuneUp Software) Hidden

TuneUp Utilities Language Pack (en-US) (x32 Version: 12.0.3600.200 - TuneUp Software) Hidden

TurboTax 2008 (HKLM-x32\...\TurboTax 2008) (Version: - )

TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version: - Intuit, Inc)

TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)

TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)

TurboTax Deluxe 2004 (HKLM-x32\...\TurboTax Deluxe 2004) (Version: - )

TurboTax Deluxe 2005 (HKLM-x32\...\TurboTax Deluxe 2005) (Version: - )

TurboTax Deluxe 2007 (HKLM-x32\...\TurboTax Deluxe 2007) (Version: - )

TurboTax Deluxe Deduction Maximizer 2006 (HKLM-x32\...\TurboTax Deluxe Deduction Maximizer 2006) (Version: - )

TurboTax ItsDeductible 2006 (HKLM-x32\...\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}) (Version: 10.00.0000 - Intuit)

Twacker 64 (HKLM\...\{1220ED8B-4383-4AD8-8C8D-B39801DF58D3}) (Version: 2.0.1 - TWAIN Working Group)

VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)

VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live OneCare safety scanner (HKLM-x32\...\Windows Live OneCare safety scanner) (Version: - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version: - )

Yahoo! Internet Mail (HKLM-x32\...\Yahoo! Mail) (Version: - )

Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)

CustomCLSID: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)

CustomCLSID: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-01-09 17:29 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {066B9166-C70A-40CB-83AE-904B64B52301} - System32\Tasks\SpeedDiskSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe [2014-01-17] ()

Task: {06F5D0B8-77C6-496E-A8DD-BA6AE1253074} - System32\Tasks\{DD15EFC9-E0FB-4407-A27B-54FBD802206A} => C:\Program Files (x86)\Lexmark 3400 Series\lxcylpx.exe [2009-05-01] ()

Task: {0AD636A0-9C90-4384-906A-349CE863D196} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16

Task: {0F49EE9C-82AC-4750-8A30-A5FAB7442C04} - System32\Tasks\{2FFC9F47-8A84-47C8-946F-AD71D943D5EC} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation)

Task: {19E33B81-6AC6-4F07-9F28-ABA930F5FC35} - System32\Tasks\{5D16388E-0F47-4E8B-8A3A-083704D8F977} => C:\Program Files (x86)\Lexmark 3400 Series\lxcylpx.exe [2009-05-01] ()

Task: {1DC2812C-13DF-43D6-B9A7-773FB601E505} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-17] (Google Inc.)

Task: {2063A408-5C3D-4C82-99F8-0A407883B2A8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

Task: {21B4C4CF-7E9A-4918-9478-9B06D65E9A64} - System32\Tasks\{2F2DD988-9046-4D6D-A6AF-367DB9F1B4B6} => C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\ttax.exe [2008-03-06] (Intuit, Inc.)

Task: {2581E4DA-73FB-46CA-8CFF-E91223896777} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2013-12-11] (TuneUp Software)

Task: {287EEC02-1DED-4B6B-BA15-DBFF56C8E754} - System32\Tasks\{39CE76CA-A8D9-4BC9-8BBC-6BD235E4B3EF} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation)

Task: {2EA72069-9960-49C4-8E8A-0F7E8947ABA6} - System32\Tasks\{72CA87D4-B7D0-4568-8D70-4FB453AA42BA} => pcalua.exe -a C:\Users\Administrator\AppData\Local\temp\Temp1_R244364_RoxioBurn_v1.01_120B16F.zip\setup.exe

Task: {2F6F4E97-72DC-4266-8006-19A1D865457C} - System32\Tasks\DISK CLEANUP => C:\Windows\System32\cleanmgr.exe [2009-07-13] (Microsoft Corporation)

Task: {32AE6E00-7117-499B-9DDA-DAF3A82050EE} - System32\Tasks\{E44CB91F-1D82-4E8F-85B1-E42E2C911234} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation)

Task: {3806A751-7493-4193-A4B8-B05FFAF16BDF} - System32\Tasks\{200D7197-5970-4169-A4F3-F345CC8452FB} => pcalua.exe -a C:\Users\NewDesktop_3_2010\Desktop\install_easyshare.exe -d C:\Users\NewDesktop_3_2010\Desktop

Task: {38BA02C0-C315-4737-B404-D388038D7622} - System32\Tasks\{AE0BB1A0-72F0-4E38-8C04-8031AB99F902} => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe

Task: {396B2401-18BC-472A-893A-C787CB1602A9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)

Task: {3E0EE7E3-7FD4-43C0-8BA1-8822E3EB9C17} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.)

Task: {4032A799-6ED8-42CA-B6A6-BFD792409F4E} - System32\Tasks\{052C4A68-22BF-4B73-9BC4-5F9A88CB2208} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S3JPRFZF\20110310-003-i32[1].exe" -d C:\Users\NewDesktop_3_2010\Desktop

Task: {41E247AE-5646-4A06-82ED-9DB10B5186F9} - System32\Tasks\{F4F698A3-415F-418C-B509-0727AECB6579} => C:\Windows\twain_32\escndv\escndv.exe

Task: {447A36C9-50C2-4E45-AED0-44F74C90E5D7} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-29] (Symantec Corporation)

Task: {44E9F06F-CE1F-4A35-8FF9-CE17EE1DFCE7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)

Task: {45599F81-2FA9-49B5-A0BD-43EE70B58749} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

Task: {533999ED-C610-465B-98B4-6B38B4FB844B} - System32\Tasks\NUAutoUpdate => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2015-04-03] (Symantec)

Task: {59939E4C-4ED7-4842-9E97-7C96A4F9A7FF} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {5D5D921F-7BC2-4D8F-B928-428075DBCB5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.)

Task: {75DA6122-A062-4AE5-85F0-8ACB068B205C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\WSCStub.exe [2015-04-01] (Symantec Corporation)

Task: {77C9B7B4-7E6C-4378-9FBB-818D7293373B} - System32\Tasks\Google Updater and Installer => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-17] (Google Inc.)

Task: {7B1D529E-7123-4E41-AA6E-6E8EAACBA10A} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)

Task: {7BE14C5D-CBAE-4BFF-B406-31E9D1D134F1} - System32\Tasks\{E96EC095-071A-4865-8584-154D5CA9663C} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZEBFJTN\PDFConverterSetup[1].exe" -d C:\Users\NewDesktop_3_2010\Desktop

Task: {7DA37FC9-4B70-4104-9E19-C3AA226BCAE4} - System32\Tasks\{F9A1CC91-BCF5-493A-8B79-52B1A3A885B3} => C:\Program Files (x86)\ATT-SST\pcBrowser.exe

Task: {811A7948-DF59-423C-A413-7597730A68BF} - System32\Tasks\{5B812AEE-82E3-44F3-B113-A31078F9ADF7} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VJ95BZHL\etradePro[1].exe" -d C:\Users\NewDesktop_3_2010\Desktop

Task: {867962EE-E055-4A07-92D4-289291D69FED} - System32\Tasks\{3EE07BC5-6785-43D6-8C29-988C7713618C} => C:\Users\NewDesktop_3_2010\Desktop\TFC.exe [2014-02-18] (OldTimer Tools)

Task: {86BFC80C-CB31-4814-BC14-8CBAB5379F6B} - System32\Tasks\{FBBF8DFB-200C-4CE7-8343-A982E2F3C5E9} => C:\Program Files (x86)\Norton Utilities 14\nu.exe

Task: {8B5FA416-CD44-4E29-AD31-DE8CBBA8C7B3} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-29] (Symantec Corporation)

Task: {8D39C46A-0D4E-4FC3-BCFE-FFC04B4DB97F} - System32\Tasks\{4870BE4F-5098-405E-A2E6-4BA94B64623B} => C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\ttax.exe [2008-03-06] (Intuit, Inc.)

Task: {92E2BE4F-5661-41CE-9125-6D0350DC68C2} - System32\Tasks\{82BBECFE-07EA-42FB-BC0F-41C21A4EAA7C} => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe

Task: {96A0F7C6-E7D4-4FBA-9E6A-DD565F1F112C} - System32\Tasks\{9C7F4169-49BC-4208-AC96-59EA3C25081F} => pcalua.exe -a C:\ProgramData\Kodak\EasyShareSetup\$SETUP_1e0001_1f8b2f\Setup.exe -c /APR-REMOVE

Task: {9D0456E8-8F92-44EF-BE22-0C09B05C982B} - System32\Tasks\{8096403C-ECD0-4C43-9BB6-44373E694CAE} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation)

Task: {AAE95569-8449-4921-B7F1-B6765939C851} - System32\Tasks\CHECK DISK => C:\Windows\System32\chkdsk.exe [2009-07-13] (Microsoft Corporation)

Task: {AC00C3D9-0B84-44FE-8774-00330C4E1FC0} - System32\Tasks\{9836EE3C-E0D8-4292-B783-FB7C4CE84C52} => pcalua.exe -a "C:\Program Files (x86)\McAfee\MSC\mcuninst.exe"

Task: {ACF7FB82-2298-4377-AF18-AC3DEEA4002F} - System32\Tasks\{0F75C653-2955-4F67-9A71-54A93DE4AFD0} => pcalua.exe -a C:\lexmark\drivers\3400\Setup.exe -d C:\lexmark\drivers\3400

Task: {AF42F048-C0C7-45FE-B1EC-A53027470CAA} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-03-26] (Microsoft Corporation)

Task: {AF43C1AD-5FB4-433A-A577-D9B02EC74D58} - System32\Tasks\{12BD2777-6770-4212-8E63-CD3A721F3F2F} => C:\Windows\twain_32\escndv\escndv.exe

Task: {AF7EF77C-3273-4B57-9637-ED0C047F58E4} - System32\Tasks\{A3285852-6708-457A-8B6F-8ABF8468183D} => C:\Users\NewDesktop_3_2010\Desktop\TFC.exe [2014-02-18] (OldTimer Tools)

Task: {B484C23B-0289-480A-9B06-EC31C82B050B} - System32\Tasks\{E8619932-F191-4511-8042-210B0625E57B} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2010-08-16] (Microsoft Corporation)

Task: {B985710A-B0D4-4664-97B0-E916BD97E214} - System32\Tasks\{12A10945-3A63-456C-95FC-D7B2779E39B2} => pcalua.exe -a C:\Users\Administrator\AppData\Local\temp\Temp1_R220849.zip\Setup.exe

Task: {B9E16D06-6528-4388-A08E-C5FDFC6061DC} - System32\Tasks\{86CE0476-35FA-4F34-8AEC-DF3B82128371} => C:\Users\NewDesktop_3_2010\Desktop\TFC.exe [2014-02-18] (OldTimer Tools)

Task: {BA1FF7D9-A329-4098-B80C-F1B9A286BEBE} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.)

