Jump to content

Computer is running very slow


Recommended Posts

I have a personal computer and it is running very slow and getting a repeated message:  "computer memory is full and you must close programs or they will crash". I will  only have a few tabs open and for some reason the Memory will be at 93%. This is a fairly new ASUS with 4 gigs of Ram. The computer is constantly moving at very slow speeds and this only recently started doing this. I'm running Windows 7.  Please help me figure out if there is any MALWARE on my computer that is causing this slowness. 

Thank you!

Link to post
Share on other sites

Hello and welcome to Malwarebytes.org

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Next,

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Settings.JPG
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Next,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.



Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!



Let me see those logs in your reply....

Thank you,

Kevin...
 

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 9/30/2015

Scan Time: 4:16 PM

Logfile: 

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2015.09.30.07

Rootkit Database: v2015.09.22.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Sarah Care

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 373809

Time Elapsed: 21 min, 24 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-09-2015

Ran by Sarah Care (2015-09-30 17:07:57)

Running from C:\Users\Sarah Care\Downloads

Windows 7 Home Premium Service Pack 1 (X64) (2013-12-27 17:31:23)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2023128739-2569144306-2742317746-500 - Administrator - Disabled)

Guest (S-1-5-21-2023128739-2569144306-2742317746-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2023128739-2569144306-2742317746-1004 - Limited - Enabled)

Sarah Care (S-1-5-21-2023128739-2569144306-2742317746-1000 - Administrator - Enabled) => C:\Users\Sarah Care

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Norton 360 Premier (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Norton 360 Premier (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}

FW: Norton 360 Premier (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (Version: 2.2.6 - Hewlett-Packard) Hidden

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)

Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DocuWare Desktop Apps Setup (HKLM-x32\...\{20BC019E-0B3D-44C4-8DF1-2B9F9E03F29E}) (Version: 6.7.3381.3381 - DocuWare)

DocuWare Desktop Framework (HKLM-x32\...\{7E9C4305-7D00-4917-8569-0C335198AB5D}) (Version: 6.7.3381.3381 - DocuWare)

DocuWare OCR Toolkit (HKLM-x32\...\{008FA86E-A785-4B9D-A7E2-34D482CA0972}) (Version: 6.7.3381.3381 - DocuWare)

DocuWare Smart Connect (HKLM-x32\...\{366E1F68-9A48-4872-8DAA-C37189D26B8C}) (Version: 6.7.3381.3381 - DocuWare)

DocuWare Update (HKLM-x32\...\{FA8DBBC8-6DF3-4651-B7D5-63477D3406DD}) (Version: 6.7.3381.3381 - DocuWare)

Dropbox (HKU\S-1-5-21-2023128739-2569144306-2742317746-1000\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)

Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Google Apps Migration For Microsoft Outlook® 3.4.27.52 (HKLM-x32\...\{65960C6E-BFA2-4FE7-A1BC-8028F3072566}) (Version: 3.4.27.52 - Google, Inc.)

Google Apps Sync™ for Microsoft Outlook® 3.7.410.1100 (HKLM-x32\...\{799A7E2B-388F-4BDE-B55B-47AF42C6440A}) (Version: 3.7.410.1100 - Google, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden

GoToMeeting 7.3.0.3499 (HKU\S-1-5-21-2023128739-2569144306-2742317746-1000\...\GoToMeeting) (Version: 7.3.0.3499 - CitrixOnline)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)

iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)

JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.59.2 - JMicron Technology Corp.)

join.me (HKU\S-1-5-21-2023128739-2569144306-2742317746-1000\...\JoinMe) (Version: 2.4.1.1133 - LogMeIn, Inc.)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)

Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)

Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.5.4.24 - Symantec Corporation)

OOBERegBackup (HKLM-x32\...\OOBERegBackup_is1) (Version:  - ASUSTeK Computer Inc.)

Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.)