Task: {C0AAA828-2535-4174-9B99-5FC7AF4E6EE1} - System32\Tasks\{AB9D1BE6-0D13-459D-B61A-0368B050C8E9} => C:\Program Files (x86)\Norton Utilities 14\nu.exe

Task: {CA810F46-882E-43B4-8862-68C81B5BF193} - System32\Tasks\{D5A3ED5D-AA7F-4185-A839-051111E9D5E9} => pcalua.exe -a "C:\Users\NewDesktop_3_2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALLYR477\epson12958[1].exe" -d C:\Users\NewDesktop_3_2010\Desktop

Task: {CBEB0860-B42A-487F-A00B-63B204D3DA32} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-05-07] ()

Task: {CC3FC713-2C39-42DA-9B52-02A86F3BFCB3} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns

Task: {D6BB517A-36E0-481D-9F39-DBC02E3B8492} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

Task: {D8C739D3-6AC8-4D2D-912B-A2D53425EB69} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30] (Oracle Corporation)

Task: {DA32E81E-02F0-4042-908F-64AE15E8C519} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

Task: {E007B6CE-5360-4676-8718-577302FA59EB} - System32\Tasks\NUSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe [2015-04-03] (Symantec)

Task: {E4E16228-5003-401C-892B-B63366A8968E} - System32\Tasks\{718BCC9E-6280-4FCF-B879-6DB95E977DE4} => C:\Windows\twain_32\escndv\escndv.exe

Task: {EF4862E3-615E-48EE-B09C-C8B3650C2076} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-24] (Adobe Systems Incorporated)

Task: {EFDF39F2-DE1F-4EBA-A691-0D273D70D974} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\SymErr.exe [2015-02-25] (Symantec Corporation)

Task: {F3BE70BA-488A-4ECA-924D-3375E9705395} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-17] (Google Inc.)

Task: {F5A602B7-9464-4497-A394-A700D16FCC3C} - System32\Tasks\{E3391F16-6964-49A8-930A-03BBC6384DEF} => C:\Program Files (x86)\ATT-SST\pcBrowser.exe

Task: {FC6DFFBA-69CB-43EC-9E59-5B273E945793} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\SymErr.exe [2015-02-25] (Symantec Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\EasyShare Registration Task.job => C:\Windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core.job => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA.job => C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\NUAutoUpdate.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe

Task: C:\Windows\Tasks\NUSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe

Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Windows\system32\rundll32.exeFC:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll

Task: C:\Windows\Tasks\SpeedDiskSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe

==================== Loaded Modules (Whitelisted) ==============

2014-01-22 17:44 - 2006-11-27 04:55 - 00144896 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxcypp6c.dll

2010-07-26 13:24 - 2010-07-26 13:24 - 00322784 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

2010-03-23 19:33 - 2010-03-23 19:33 - 00755712 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll

2010-03-23 19:50 - 2010-03-23 19:50 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

2010-03-27 15:36 - 2010-03-27 15:36 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll

2010-03-27 15:36 - 2010-03-27 15:36 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

2014-04-07 20:59 - 2014-04-07 20:59 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

2013-06-18 09:30 - 2012-05-30 10:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON IDENTITY SAFE\ENGINE\2013.4.0.10\wincfi39.dll

2010-07-26 13:25 - 2010-07-26 13:25 - 02887904 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll

2010-07-26 13:25 - 2010-07-26 13:25 - 00025824 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll

2010-04-05 14:52 - 2010-04-05 14:52 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL

2015-01-06 16:43 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll

2015-01-06 16:43 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

2015-05-25 16:02 - 2015-05-22 16:22 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1

AlternateDataStreams: C:\ProgramData\TEMP:D287FACF

AlternateDataStreams: C:\Users\NewDesktop_3_2010\Downloads\Microsoft..how did I get this SPAM on my email -----FW Dear yosoy4ever Your second chance in life just arrived.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\dell.com -> dell.com

IE trusted site: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\intuit.com -> hxxps://ttlc.intuit.com

IE trusted site: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\turbotax.com -> hxxps://turbotax.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Control Panel\Desktop\\Wallpaper ->

DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AERTFilters => 2

MSCONFIG\Services: NIS => 2

MSCONFIG\Services: SeagateDashboardService => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: sprtsvc_DellSupportCenter => 2

MSCONFIG\startupreg: AirDroid 3 => C:\Program Files (x86)\AirDroid\AirDroid.exe /start

MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\NewDesktop_3_2010\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"

MSCONFIG\startupreg: ANIWZCS2Service =>

MSCONFIG\startupreg: DellSystemDetect => C:\Users\NewDesktop_3_2010\AppData\Local\Apps\2.0\T8MZ2MDX.M6Y\TCMN94HH.7XT\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe

MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe

MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode

MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

MSCONFIG\startupreg: lxcymon.exe => "C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe"

MSCONFIG\startupreg: Memeo AutoSync =>

MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

MSCONFIG\startupreg: Seagate Dashboard =>

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{39BD6CA7-9CD1-48C1-95C2-10444ED618BF}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe

FirewallRules: [{3FB76DFF-EBB9-4BA5-88CA-A6199C0C675F}] => (Allow) svchost.exe

FirewallRules: [{B522A32F-6301-45BF-8FBC-5461BC08CB91}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

FirewallRules: [{CAC72440-BBB5-4475-A247-770AC3632843}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe

FirewallRules: [{42231713-5B92-49DB-902F-6DA081B9B605}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2006\32bit\ttax.exe

FirewallRules: [{534517E8-E27B-4FC1-9500-18B94636FDD5}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2006\32bit\ttax.exe

FirewallRules: [{ECBB1604-6636-4DF5-A822-A029228C9AC0}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2006\32bit\updatemgr.exe

FirewallRules: [{E255D111-1439-4DD2-8FE0-57BCA86A2A08}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2006\32bit\updatemgr.exe

FirewallRules: [{64BCD54E-B280-4429-8909-F2555F1B0AA9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{D9955E32-6C92-4D70-8CC6-C5C7278EF345}] => (Allow) LPort=2869

FirewallRules: [{2EC73EB3-D831-48E1-A91E-D84C9D2FA9D7}] => (Allow) LPort=1900

FirewallRules: [{99F55E0D-3635-4542-889F-6F6A4F8F3047}] => (Allow) C:\Windows\SysWOW64\lxcycoms.exe

FirewallRules: [{DF71FD38-ACC0-4DF7-8ACF-A56D52B79DDA}] => (Allow) C:\Windows\SysWOW64\lxcycoms.exe

FirewallRules: [{716F09CC-AB70-4AB4-8FE9-CD2F295A6954}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\ttax.exe

FirewallRules: [{5CF9E526-F3BA-4A62-A694-E530BE1E4812}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\ttax.exe

FirewallRules: [{14F8EC0D-4110-4AEB-BF0C-A5C8000291DB}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\updatemgr.exe

FirewallRules: [{F703DADD-5004-4900-8C15-6FFEED46FB95}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2007\32bit\updatemgr.exe

FirewallRules: [{B3B99210-BCB7-4332-B3F2-668AFDCDF8F5}] => (Allow) C:\Windows\System32\lxcycoms.exe

FirewallRules: [{91813F2D-474C-49BF-BCD6-3266F1EAD0D0}] => (Allow) C:\Windows\System32\lxcycoms.exe

FirewallRules: [{C05BD69A-007C-4ECF-91FC-BB487BF68A2C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

FirewallRules: [{1A9763F0-098A-48FE-A8CF-0C0C53D82ADC}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

FirewallRules: [{5A99AF40-76E7-4A62-988C-19AA8F44DAEE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{51189F90-43B2-4450-A804-9A6A04EE68FC}] => (Allow) LPort=135

FirewallRules: [{7F1D20C8-5F66-4EE0-8C92-16C981E1B69D}] => (Allow) LPort=5000

FirewallRules: [{ACA4F026-A28D-44CC-8DF4-FF0111238313}] => (Allow) LPort=5001

FirewallRules: [{5C94E9D1-9323-40C5-BFDB-135626390B9B}] => (Allow) LPort=5002

FirewallRules: [{B20C4E3A-DB0E-46AC-B1FE-E67B391B6000}] => (Allow) LPort=5003

FirewallRules: [{99D24B1D-1646-4C47-BB3D-0D60E7C8F5E4}] => (Allow) LPort=5004

FirewallRules: [{6E6A81C8-D294-4E5D-B64E-DC1879FF9393}] => (Allow) LPort=5005

FirewallRules: [{2F9F6FFF-333C-4C32-A9B2-339CC3603096}] => (Allow) LPort=5006

FirewallRules: [{AA724DE6-A804-4BE0-A2B3-574289B0C1A6}] => (Allow) LPort=5007

FirewallRules: [{EE3A7638-F2A4-4C6E-8799-81A3C4861571}] => (Allow) LPort=5008

FirewallRules: [{8DE1D6F9-8A84-4450-BB41-0BF07F5D6EF6}] => (Allow) LPort=5009

FirewallRules: [{33582DBA-10D9-4CAE-92B6-F109E39D9C3A}] => (Allow) LPort=5010

FirewallRules: [{25B8D8B0-7BA9-4DDF-8CE4-F0462DBB3695}] => (Allow) LPort=5011

FirewallRules: [{B034B884-53FE-4DFD-B658-BA1235362057}] => (Allow) LPort=5012

FirewallRules: [{D7B9B4D3-B6CC-4CB1-9265-D229D2907568}] => (Allow) LPort=5013

FirewallRules: [{A331D8FF-50F0-431A-823F-C757CB17BE88}] => (Allow) LPort=5014

FirewallRules: [{D630A0ED-AD2D-47B4-8352-358EFAA7031D}] => (Allow) LPort=5015

FirewallRules: [{61D8C58E-7372-4765-87FA-51DC63673637}] => (Allow) LPort=5016

FirewallRules: [{BDC1EE0B-115A-4695-959A-206BD35362F3}] => (Allow) LPort=5017

FirewallRules: [{31248A67-D96A-48F3-851E-B3DBABB5AAF9}] => (Allow) LPort=5018

FirewallRules: [{1F9EF8BF-FC9E-4139-94DA-1384E0B5A674}] => (Allow) LPort=5019

FirewallRules: [{EA8CD93D-07D7-441F-B0A2-C5F266FD51FC}] => (Allow) LPort=5020

FirewallRules: [{9F7B2D21-2AF5-4BEF-B954-EDE1C4960B44}] => (Allow) C:\Windows\System32\lxcycoms.exe

FirewallRules: [{C96262D6-1A02-4018-8EB6-1CA98B1A0983}] => (Allow) C:\Windows\System32\lxcycoms.exe

FirewallRules: [{E851DAD5-2E32-43A8-A79C-B3578489CCAF}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\novaclp7.exe

FirewallRules: [{C98C6601-AD51-4B46-9E99-D19C8ABE9DE9}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\novaclp7.exe

FirewallRules: [{8B0B5B9A-E3EC-4C80-9F58-377E1246D7C0}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\novaclp7.exe

FirewallRules: [{32B68B37-E182-47A6-8A15-18C6DC75F9FD}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\novaclp7.exe

FirewallRules: [{E5298305-3B14-4CD4-AD7E-0A93C06536C6}] => (Allow) C:\Windows\System32\lxcycoms.exe

FirewallRules: [{FD500E61-5AC5-4240-ADD7-444567DE867F}] => (Allow) C:\Windows\System32\lxcycoms.exe

FirewallRules: [{BF9BC9F7-B931-4C6E-8CB1-1BB831FD361F}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyjswx.exe

FirewallRules: [{68A859B5-F375-4784-9B3A-41790D57C331}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyjswx.exe

FirewallRules: [{1415A36C-C099-4AD0-B573-FA2A85DC5F56}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyjswx.exe

FirewallRules: [{6081BD0C-563F-407A-8A36-11FBE741F4B5}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyjswx.exe

FirewallRules: [{63AF996B-8FFB-4A55-A79D-F7F7C92F565C}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcypswx.exe

FirewallRules: [{33D46599-2F64-4615-8BA3-5A17DB0526EA}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcypswx.exe

FirewallRules: [{B3093C7B-BBF8-4095-9DBC-693FF75DF6F5}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcypswx.exe

FirewallRules: [{8E91EF87-2154-4164-B78C-935AE53EF8A9}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcypswx.exe

FirewallRules: [{3A1D3E53-EBD2-4DA5-8636-59929CE8EF1C}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyserv.exe

FirewallRules: [{F6FBB5E3-5964-4F17-9DFB-EF36262A508A}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyserv.exe

FirewallRules: [{3D1A1F23-6558-47EA-9600-A0C665B03AAA}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyserv.exe

FirewallRules: [{334FD2A7-3449-40C3-9B5B-8E6D5F7E34A8}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyserv.exe

FirewallRules: [{5F794FAD-852C-4C96-BE66-6B812903A2D3}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcytime.exe

FirewallRules: [{86BC4F57-51F5-42D4-8186-7ADEED89A29E}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcytime.exe

FirewallRules: [{CC918DB6-4B31-479F-9A8A-484243AA0EBB}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcytime.exe

FirewallRules: [{D41DD74D-A95C-4152-9A80-ECCC1CA60280}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcytime.exe

FirewallRules: [{3A1A02A4-DF4F-4C48-BAA5-91E0B966BF19}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyupld.exe

FirewallRules: [{92B82EB1-F80F-4FF2-BD72-EE4780C3D972}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyupld.exe

FirewallRules: [{66197A5B-E56D-44D3-AFFE-A5927A3865D8}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyupld.exe

FirewallRules: [{60963516-DBB9-4EAD-83D4-ECD496EFEA43}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyupld.exe

FirewallRules: [{9AFAA52C-DE23-4AA2-9B94-4E671668D6B0}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyview.exe

FirewallRules: [{B42C4B44-87D3-4F1D-9FBA-CB08800623C9}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyview.exe

FirewallRules: [{412186F6-5C17-4038-8D63-8AF4C3FCDA02}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyview.exe

FirewallRules: [{1E734410-1944-4391-AAF0-253CC9D75951}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcyview.exe

FirewallRules: [{247CEFCA-B17B-442E-928C-763B6F93D6D1}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcywavs.exe

FirewallRules: [{9DC6AC26-C054-4BE4-9E75-AB85F83FFA62}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcywavs.exe

FirewallRules: [{33311D49-141F-4EB6-87AE-BB3DAA3D02D1}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcywavs.exe

FirewallRules: [{6231E27D-A48F-4D56-A254-2B59816D04CD}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcywavs.exe

FirewallRules: [{E9835CE7-640F-4B38-9D29-8348CC1C5069}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe

FirewallRules: [{0693A856-F226-4B4D-B3A1-AFF2315AB873}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe

FirewallRules: [{DAC41372-6679-4346-B0E3-A2B874218586}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe

FirewallRules: [{BC6BD50B-8B5B-4AED-AEC6-0F6BE79B8491}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe

FirewallRules: [{FBB1553F-BB9F-488F-B17A-1D894B6609FD}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lexocr.exe

FirewallRules: [{51BDF10D-FE9C-4600-B87F-D1D5ED446BBC}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lexocr.exe

FirewallRules: [{FA3CF106-DC17-4880-85FF-26F6D7B6EE8F}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lexocr.exe

FirewallRules: [{30196200-C55B-407C-9143-23814F0CE84C}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lexocr.exe

FirewallRules: [{34698A92-E6E1-4093-BDFC-CA04D8B887A5}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcylpx.exe

FirewallRules: [{D73E2198-442D-4905-9841-2B97DA339B21}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcylpx.exe

FirewallRules: [{A143387F-26F2-4075-9AC7-CA7918464629}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcylpx.exe

FirewallRules: [{7D9CF289-1406-445B-A238-18FBB7E45454}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcylpx.exe

FirewallRules: [{1BBD768A-CAAC-4E56-966C-2EBCD3A6AFFA}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyserv.exe

FirewallRules: [{C0CAC8C3-C70B-4CC7-A4A8-9303EF50487C}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyserv.exe

FirewallRules: [{FF2E75EB-2069-4AB4-A9EC-29FFD7B714F9}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyserv.exe

FirewallRules: [{9AF29271-4789-4813-9CD9-0D77F3401464}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyserv.exe

FirewallRules: [{F515F20D-3156-4C6F-AB17-95FC65D4C23E}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcytime.exe

FirewallRules: [{8DB627B5-70EB-431F-9CE2-19D8F6A389AD}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcytime.exe

FirewallRules: [{16BC1162-BCA3-43C3-8E63-84752BC52991}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcytime.exe

FirewallRules: [{FA8B53C3-E338-44B3-BBB9-3A1B570DB4A5}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcytime.exe

FirewallRules: [{296C72C7-BDB7-45A6-98B3-5A5279E81229}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyupld.exe

FirewallRules: [{36EBBA23-2055-4E1E-9AF2-220AC539C198}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyupld.exe

FirewallRules: [{12770EA6-2435-4049-B1C2-083955AF65E3}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyupld.exe

FirewallRules: [{DBD8CDCB-4AEC-4AF1-B68B-1F27A722B429}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyupld.exe

FirewallRules: [{6169B95B-1241-4A3E-AD1A-DD1906C05C81}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyview.exe

FirewallRules: [{AD7D045D-76AA-4B81-9EF5-178F8C0228AD}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyview.exe

FirewallRules: [{9F1699B2-5460-429F-B478-6C612EC4D046}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyview.exe

FirewallRules: [{6C6F4B07-A280-4FFD-97C7-86B2F7143D42}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyview.exe

FirewallRules: [{D604070C-99B7-44DF-8FB7-5175DFD41E2F}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\pheditor.exe

FirewallRules: [{596969CD-4F3D-4FBF-AB01-64FD748F312B}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\pheditor.exe

FirewallRules: [{42643BC1-17BD-490E-9888-04360A6DB6FF}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\pheditor.exe

FirewallRules: [{25CC6A41-1A67-4C5C-80DC-64B0B365E858}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\pheditor.exe

FirewallRules: [{C360B30D-812F-4941-B2F4-0E0B8FED411E}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe

FirewallRules: [{AA8D2B87-0C3C-45F6-8D08-9697D72E2142}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe

FirewallRules: [{B30D87AA-5401-49D1-B14A-B3DBEF18800D}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyaiox.exe

FirewallRules: [{6839B864-9CF5-4DCB-B7AF-D339A665A2E6}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyaiox.exe

FirewallRules: [{7B7F60D8-C9FE-4155-8E41-CCDF6BA92521}] => (Allow) C:\Windows\System32\lxcycoms.exe

FirewallRules: [{A835ECE9-7656-4A8C-A4DF-2C89E0D99F2C}] => (Allow) C:\Windows\System32\lxcycoms.exe