Soneto-SarahCare (HKU\S-1-5-21-2023128739-2569144306-2742317746-1000\...\4f8f1da1743c3cfe) (Version: 1.35.202.0 - Stratis Business Systems)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-2023128739-2569144306-2742317746-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2023128739-2569144306-2742317746-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Sarah Care\AppData\Local\Citrix\GoToMeeting\2759\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-2023128739-2569144306-2742317746-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2023128739-2569144306-2742317746-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2023128739-2569144306-2742317746-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2023128739-2569144306-2742317746-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2023128739-2569144306-2742317746-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2023128739-2569144306-2742317746-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2023128739-2569144306-2742317746-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2023128739-2569144306-2742317746-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2023128739-2569144306-2742317746-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2023128739-2569144306-2742317746-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

 

==================== Restore Points =========================

 

03-09-2015 15:06:01 Windows Update

09-09-2015 03:01:11 Windows Update

16-09-2015 19:13:11 Scheduled Checkpoint

24-09-2015 10:34:44 Scheduled Checkpoint

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0395392E-1CF4-48A1-98CB-EAF76B78938E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

Task: {17212649-084C-42B7-A176-FDEE787CD2DF} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)

Task: {35A572D7-05B6-4DD5-AFA4-AC1077E0F69C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2023128739-2569144306-2742317746-1000Core => C:\Users\Sarah Care\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-15] (Dropbox, Inc.)

Task: {5C1F3DFC-6771-4DD5-9012-EBB2FCB0BA21} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2023128739-2569144306-2742317746-1000UA => C:\Users\Sarah Care\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-15] (Dropbox, Inc.)

Task: {73D19C39-AFFD-4611-B2C4-71947289A22A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\WSCStub.exe [2015-09-23] (Symantec Corporation)

Task: {765B12D3-3E2C-403E-BD94-98578615502F} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)

Task: {7BB89A85-0DB5-48A4-93AB-1B8B3533083B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {7F2C15EC-5307-447C-A05B-9BF677D7AD93} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

Task: {83952981-9681-4138-87F4-212907A724CA} - System32\Tasks\G2MUpdateTask-S-1-5-21-2023128739-2569144306-2742317746-1000 => C:\Users\Sarah Care\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe [2015-09-19] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {8F9B382A-50F5-410C-B020-2A4B192C616F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

Task: {A68FF331-C3F4-4894-8010-97975D1D9DBF} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser

Task: {B9B3F55D-5B2F-4A9F-9FA7-2AA0E186B1B5} - System32\Tasks\G2MUploadTask-S-1-5-21-2023128739-2569144306-2742317746-1000 => C:\Users\Sarah Care\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe [2015-09-19] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {F76AB8E6-1441-41F3-959D-FCB2ABE61F69} - System32\Tasks\DocuWare Update => C:\Program Files (x86)\DocuWare\Update\DocuWare.Update.exe [2015-02-12] (DocuWare GmbH)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2023128739-2569144306-2742317746-1000Core.job => C:\Users\Sarah Care\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2023128739-2569144306-2742317746-1000UA.job => C:\Users\Sarah Care\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2023128739-2569144306-2742317746-1000.job => C:\Users\Sarah Care\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe

Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2023128739-2569144306-2742317746-1000.job => C:\Users\Sarah Care\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2011-05-11 03:38 - 2011-05-11 07:38 - 00034304 _____ () C:\Windows\System32\ssa3mlm.dll

2011-06-21 16:21 - 2010-10-21 13:52 - 00586880 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

2011-06-21 15:48 - 2011-04-15 06:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2015-09-30 16:46 - 2015-09-30 16:46 - 18801736 _____ () C:\Users\Sarah Care\Downloads\RogueKiller.exe

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2015-09-30 13:33 - 2015-09-30 13:33 - 00071168 _____ () c:\Users\Sarah Care\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprgax7w.dll

2015-03-04 17:45 - 2015-08-05 01:26 - 00012800 _____ () C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll

2015-03-04 17:45 - 2015-08-05 01:26 - 00779776 _____ () C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll

2015-07-30 15:56 - 2015-08-05 01:26 - 00056320 _____ () C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll

2015-03-04 17:45 - 2015-08-05 01:26 - 00012288 _____ () C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

2015-09-25 15:32 - 2015-09-23 22:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll

2015-09-25 15:32 - 2015-09-23 22:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll

2014-10-17 03:33 - 2014-10-17 03:33 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\17c296575fad30d021e6370dc70cf800\IsdiInterop.ni.dll

2011-06-21 16:14 - 2011-02-18 12:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll

2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll

2015-07-14 18:20 - 2015-07-14 18:20 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\Users\Sarah Care\Desktop\HCSIS.lnk:com.dropbox.attributes