FirewallRules: [{5E69FBB8-97EA-481B-A3EA-0C336F815B2D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdater.exe

FirewallRules: [{248FD0B7-5628-4952-A9D6-F089EB986C9E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

FirewallRules: [{A148050A-81FC-44FD-A370-93D09F22D1C3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

FirewallRules: [{4B6176DC-A4DF-4248-BD04-B53A3C8AD7E9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

FirewallRules: [{A463BD77-CBE2-4E8E-BE61-BF409D520279}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

FirewallRules: [{AF254E55-4E20-4672-B524-58C1806E1D75}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

FirewallRules: [{AB21F5E2-0AEA-423A-970C-7F14107F4813}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

FirewallRules: [{D422C96D-E0CE-4DA3-A981-0B3EF26CC54C}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

FirewallRules: [{367948ED-38C0-4620-9CA0-7DC68A0F466A}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

FirewallRules: [{B6AC7DBE-940F-424B-9817-BB6C363903D0}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

FirewallRules: [{06FEF072-C562-4D48-A5DF-8463FBFD65AA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe

FirewallRules: [{8C7BA47C-8A1C-4459-96F6-8313680385AA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

FirewallRules: [{0C8A477A-2BF8-40AB-89AF-65717192011D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

FirewallRules: [{CFB5F850-469D-4A6C-9A7D-F972E98030E1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

FirewallRules: [{F9AB3CEE-B7C5-4AFB-8327-33D93793268E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

FirewallRules: [{2AD7E69E-0BDA-4EDA-8415-5DF074B586E1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

FirewallRules: [{170A22F6-1DED-4289-904C-883DE85874E6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (06/05/2015 04:10:21 PM) (Source: VSS) (EventID: 12292) (User: )

Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

].

Operation:

Obtain a callable interface for this provider

List interfaces for all providers supporting this context

Query Shadow Copies

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}

Snapshot Context: 13

Snapshot Context: 13

Execution Context: Coordinator

Error: (06/05/2015 04:10:21 PM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

]

Operation:

Obtain a callable interface for this provider

List interfaces for all providers supporting this context

Query Shadow Copies

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}

Snapshot Context: 13

Snapshot Context: 13

Execution Context: Coordinator

Error: (06/05/2015 02:03:45 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 9.0.8112.16644, time stamp: 0x5527ea05

Faulting module name: MSHTML.dll, version: 9.0.8112.16644, time stamp: 0x5527ec3d

Exception code: 0xc0000005

Fault offset: 0x0029ad72

Faulting process id: 0x15cc

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

Error: (06/05/2015 01:06:07 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program iexplore.exe version 9.0.8112.16644 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14c8

Start Time: 01d09fb1c1a16a96

Termination Time: 7931

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (06/05/2015 01:05:00 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program iexplore.exe version 9.0.8112.16644 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1334

Start Time: 01d09fb17fcbbaef

Termination Time: 8681

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (06/05/2015 03:00:14 AM) (Source: VSS) (EventID: 12292) (User: )

Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

].

Operation:

Obtain a callable interface for this provider

Obtaining provider management interface

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Class ID: {00000000-0000-0000-0000-000000000000}

Snapshot Context: -1

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (06/05/2015 03:00:14 AM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

]

Operation:

Obtain a callable interface for this provider

Obtaining provider management interface

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Class ID: {00000000-0000-0000-0000-000000000000}

Snapshot Context: -1

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (06/05/2015 01:20:40 AM) (Source: SideBySide) (EventID: 63) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (06/05/2015 01:20:29 AM) (Source: SideBySide) (EventID: 59) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

Invalid Xml syntax.

Error: (06/04/2015 01:16:24 AM) (Source: SideBySide) (EventID: 63) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

System errors:

=============

Error: (06/05/2015 09:19:00 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: WMPNetworkSvc0x80070422

Error: (06/05/2015 03:03:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Media Center Extender Service service depends on the SSDP Discovery service which failed to start because of the following error:

%%1058

Error: (06/04/2015 09:08:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Media Center Extender Service service depends on the SSDP Discovery service which failed to start because of the following error:

%%1058

Error: (06/04/2015 07:29:47 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: WMPNetworkSvc0x80070422

Error: (06/04/2015 00:45:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Media Center Extender Service service depends on the SSDP Discovery service which failed to start because of the following error:

%%1058

Error: (06/03/2015 09:23:54 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: WMPNetworkSvc0x80070422

Error: (06/03/2015 09:18:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/03/2015 09:18:19 AM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (06/03/2015 09:18:08 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Media Center Extender Service service depends on the SSDP Discovery service which failed to start because of the following error:

%%1058

Error: (06/02/2015 09:59:17 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: The following fatal alert was generated: 43. The internal error state is 252.

Microsoft Office:

=========================

Error: (06/05/2015 04:10:21 PM) (Source: VSS) (EventID: 12292) (User: )

Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Operation:

Obtain a callable interface for this provider

List interfaces for all providers supporting this context

Query Shadow Copies

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}

Snapshot Context: 13

Snapshot Context: 13

Execution Context: Coordinator

Error: (06/05/2015 04:10:21 PM) (Source: VSS) (EventID: 13) (User: )

Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Operation:

Obtain a callable interface for this provider

List interfaces for all providers supporting this context

Query Shadow Copies

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}

Snapshot Context: 13

Snapshot Context: 13

Execution Context: Coordinator

Error: (06/05/2015 02:03:45 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe9.0.8112.166445527ea05MSHTML.dll9.0.8112.166445527ec3dc00000050029ad7215cc01d09fb17fcca552C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll34510016-0bad-11e5-992d-00256400cdd2

Error: (06/05/2015 01:06:07 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe9.0.8112.1664414c801d09fb1c1a16a967931C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (06/05/2015 01:05:00 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe9.0.8112.16644133401d09fb17fcbbaef8681C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (06/05/2015 03:00:14 AM) (Source: VSS) (EventID: 12292) (User: )

Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Operation:

Obtain a callable interface for this provider

Obtaining provider management interface

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Class ID: {00000000-0000-0000-0000-000000000000}

Snapshot Context: -1

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (06/05/2015 03:00:14 AM) (Source: VSS) (EventID: 13) (User: )

Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Operation:

Obtain a callable interface for this provider

Obtaining provider management interface

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Class ID: {00000000-0000-0000-0000-000000000000}

Snapshot Context: -1

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (06/05/2015 01:20:40 AM) (Source: SideBySide) (EventID: 63) (User: )

Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (06/05/2015 01:20:29 AM) (Source: SideBySide) (EventID: 59) (User: )

Description: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dllC:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll2

Error: (06/04/2015 01:16:24 AM) (Source: SideBySide) (EventID: 63) (User: )

Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

CodeIntegrity Errors:

===================================

Date: 2015-01-09 16:27:39.328

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-09 16:27:39.177

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-18 13:05:15.370

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-18 13:05:15.198

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-14 10:16:11.185

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-14 10:16:10.967

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Celeron® CPU 450 @ 2.20GHz

Percentage of memory in use: 65%

Total physical RAM: 4061.05 MB

Available physical RAM: 1391.7 MB

Total Pagefile: 8120.32 MB

Available Pagefile: 4678.35 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:587.51 GB) (Free:518.97 GB) NTFS

Drive j: (FreeAgent GoFlex Drive) (Fixed) (Total:931.51 GB) (Free:874.44 GB) NTFS

Link to post
Share on other sites

Let's talk about McAfee again. You have remnants from this product. Follow the instructions here to download and run their uninstaller tool to find and clean their remnants:

Step 1

Please follow the instrutions from 2. Download and run the McAfee Consumer Product Removal (MCPR) tool:

https://service.mcafee.com/FAQDocument.aspx?id=TS101331

There are remnants from Avast too. So follow the instructions here:

https://www.avast.com/uninstall-utility

When you are done, please reboot your system.

Step 2

Please launch Malwarebytes Anti-Malware, update it and perform a threat scan. Post your log file.

Step 3

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • FRST log

fixlist.txt

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

 

Error, 6/8/2015 9:58:53 AM, SYSTEM, NEWDESKTOP_3_10, Protection, IsLicensed, 13, 

Protection, 6/8/2015 9:58:53 AM, SYSTEM, NEWDESKTOP_3_10, Protection, Malware Protection, Stopping, 

Protection, 6/8/2015 9:58:53 AM, SYSTEM, NEWDESKTOP_3_10, Protection, Malware Protection, Stopped, 

Error, 6/8/2015 10:16:19 AM, SYSTEM, NEWDESKTOP_3_10, Protection, IsLicensed, 13, 

Protection, 6/8/2015 10:16:19 AM, SYSTEM, NEWDESKTOP_3_10, Protection, Malware Protection, Stopping, 

Protection, 6/8/2015 10:16:19 AM, SYSTEM, NEWDESKTOP_3_10, Protection, Malware Protection, Stopped, 

Update, 6/8/2015 10:45:41 AM, SYSTEM, NEWDESKTOP_3_10, Manual, Malware Database, 2015.6.5.3, 2015.6.8.3, 

Scan, 6/8/2015 12:21:25 PM, SYSTEM, NEWDESKTOP_3_10, Manual, Start:6/8/2015 10:45:48 AM, Duration:1 hr 35 min 37 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 

 

(end)

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 6/8/2015

Scan Time: 10:45:48 AM

Logfile: malware bytes page two of june 8 2015.txt

Administrator: Yes

 

Version: 2.01.6.1022

Malware Database: v2015.06.08.03

Rootkit Database: v2015.06.02.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: NewDesktop_3_2010

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 553559

Time Elapsed: 1 hr, 35 min, 37 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