AlternateDataStreams: C:\Users\Sarah Care\Desktop\PaymentsBilling Reports.lnk:com.dropbox.attributes

AlternateDataStreams: C:\Users\Sarah Care\Desktop\PCA.lnk:com.dropbox.attributes

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2023128739-2569144306-2742317746-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sarah Care\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 8.8.8.8 - 8.8.4.4

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{99590D0F-23D2-47BA-A072-EFED17F2EC6B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{B36245FA-69F7-4618-BE34-EC4524ECF59D}] => (Allow) LPort=2869

FirewallRules: [{5B49237A-ECD9-494D-AB32-70E3905F7B42}] => (Allow) LPort=1900

FirewallRules: [{95E5E980-8832-4814-BC47-15CD47CA38AD}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{35EF1136-E29D-46D5-AA59-93777FED71B2}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

FirewallRules: [TCP Query User{EDAEC1FA-2E04-44A8-8FA5-F5E074BFAB6D}C:\users\sarah care\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sarah care\appdata\roaming\spotify\spotify.exe

FirewallRules: [uDP Query User{2DDAA2EE-4646-40AC-AF39-5BE5F6CBE192}C:\users\sarah care\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sarah care\appdata\roaming\spotify\spotify.exe

FirewallRules: [{41F748FF-A2C5-4227-A6B6-E961FB51CFF5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{6FD34D1E-F4C8-453D-BEBC-74DFC93254D1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{7C7706FD-9D04-4D31-BC4A-C4C41F8F1ABE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{B1CE2BB7-5595-465C-875B-2C193DC7C07E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{80B0ABB8-BE16-45A2-B7F7-B354C3CC8CE6}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe

FirewallRules: [{7129D5F1-8AFB-45C4-9E00-9A6B1AA46332}] => (Allow) C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{2219D4A0-EC5E-4110-B8E2-6C02D19DCA77}] => (Allow) C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{0512054C-5C31-468E-8F10-1E8FDE2A89B7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{65A42BC2-C7DF-4988-BA9C-1326F62B10AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{73705867-71E4-4C1F-BA04-4277AC698EE0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Faulty Device Manager Devices =============

 

Name: Touchscreen

Description: Touchscreen

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/30/2015 04:55:01 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program N360.exe version 13.0.2.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1020

 

Start Time: 01d0fba6387b552e

 

Termination Time: 2588

 

Application Path: C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\N360.exe

 

Report Id: 1f78dd6f-67b5-11e5-bbcc-1c75086ca20d

 

Error: (09/30/2015 01:34:11 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/30/2015 01:28:07 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )

Description: The Desktop Window Manager has encountered a fatal error (0x8007000e)

 

Error: (09/30/2015 01:02:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 68640

 

Error: (09/30/2015 01:02:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 68640

 

Error: (09/30/2015 01:02:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (09/30/2015 01:02:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 67642

 

Error: (09/30/2015 01:02:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 67642

 

Error: (09/30/2015 01:02:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (09/30/2015 01:02:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 66628

 

 

System errors:

=============

Error: (09/30/2015 04:47:07 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (09/30/2015 01:34:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (09/30/2015 03:34:03 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

 

Error: (09/29/2015 06:44:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

 

Error: (09/29/2015 08:27:25 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

 

Error: (09/29/2015 07:31:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

 

Error: (09/28/2015 08:53:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

 

Error: (09/26/2015 04:10:55 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

 

Error: (09/25/2015 01:08:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

 

Error: (09/25/2015 01:05:18 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

 

 

CodeIntegrity:

===================================

  Date: 2015-09-30 17:04:38.810

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-09-30 16:48:29.463

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-09-30 16:22:50.769

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-09-30 16:11:09.049

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-09-30 15:50:43.746

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-09-30 15:25:53.371

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-09-30 15:18:57.179

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-09-30 14:18:04.111

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-09-30 13:32:54.616

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-09-30 13:31:05.638

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i3-2100 CPU @ 3.10GHz

Percentage of memory in use: 92%

Total physical RAM: 4007.34 MB

Available physical RAM: 303.11 MB

Total Virtual: 8012.88 MB

Available Virtual: 3189.2 MB

 

==================== Drives ================================

 