THERE WAS NO WAY TO MAKE THIS "RUN" - please advise asap. thanks, Susan

 

start
CloseProcesses:
Task: {2063A408-5C3D-4C82-99F8-0A407883B2A8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {AC00C3D9-0B84-44FE-8774-00330C4E1FC0} - System32\Tasks\{9836EE3C-E0D8-4292-B783-FB7C4CE84C52} => pcalua.exe -a "C:\Program Files (x86)\McAfee\MSC\mcuninst.exe"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR Extension: (ShopAtHome.com) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2015-05-31]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
2015-05-21 17:40 - 2015-05-21 17:40 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (9).exe
2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (8).exe
2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (7).exe
2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (6).exe
2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (5).exe
2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (4).exe
2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (3).exe
2015-05-21 17:35 - 2015-05-21 17:35 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (2).exe
2014-05-25 01:04 - 2014-05-25 01:04 - 2162416 _____ (Catalina Marketing Corp) C:\Users\NewDesktop_3_2010\AppData\Local\BcsKtYcHW.dll
AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1
AlternateDataStreams: C:\ProgramData\TEMP:D287FACF
C:\Program Files\AVAST Software
C:\Program Files (x86)\McAfee
EmptyTemp:
end
Link to post
Share on other sites

HERE IS WHAT WAS I GENERATED TODAY - I will send it to you in this post and additional posts:  let me know what to do next.  thank you,  susan   mon. 6/8/2015 2:02 pm edst

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by NewDesktop_3_2010 (administrator) on NEWDESKTOP_3_10 on 08-06-2015 12:56:09
Running from C:\Users\NewDesktop_3_2010\Downloads
Loaded Profiles: NewDesktop_3_2010 &  (Available Profiles: NewDesktop_3_2010 & Administrator & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
( ) C:\Windows\System32\lxcycoms.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe
(PC Tools) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
(Logitech, Inc.) C:\Windows\LockStatusTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\nacl64.exe
() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64 (2).exe
(Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64 (2).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-07-26] (Memeo Inc.)
HKLM-x32\...\Run: [sSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-01-17] (Symantec Corporation)
HKLM-x32\...\Run: [LockStatusTray] => C:\Windows\LockStatusTray.exe [192512 2008-02-19] (Logitech, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403224 2015-05-07] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403224 2015-05-07] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-4200233565-3368421019-1326646657-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.)
HKU\S-1-5-21-4200233565-3368421019-1326646657-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Cloud Player] => C:\Users\NewDesktop_3_2010\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3139072 2013-11-24] ()
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock.lnk [2014-01-22]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk [2010-03-10]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk [2010-03-10]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk [2013-05-02]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
SearchScopes: HKLM -> {4FA2740A-3248-40EF-91AD-C4115EBE0A3C} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {5B6DF038-D9DD-484B-B484-F20DAD050321} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002 -> {E86B926B-C848-46AC-B13C-C8558AA4287A} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130937,20028,0,18,0
SearchScopes: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E86B926B-C848-46AC-B13C-C8558AA4287A} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130937,20028,0,18,0
SearchScopes: HKU\S-1-5-21-4200233565-3368421019-1326646657-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll [2013-05-30] (Symantec Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll [2013-05-30] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-4200233565-3368421019-1326646657-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-4200233565-3368421019-1326646657-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {15B782AF-55D8-11D1-B477-006097098764} https://lms.aa.com/sumtotal/nas/wbt/d/d1/cab/awswaxd.cab
DPF: HKLM-x32 {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: HKLM-x32 {413D6754-BFD4-47FE-9346-319559290BFA} https://www.webpcfos.com/webpcfos/websabre/HTEweb_v.cab
DPF: HKLM-x32 {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-24] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-24] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @talk.google.com/O1DPlugin -> C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @tools.google.com/Google Update;version=3 -> C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: @tools.google.com/Google Update;version=9 -> C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll [2012-07-24] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC)
FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\NewDesktop_3_2010\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\NewDesktop_3_2010\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll [2012-07-24] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-4200233565-3368421019-1326646657-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\NewDesktop_3_2010\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\NewDesktop_3_2010\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn [2015-06-08]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.2.0.31\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.2.0.31\coFFPlgn [2015-06-08]
 
Chrome: 
=======
CHR Profile: C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ShopAtHome.com) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2015-05-31]
CHR Extension: (Bookmark Manager) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-20]
CHR Extension: (Norton Identity Safe) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-31]
CHR Extension: (Hangouts) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-05-31]
CHR Extension: (Google Wallet) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]
CHR Extension: (Norton Security Toolbar) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-05-31]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\Exts\Chrome.crx [2013-06-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1150592 2014-01-17] (Symantec Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [715784 2015-05-07] (Garmin Ltd. or its subsidiaries)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
R2 lxcy_device; C:\Windows\system32\lxcycoms.exe [566192 2006-11-29] ( )
R2 lxcy_device; C:\Windows\SysWOW64\lxcycoms.exe [566192 2006-11-29] ( )
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe [282528 2015-04-01] (Symantec Corporation)
R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [795776 2014-01-17] (PC Tools)
S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1163904 2014-01-17] (Symantec Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\BASHDefs\20150601.001\BHDrvx64.sys [1640152 2015-05-21] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1602000.01F\ccSetx64.sys [165080 2015-03-26] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\IPSDefs\20150605.001\IDSvia64.sys [684248 2015-05-25] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-08] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\VirusDefs\20150607.020\ENG64.SYS [129752 2014-11-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\VirusDefs\20150607.020\EX64.SYS [2137304 2014-11-15] (Symantec Corporation)
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.)
R0 PxHlpa64; C:\Windows\SysWOW64\Drivers\PxHlpa64.sys [26720 2004-09-23] (Sonic Solutions) [File not signed]
R3 SRTSP; C:\Windows\system32\drivers\NSx64\1602000.01F\SRTSP64.SYS [916184 2015-03-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1602000.01F\SRTSPX64.SYS [42200 2015-03-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NSx64\1602000.01F\SYMDS64.SYS [490712 2015-03-26] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NSx64\1602000.01F\SYMEFA64.SYS [1151704 2015-03-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-05-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1602000.01F\Ironx64.SYS [271576 2015-03-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NSx64\1602000.01F\SYMNETS.SYS [565464 2015-03-26] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-08-10] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-08 12:56 - 2015-06-08 13:12 - 00031003 _____ C:\Users\NewDesktop_3_2010\Downloads\FRST.txt
2015-06-08 12:40 - 2015-06-08 12:53 - 00002296 _____ C:\Users\NewDesktop_3_2010\Desktop\fixlist (1).txt
2015-06-08 12:39 - 2015-06-08 12:39 - 00002296 _____ C:\Users\NewDesktop_3_2010\Downloads\fixlist (1).txt
2015-06-08 12:38 - 2015-06-08 12:39 - 00002296 _____ C:\Users\NewDesktop_3_2010\Downloads\fixlist.txt
2015-06-08 12:37 - 2015-06-08 12:37 - 00001107 _____ C:\malware bytes page two of june 8 2015.txt
2015-06-08 12:31 - 2015-06-08 12:31 - 00000934 _____ C:\maleware bytes june 8 2015.txt
2015-06-08 10:15 - 2015-06-08 10:15 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-08 10:08 - 2015-06-08 10:09 - 05684904 _____ (Avast Software s.r.o.) C:\Users\NewDesktop_3_2010\Downloads\avastclear (2).exe
2015-06-08 09:58 - 2015-06-08 10:15 - 00005870 _____ C:\Windows\PFRO.log
2015-06-08 09:51 - 2015-06-08 09:51 - 04798416 _____ (McAfee, Inc.) C:\Users\NewDesktop_3_2010\Downloads\MCPR.exe
2015-06-07 09:47 - 2015-06-07 09:47 - 00000000 ____D C:\NPE
2015-06-07 09:44 - 2015-06-07 09:44 - 03060320 ____N (Symantec Corporation) C:\Users\NewDesktop_3_2010\Downloads\NPE.exe
2015-06-07 09:44 - 2015-06-07 09:44 - 03060320 _____ (Symantec Corporation) C:\Users\NewDesktop_3_2010\Downloads\NPE (2).exe
2015-06-07 09:44 - 2015-06-07 09:44 - 03060320 _____ (Symantec Corporation) C:\Users\NewDesktop_3_2010\Downloads\NPE (1).exe
2015-06-06 12:54 - 2015-06-06 13:05 - 00004592 _____ C:\Users\NewDesktop_3_2010\Desktop\output.txt
2015-06-06 12:53 - 2015-06-06 12:55 - 00000506 _____ C:\Users\NewDesktop_3_2010\Desktop\FrontierPingTest.bat
2015-06-06 12:53 - 2015-06-06 12:53 - 00000000 _____ C:\Users\NewDesktop_3_2010\Desktop\Frontier.txt
2015-06-06 12:40 - 2015-06-06 12:40 - 01478976 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (26).exe
2015-06-06 12:40 - 2015-06-06 12:40 - 01478976 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (25).exe
2015-06-05 17:27 - 2015-06-05 17:27 - 00061774 _____ C:\Users\NewDesktop_3_2010\Downloads\Nick - here is a copy of the NEW LEASE and cover letter for your review (1).zip
2015-06-05 17:26 - 2015-06-05 17:26 - 00061774 _____ C:\Users\NewDesktop_3_2010\Downloads\Nick - here is a copy of the NEW LEASE and cover letter for your review.zip
2015-06-05 02:55 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-05 02:55 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-05 02:55 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-05 02:55 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-05 02:55 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-05 02:55 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-05 02:55 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-05 02:55 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-04 00:45 - 2015-06-08 10:16 - 00110446 _____ C:\Windows\setupact.log
2015-06-04 00:45 - 2015-06-04 00:45 - 00000000 _____ C:\Windows\setuperr.log
2015-06-04 00:38 - 2015-06-04 00:38 - 02108928 _____ (Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64 (2).exe
2015-06-03 15:35 - 2015-06-03 15:35 - 00285327 _____ C:\Users\NewDesktop_3_2010\Downloads\HealthSummary20150603.zip
2015-06-03 02:02 - 2015-06-03 02:02 - 00005864 _____ C:\Windows\system32\cc_20150603_020213.reg
2015-06-02 16:29 - 2015-06-02 16:29 - 00285335 _____ C:\Users\NewDesktop_3_2010\Downloads\HealthSummary20150602.zip
2015-06-02 08:40 - 2015-06-02 08:40 - 00003762 _____ C:\Windows\System32\Tasks\ArcSoft Connect Daemon
2015-06-02 07:28 - 2015-06-02 15:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-02 07:28 - 2015-06-02 07:28 - 00001280 _____ C:\Users\NewDesktop_3_2010\Desktop\Spybot - Search & Destroy.lnk
2015-06-02 07:28 - 2015-06-02 07:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-06-02 07:28 - 2015-06-02 07:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2015-06-02 07:26 - 2015-06-02 07:26 - 16409960 _____ (Safer Networking Limited ) C:\Users\NewDesktop_3_2010\Downloads\spybotsd162 (1).exe
2015-06-02 07:25 - 2015-06-02 07:26 - 16409960 _____ (Safer Networking Limited ) C:\Users\NewDesktop_3_2010\Downloads\spybotsd162.exe
2015-05-31 15:55 - 2015-06-08 12:35 - 00264447 _____ C:\Windows\WindowsUpdate.log
2015-05-31 15:54 - 2015-05-31 15:54 - 00081320 _____ C:\Users\NewDesktop_3_2010\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-31 15:48 - 2015-05-31 15:50 - 00000000 ____D C:\AdwCleaner
2015-05-31 15:42 - 2015-05-31 15:42 - 02223104 _____ C:\Users\NewDesktop_3_2010\Downloads\adwcleaner_4.205.exe
2015-05-28 16:51 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-05-28 16:35 - 2015-05-28 16:35 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{A7EDB781-4C87-4C1B-93B8-2BC47871B562}
2015-05-28 15:17 - 2015-05-28 15:17 - 00015139 _____ C:\Users\NewDesktop_3_2010\Downloads\KATRINA - I STILL HAVE NOT RECEIVED THE REQUESTED FORM, HAVE NOT RECEIVED ANY RESPONSE IN THE MAIL....RE Katrina - I need a copy of the TENANT AUTO INFORMATION FORM SENT TO ME ASAP (1).zip
2015-05-26 16:57 - 2015-05-26 16:57 - 06549184 _____ (Piriform Ltd) C:\Users\NewDesktop_3_2010\Downloads\ccsetup506.exe
2015-05-25 11:09 - 2015-05-25 11:09 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{E71D18C5-71DF-4AA7-B428-39CD7A2DDBA3}
2015-05-24 23:08 - 2015-05-24 23:08 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{D144978D-3187-4479-A82C-ADB43C10113B}
2015-05-24 11:07 - 2015-05-24 11:07 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{235E64BE-D04A-44C3-836C-0CBCE003941D}
2015-05-23 23:06 - 2015-05-23 23:06 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{BB63F625-D151-49FB-9016-0F7E181DCFDB}
2015-05-23 11:06 - 2015-05-23 11:06 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{1DF7316D-01C3-433D-9C80-684FF104037A}
2015-05-22 15:10 - 2015-05-22 15:10 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-igxRSQcK.exe
2015-05-22 15:09 - 2015-05-22 15:09 - 00000000 ____D C:\Program Files (x86)\Valassis
2015-05-22 15:06 - 2015-05-22 15:06 - 02166416 _____ (Valassis) C:\Users\NewDesktop_3_2010\Downloads\P@H_prod308-VZqT1rla.exe
2015-05-21 21:16 - 2015-05-21 21:16 - 00022839 _____ C:\Users\NewDesktop_3_2010\Downloads\Invoke Solutions may 21 2015 forum for one hundred sixty five dollars for one and a half hour online forum participation by EJO.html
2015-05-21 21:16 - 2015-05-21 21:16 - 00000000 ____D C:\Users\NewDesktop_3_2010\Downloads\Invoke Solutions may 21 2015 forum for one hundred sixty five dollars for one and a half hour online forum participation by EJO_files
2015-05-21 17:40 - 2015-05-21 17:40 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (9).exe
2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (8).exe
2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (7).exe
2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (6).exe
2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (5).exe
2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (4).exe
2015-05-21 17:36 - 2015-05-21 17:36 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (3).exe
2015-05-21 17:35 - 2015-05-21 17:35 - 02810576 _____ (Coupons.com Incorporated) C:\Users\NewDesktop_3_2010\Downloads\couponprinter (2).exe
2015-05-21 16:32 - 2015-05-21 16:32 - 00001088 _____ C:\Users\Public\Desktop\OneSuite Phone.lnk
2015-05-21 16:32 - 2015-05-21 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSuite
2015-05-21 16:32 - 2015-05-21 16:32 - 00000000 ____D C:\Program Files (x86)\OneSuite
2015-05-21 16:31 - 2015-05-21 16:31 - 10951142 _____ (OneSuite Corporation ) C:\Users\NewDesktop_3_2010\Downloads\ospsetup.exe
2015-05-21 16:31 - 2015-05-21 16:31 - 10951142 _____ (OneSuite Corporation ) C:\Users\NewDesktop_3_2010\Downloads\ospsetup (1).exe
2015-05-21 13:22 - 2015-05-21 13:22 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
2015-05-21 13:18 - 2015-05-21 13:18 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-05-21 13:17 - 2015-05-21 13:17 - 00102616 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-05-21 13:17 - 2015-05-21 13:17 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-05-21 13:17 - 2015-05-21 13:17 - 00002470 _____ C:\Users\Public\Desktop\Norton Security.lnk
2015-05-21 13:17 - 2015-05-21 13:17 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-05-21 13:15 - 2015-05-21 13:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2015-05-21 13:15 - 2015-05-21 13:15 - 00000000 ____D C:\Windows\system32\Drivers\NSx64
2015-05-21 13:15 - 2015-05-21 13:15 - 00000000 ____D C:\Program Files (x86)\Norton Security
2015-05-21 12:56 - 2015-05-21 13:02 - 01445376 _____ C:\Users\NewDesktop_3_2010\Desktop\ID Safe BackUp.DAT
2015-05-21 11:29 - 2015-05-21 11:29 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (24).exe
2015-05-21 11:29 - 2015-05-21 11:29 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (23).exe
2015-05-21 11:29 - 2015-05-21 11:29 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (22).exe
2015-05-18 14:20 - 2015-05-18 14:20 - 00015139 _____ C:\Users\NewDesktop_3_2010\Downloads\KATRINA - I STILL HAVE NOT RECEIVED THE REQUESTED FORM, HAVE NOT RECEIVED ANY RESPONSE IN THE MAIL....RE Katrina - I need a copy of the TENANT AUTO INFORMATION FORM SENT TO ME ASAP.zip
2015-05-16 14:05 - 2015-05-16 14:05 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\{ADE026BA-C1E9-460A-A563-849768108DA5}
2015-05-13 03:03 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:03 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 00:46 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 00:46 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 00:46 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 00:46 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 00:46 - 2015-04-10 12:54 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 00:46 - 2015-04-10 12:44 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 00:46 - 2015-04-10 12:43 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 00:46 - 2015-04-10 12:43 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 00:46 - 2015-04-10 12:39 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 00:46 - 2015-04-10 12:39 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 00:46 - 2015-04-10 12:38 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 00:46 - 2015-04-10 12:37 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 00:46 - 2015-04-10 12:37 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 00:46 - 2015-04-10 12:37 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-13 00:46 - 2015-04-10 12:37 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-13 00:46 - 2015-04-10 12:36 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-13 00:46 - 2015-04-10 11:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 00:46 - 2015-04-10 11:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 00:46 - 2015-04-10 11:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 00:46 - 2015-04-10 11:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 00:46 - 2015-04-10 11:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 00:46 - 2015-04-10 11:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 00:46 - 2015-04-10 11:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 00:46 - 2015-04-10 11:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 00:46 - 2015-04-10 11:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 00:46 - 2015-04-10 11:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 00:46 - 2015-04-10 11:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 00:46 - 2015-04-10 11:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 00:46 - 2015-04-10 11:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-13 00:46 - 2015-04-10 11:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 00:46 - 2015-04-10 11:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 00:46 - 2015-04-10 11:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 00:46 - 2015-04-10 11:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 00:46 - 2015-04-10 11:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 00:46 - 2015-04-10 11:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 00:46 - 2015-04-10 11:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-13 00:46 - 2015-04-10 11:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-13 00:46 - 2015-04-10 11:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-05-13 00:45 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 00:45 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 00:45 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 00:45 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 00:45 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 00:45 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 00:45 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 00:45 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 00:45 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 00:45 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 00:45 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 00:45 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 00:45 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 00:45 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 00:45 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 00:45 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 00:45 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 00:45 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 00:45 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 00:45 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 00:45 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 00:45 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 00:45 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 00:45 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 00:45 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 00:45 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 00:45 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 00:45 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 00:45 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 00:45 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 00:45 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 00:45 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 00:45 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 00:45 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 00:45 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 00:45 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 00:45 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 00:45 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 00:45 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 00:45 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 00:45 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 00:45 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 00:45 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 00:45 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 00:45 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 00:45 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 00:45 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 00:44 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 00:44 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 00:44 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 00:44 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 00:44 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 00:44 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 00:44 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 00:44 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 00:44 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 00:44 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 00:44 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 00:40 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 00:40 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 00:40 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 00:40 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 00:40 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 00:40 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 00:40 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 18:17 - 2015-05-12 18:17 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (16).exe
2015-05-12 18:13 - 2015-05-12 18:13 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (15).exe
2015-05-12 18:13 - 2015-05-12 18:13 - 01513280 _____ (LogMeIn, Inc.) C:\Users\NewDesktop_3_2010\Downloads\Support-LogMeInRescue (14).exe
2015-05-12 12:52 - 2015-05-12 12:53 - 00003684 _____ C:\Users\NewDesktop_3_2010\Downloads\OPTIONSHOUSE_2015_TRANSACTIONS_AccountHistoryReport.csv
2015-05-12 12:28 - 2015-05-12 12:29 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\Garmin_Ltd._or_its_subsid
2015-05-12 12:26 - 2015-05-12 12:26 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2015-05-12 12:26 - 2015-05-12 12:26 - 00001892 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2015-05-12 12:26 - 2015-05-12 12:26 - 00000000 ____D C:\ProgramData\Garmin
2015-05-12 12:21 - 2015-05-12 12:22 - 41023360 _____ (Garmin Ltd or its subsidiaries) C:\Users\NewDesktop_3_2010\Downloads\GarminExpress.exe
2015-05-12 09:57 - 2015-05-12 09:57 - 00005245 _____ C:\Users\NewDesktop_3_2010\Downloads\AccountHistoryReport.csv
2015-05-12 09:57 - 2015-05-12 09:57 - 00005245 _____ C:\Users\NewDesktop_3_2010\Downloads\AccountHistoryReport (1).csv
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-08 13:27 - 2014-10-12 11:57 - 00000956 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA.job
2015-06-08 12:56 - 2014-02-19 11:46 - 00000000 ____D C:\FRST
2015-06-08 12:49 - 2013-05-02 14:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-08 12:48 - 2011-02-21 11:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-08 12:29 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-08 12:29 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-08 11:27 - 2014-10-12 11:57 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core.job
2015-06-08 10:45 - 2014-12-28 11:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-08 10:17 - 2015-01-25 18:38 - 00000312 _____ C:\Windows\Tasks\NUAutoUpdate.job
2015-06-08 10:17 - 2010-03-15 22:23 - 00000000 ____D C:\ProgramData\TEMP
2015-06-08 10:16 - 2013-10-28 09:48 - 00000095 _____ C:\Users\NewDesktop_3_2010\.accessibility.properties
2015-06-08 10:16 - 2011-02-21 11:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-08 10:16 - 2010-03-16 21:13 - 00000000 ____D C:\Users\NewDesktop_3_2010
2015-06-08 10:16 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 03:00 - 2015-02-10 12:23 - 00000354 _____ C:\Windows\Tasks\SpeedDiskSchedule.job
2015-06-07 22:11 - 2012-12-17 21:57 - 00004002 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9EC003F4-3A64-4D9A-B092-891289AE3404}
2015-06-07 18:00 - 2012-11-07 15:21 - 00000490 _____ C:\Windows\Tasks\ParetoLogic Registration.job
2015-06-07 10:41 - 2010-07-27 16:45 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\NPE
2015-06-07 09:27 - 2015-02-25 16:38 - 00000306 _____ C:\Windows\Tasks\NUSchedule.job
2015-06-07 09:27 - 2015-01-25 20:00 - 00074710 _____ C:\Windows\SysWOW64\AppLog.log
2015-06-07 09:27 - 2015-01-25 18:44 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Roaming\Norton Utilities 16
2015-06-06 16:07 - 2012-02-09 18:00 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Local\LogMeIn Rescue Applet
2015-06-05 11:42 - 2012-10-21 14:12 - 00000000 ____D C:\Program Files (x86)\Avanquest update
2015-06-05 11:42 - 2010-03-10 06:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-05 03:02 - 2014-12-10 04:26 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-05 03:02 - 2014-04-24 12:24 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-03 12:35 - 2010-04-07 08:42 - 09903104 ____R C:\Users\Public\Documents\ESBK.mbb
2015-06-03 12:35 - 2010-04-07 08:42 - 04922368 ____R C:\Users\Public\Documents\ESBK.mb
2015-06-02 08:39 - 2013-02-02 13:02 - 00003704 _____ C:\Windows\System32\Tasks\Java Update Scheduler
2015-06-02 08:39 - 2013-01-26 13:59 - 00003694 _____ C:\Windows\System32\Tasks\Adobe online update program
2015-06-02 07:54 - 2013-01-26 13:41 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2012
2015-05-31 14:57 - 2014-12-28 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-31 14:57 - 2014-12-28 11:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-27 09:18 - 2014-05-31 13:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-27 08:49 - 2009-07-13 22:34 - 87031808 _____ C:\Windows\system32\config\software.rmbak
2015-05-27 08:49 - 2009-07-13 22:34 - 00532480 _____ C:\Windows\system32\config\default.rmbak
2015-05-27 08:35 - 2015-03-14 09:52 - 01093632 _____ C:\Users\Administrator\s-1-5-21-4200233565-3368421019-1326646657-500.rrr
2015-05-27 08:35 - 2014-01-22 17:11 - 00000000 ____D C:\Users\Administrator
2015-05-26 16:59 - 2013-05-03 11:55 - 00000000 ____D C:\Program Files\CCleaner
2015-05-25 17:16 - 2010-04-24 09:40 - 00000424 _____ C:\Windows\Tasks\EasyShare Registration Task.job
2015-05-21 13:22 - 2010-03-15 22:09 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2015-05-21 13:22 - 2010-03-15 22:09 - 00000000 ____D C:\ProgramData\Norton
2015-05-21 13:13 - 2012-02-11 19:10 - 00001309 _____ C:\Users\NewDesktop_3_2010\Desktop\Norton Installation Files.lnk
2015-05-21 13:13 - 2010-03-15 22:09 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-05-18 08:51 - 2013-05-14 14:05 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-16 14:08 - 2009-07-14 01:13 - 00862872 _____ C:\Windows\system32\PerfStringBackup.INI
2015-05-16 13:43 - 2011-02-21 11:35 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 13:43 - 2011-02-21 11:35 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 11:21 - 2014-10-12 11:57 - 00003950 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA
2015-05-15 11:21 - 2014-10-12 11:57 - 00003554 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core
2015-05-13 04:51 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-05-13 03:49 - 2013-04-04 18:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-13 03:49 - 2013-04-04 18:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 03:49 - 2009-07-14 00:45 - 00340480 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-13 03:44 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 03:20 - 2013-08-08 12:56 - 00000000 ____D C:\Windows\system32\MRT
2015-05-13 03:08 - 2010-04-15 07:11 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 03:03 - 2013-04-04 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 12:28 - 2013-01-26 12:49 - 00000000 ____D C:\Program Files\DIFX
2015-05-12 12:27 - 2013-01-26 12:45 - 00000000 ____D C:\Users\NewDesktop_3_2010\AppData\Roaming\Garmin
2015-05-12 12:27 - 2013-01-26 12:45 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-05-12 12:26 - 2013-01-26 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-05-12 12:25 - 2012-11-20 23:32 - 00000000 ____D C:\ProgramData\Package Cache
 
==================== Files in the root of some directories =======
 
2010-03-17 18:43 - 2015-04-14 20:46 - 0001948 _____ () C:\Users\NewDesktop_3_2010\AppData\Roaming\wklnhst.dat
2014-05-25 01:04 - 2014-05-25 01:04 - 0893239 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\a.zip
2014-05-25 01:04 - 2014-05-25 01:04 - 2162416 _____ (Catalina Marketing Corp) C:\Users\NewDesktop_3_2010\AppData\Local\BcsKtYcHW.dll
2013-12-13 08:35 - 2013-12-13 08:36 - 0007605 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\Resmon.ResmonCfg
2011-10-16 14:03 - 2011-10-16 14:03 - 0000000 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\{62C84699-B853-4384-BF6C-E456B46B3F4F}
2011-08-10 22:57 - 2011-08-10 22:57 - 0000000 _____ () C:\Users\NewDesktop_3_2010\AppData\Local\{FDF947EE-4675-4262-A24B-4D2DE1711DBD}
2012-04-11 18:44 - 2012-04-13 09:54 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-04 01:15
 
==================== End of log ============================
Link to post
Share on other sites

  • Root Admin

I will go ahead and take over this topic per request.

 

 

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.


  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.


  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

 

Link to post
Share on other sites

Hello..I ran the JRT in step 4 above and it SAVED the jrt.txt file to my desktop and I saw that MANY files had been deleted - BUT THEN when I went in to download the Adwcleaner in step 5 - SOMEHOW the jrt ran AGAIN, and in the MIDST of it running I had a brown out electrical disruption to my home and my pc rebooted and when I went in to go to step 5 - I saw that the jrt.txt log WAS GONE from my desktop and when I went into the search box after going to the bottom left windows globe...it was not there either !  So I ran the jrt all OVER AGAIN, and I got back the CLEAN log which I show you here !!  Now I will go back and perform the OTHER STEPS you have outlined and will get back to you shortly.  thank you, and please let me know if having done STEP 4 the second time did not screw us up !!  Susan

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.1 (06.08.2015:1)
OS: Windows 7 Home Premium x64
Ran by NewDesktop_3_2010 on Tue 06/09/2015 at 10:13:34.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\NewDesktop_3_2010\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\NewDesktop_3_2010\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\NewDesktop_3_2010\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\NewDesktop_3_2010\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/09/2015 at 10:23:25.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

I cannot run AdwCleaner...get when I try to run it and it says a problem caused it to shut down and Windows is working on a solution and will get back to me once a solution is found ?  I disbled my  Norton firewall and anti virus protection and get the SAME error pop up ?  what do I do next to get Step 5 to work or should I go on to step 6 ?  please advise.  thanks,  Susan

Link to post
Share on other sites

I skipped number 5 since I was having trouble with it, and here are the two text files for STEP 6:

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 6/9/2015

Scan Time: 2:07:26 PM

Logfile: malwarebytes 6 9 2015 text file.txt

Administrator: Yes

Version: 2.01.6.1022

Malware Database: v2015.06.09.04

Rootkit Database: v2015.06.02.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: NewDesktop_3_2010

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 553350

Time Elapsed: 2 hr, 8 min, 15 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

Malwarebytes Anti-Malware

www.malwarebytes.org

Error, 6/9/2015 9:06:25 AM, SYSTEM, NEWDESKTOP_3_10, Protection, IsLicensed, 13,

Protection, 6/9/2015 9:06:25 AM, SYSTEM, NEWDESKTOP_3_10, Protection, Malware Protection, Stopping,

Protection, 6/9/2015 9:06:25 AM, SYSTEM, NEWDESKTOP_3_10, Protection, Malware Protection, Stopped,

Error, 6/9/2015 10:48:46 AM, SYSTEM, NEWDESKTOP_3_10, Protection, IsLicensed, 13,

Protection, 6/9/2015 10:48:46 AM, SYSTEM, NEWDESKTOP_3_10, Protection, Malware Protection, Stopping,

Protection, 6/9/2015 10:48:46 AM, SYSTEM, NEWDESKTOP_3_10, Protection, Malware Protection, Stopped,

Update, 6/9/2015 2:05:00 PM, SYSTEM, NEWDESKTOP_3_10, Manual, Malware Database, 2015.6.8.3, 2015.6.9.4,

Scan, 6/9/2015 4:16:04 PM, SYSTEM, NEWDESKTOP_3_10, Manual, Start:6/9/2015 2:07:26 PM, Duration:2 hr 8 min 15 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)

Link to post
Share on other sites

  • Root Admin

Well a power outage is not a good thing for any computer to reboot from. I had one actually just the other day and it ended up corrupting the controller front panel board and I had to replace it from Dell.

Please click on START and type in CMD.EXE and wait for it to show on your menu. When it does then using the mouse right click over it and choose "Run as administrator" then type the following exactly.
 

CHKDSK   C:   /R

Then it will tell you that it cannot lock the drive and ask if you want to run it after a restart. Press the Y key and the Enter key and then restart your computer to let it run.
 

C:\>chkdsk c: /R
The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another
process. Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N)

 

 

On Windows 7 the disk check log is in the Event Logs under Application with a heading source of  Wininit

 

How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8

 

 

When the disk check is done then please copy the results from the Event Log here on your next reply. How to access it is in the link above.

 

Once that's done then you'll need to find your copy  of AdAware Cleaner and delete it. Then temporarily disable your antivirus and download a new copy of AdwCleaner and save it to your desktop and quit your Browser. Then find the downloaded file and right click over it and choose "Run as administrator" to run it. Once done with the "clean" it should restart the computer again. Make sure your antivirus is then re-enabled if it did not do so on its' own. So basically follow STEP 5 again after reboot and make sure antivirus is disabled.

 

Thanks

 

 

 

Link to post
Share on other sites

Here are STEP 7 results which identified 18 files. It took SEVERAL HOURS to run this ESET scan.

C:\Users\NewDesktop_3_2010\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\NewDesktop_3_2010\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\NewDesktop_3_2010\Downloads\ccsetup504.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\NewDesktop_3_2010\Downloads\ccsetup505.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\NewDesktop_3_2010\Downloads\ccsetup506.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2014-10-10_09-27-42\Memeo\2014-10-10_09-27-42\C_\Users\NewDesktop_3_2010\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2014-10-10_09-27-42\Memeo\2014-10-10_09-27-42\C_\Users\NewDesktop_3_2010\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2014-10-10_09-27-42\Memeo\2014-10-10_09-27-42\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 225330.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2014-10-10_09-27-42\Memeo\2014-10-10_09-27-42\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 477364.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\ccsetup504.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\ccsetup505.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\ccsetup506.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 424170.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 424170@2015-03-31T19;37;06.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 80959.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 827091.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application

Link to post
Share on other sites

here are the TWO logs for STEP 8 scans:

C:\Users\NewDesktop_3_2010\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\NewDesktop_3_2010\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\NewDesktop_3_2010\Downloads\ccsetup504.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\NewDesktop_3_2010\Downloads\ccsetup505.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\NewDesktop_3_2010\Downloads\ccsetup506.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2014-10-10_09-27-42\Memeo\2014-10-10_09-27-42\C_\Users\NewDesktop_3_2010\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2014-10-10_09-27-42\Memeo\2014-10-10_09-27-42\C_\Users\NewDesktop_3_2010\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2014-10-10_09-27-42\Memeo\2014-10-10_09-27-42\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 225330.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2014-10-10_09-27-42\Memeo\2014-10-10_09-27-42\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 477364.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\ccsetup504.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\ccsetup505.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\ccsetup506.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 424170.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 424170@2015-03-31T19;37;06.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 80959.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application

J:\NewDesktop_3_2010_Backup\2015-03-16_12-14-52\Memeo\2015-03-16_12-14-52\C_\Users\NewDesktop_3_2010\Downloads\Unconfirmed 827091.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015

Ran by NewDesktop_3_2010 at 2015-06-10 01:57:18

Running from C:\Users\NewDesktop_3_2010\Downloads

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4200233565-3368421019-1326646657-500 - Administrator - Enabled) => C:\Users\Administrator

Guest (S-1-5-21-4200233565-3368421019-1326646657-501 - Limited - Disabled)

NewDesktop_3_2010 (S-1-5-21-4200233565-3368421019-1326646657-1002 - Administrator - Enabled) => C:\Users\NewDesktop_3_2010

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}

FW: Norton Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)

Amazon Cloud Player (HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\Amazon Amazon Cloud Player) (Version: 2.1.0.381 - Amazon Services LLC)

Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)

AnswerWorks 4.0 Runtime - English (HKLM-x32\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)

AnswerWorks 5.0 English Runtime (HKLM-x32\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics)

AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)

ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft)

ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft)

ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)

ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft)

ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft)

ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft)

ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)

CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden

CardRd81 (x32 Version: 4.00.0000.0004 - EASTMAN KODAK Company) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)

CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.4.0 - Conexant)

CR2 (x32 Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)

Dell Driver Download Manager (HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)

Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)

Elevated Installer (x32 Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Hidden

EPSON Printer Software (HKLM-x32\...\EPSON Printer and Utilities) (Version: - )

erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )

ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden

ESScore (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden

ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden

ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden

ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden

essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden

Garmin Express (HKLM-x32\...\{cc3a3e9f-5960-4162-9538-497b3a82b52e}) (Version: 4.0.20.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)

Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)

Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden

GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)

Graboid Video 3.58 (HKLM-x32\...\Graboid Video) (Version: 3.58 - Graboid Inc.)

Graboid Video 3.58 Setup (HKLM-x32\...\{bcb1ff51-51a4-4048-b534-3a9b3aa4acce}) (Version: 3.5.8 - FUSENET)

IBM ViaVoice Integration With 1-2-3 (HKLM-x32\...\IBM ViaVoice Integration With 123) (Version: - )

IBM ViaVoice Outloud Runtime - US English (HKLM-x32\...\VV_Outloud_En_US) (Version: - )

IBM ViaVoice Technology, Dictation Runtime 5.3 (HKLM-x32\...\DeleteProdRunDictate_US) (Version: - )

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)

Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )

ItsDeductible Express (HKLM-x32\...\{36495C59-089C-49D1-BD15-9E5BD86DC9A1}) (Version: 1.00.0000 - Intuit)

Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)

Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Keyboard Lock Status (HKLM-x32\...\{144A1586-E16C-448D-910D-E12ACD65DD98}) (Version: 1.00.0000 - Logitech)

Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)

Lexmark 3400 Series (HKLM\...\Lexmark 3400 Series) (Version: - Lexmark International, Inc.)

LifeScan USB Device Driver vSL2.0 (Driver Removal) (HKLM-x32\...\LFSVCOMM&10C4&85A7) (Version: - LifeScan Inc)

Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)

Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)

Lotus 1-2-3 (HKLM-x32\...\123Suite V99.0) (Version: - )

LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden

Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)

Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)

Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)

Media Go Video Playback Engine 2.12.105.06300 (HKLM-x32\...\{14BF28ED-011F-64B1-F830-A5D351E6ACDB}) (Version: 2.12.105.06300 - Sony)

Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7494 - Memeo Inc.)

Meter Drivers for OneTouch® Software (x32 Version: 1.10.0.0 - LifeScan) Hidden

Meter Drivers for OneTouch® Software (x32 Version: 1.9.1.0 - LifeScan) Hidden

Meter Drivers for OneTouch® Software v1.10.0.0 (HKLM-x32\...\InstallShield_{A2C173E1-FB29-4B31-8ED6-CBEE8025E00A}) (Version: 1.10.0.0 - LifeScan)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Easy Assist v2 (HKLM-x32\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation)

Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.4276.0) (Version: 4.0.4276.0 - Microsoft Corporation)

Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{64C12304-7010-43F3-A25B-BDC38DE41E46}) (Version: 4.0.4276.0 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden

Norton Identity Safe (HKLM-x32\...\NST) (Version: 2013.4.0.10 - Symantec Corporation)

Norton Security (HKLM-x32\...\NS) (Version: 22.2.0.31 - Symantec Corporation)

Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation)

novaPDF Professional Desktop 7.5 printer (HKLM\...\novaPDF Professional Desktop 7 printer_is1) (Version: - Softland)

OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden

OneSuite Phone version 1.0.8.21 (HKLM-x32\...\{247969F9-4B17-47DB-9CDA-457D28BFAD9F}_is1) (Version: 1.0.8.21 - OneSuite Corporation)

OneTouch Software (HKLM-x32\...\{82FEBE5D-61EC-4365-A213-2B278780945E}) (Version: - )

oneworld Timetables (HKLM-x32\...\ONEWORLD) (Version: - )

P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)

ParetoLogic Data Recovery (HKLM-x32\...\{B1C2398C-6FAB-46D1-806C-5942F0829994}) (Version: 1.1.0 - ParetoLogic)

PDFZilla V1.2.9 (HKLM-x32\...\PDFZilla_is1) (Version: - PDFZilla, Inc.)

PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)

Power E*TRADE Pro (HKLM-x32\...\{7FFF37C7-94A1-4CC0-B9FE-907F7542999D}) (Version: - )

PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)

Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.9.16 - Intuit)

Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)

Realtek High Definit