Drive c: (WIN7) (Fixed) (Total:911.71 GB) (Free:835.9 GB) NTFS ==>[drive with boot components (obtained from BCD)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 117BD168)

Partition 1: (Not Active) - (Size=19.8 GB) - (Type=1B)

Partition 2: (Active) - (Size=911.7 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=39 MB) - (Type=EF)

 

==================== End of Addition.txt ============================

 

 


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015

Ran by Sarah Care (administrator) on CHRISTIAN-PC (30-09-2015 17:02:39)

Running from C:\Users\Sarah Care\Downloads

Loaded Profiles: Sarah Care (Available Profiles: Sarah Care)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 10 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe

(DocuWare GmbH) C:\Program Files (x86)\DocuWare\Desktop\DocuWare.DesktopService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(DocuWare GmbH) C:\Program Files (x86)\DocuWare\Desktop\DocuWare.Desktop.exe

(Dropbox, Inc.) C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\n360.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\conathst.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\nacl64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\nacl64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\calc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE

(Stratis Business Systems Inc.) C:\Users\Sarah Care\AppData\Local\Apps\2.0\3L8CAG1Z.OGA\V0L9109A.1BO\soneto_abeaa1ed292fc1a4_0001.0023_none_e95cc01db6be4ce8\Soneto.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

() C:\Users\Sarah Care\Downloads\RogueKiller.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\n360.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11858536 2011-06-07] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)

HKLM-x32\...\Run: [OOBESetup] => C:\Program Files (x86)\asus\OOBERegBackup\OOBERegBackup.exe [334848 2009-11-12] (ASUSTeK Computer Inc.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2023128739-2569144306-2742317746-1000\...\Run: [Dropbox Update] => C:\Users\Sarah Care\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-15] (Dropbox, Inc.)

HKU\S-1-5-21-2023128739-2569144306-2742317746-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)

ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)

ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DocuWare Desktop Apps.lnk [2015-06-23]

ShortcutTarget: DocuWare Desktop Apps.lnk -> C:\Program Files (x86)\DocuWare\Desktop\DocuWare.Desktop.exe (DocuWare GmbH)

Startup: C:\Users\Sarah Care\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-11]

ShortcutTarget: Dropbox.lnk -> C:\Users\Sarah Care\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{F6EC3995-BE28-433C-B152-E1E1FCB2941E}: [DhcpNameServer] 8.8.8.8 8.8.4.4

 

Internet Explorer:

==================

HKU\S-1-5-21-2023128739-2569144306-2742317746-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com/

HKU\S-1-5-21-2023128739-2569144306-2742317746-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com/

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP09&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP09&src=IE-SearchBox

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)

 

FireFox:

========

FF ProfilePath: C:\Users\Sarah Care\AppData\Roaming\Mozilla\Firefox\Profiles\ppjimwnx.default

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2023128739-2569144306-2742317746-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Sarah Care\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-23] (Citrix Online)

FF HKLM-x32\...\Firefox\Extensions: [{EBA722F5-038F-4CAF-9EE2-545A221628BC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-09-30]

 

Chrome: 

=======

CHR Profile: C:\Users\Sarah Care\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Extension: (Google Slides) - C:\Users\Sarah Care\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-13]

CHR Extension: (Google Docs) - C:\Users\Sarah Care\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-13]

CHR Extension: (Google Drive) - C:\Users\Sarah Care\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-13]

CHR Extension: (Language Immersion for Chrome) - C:\Users\Sarah Care\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2015-09-15]

CHR Extension: (YouTube) - C:\Users\Sarah Care\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-13]

CHR Extension: (Norton Security Toolbar) - C:\Users\Sarah Care\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-07-15]

CHR Extension: (Google Search) - C:\Users\Sarah Care\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-13]

CHR Extension: (Google Docs Offline) - C:\Users\Sarah Care\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]

CHR Extension: (Norton Identity Safe) - C:\Users\Sarah Care\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-01-13]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sarah Care\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Sarah Care\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-13]

CHR Extension: (Gmail) - C:\Users\Sarah Care\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-13]

CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\Exts\Chrome.crx [2015-09-30]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\Exts\Chrome.crx [2015-09-30]

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()

R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS)

R2 DWDesktopService; C:\Program Files (x86)\DocuWare\Desktop\DocuWare.DesktopService.exe [31744 2015-02-12] (DocuWare GmbH) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\N360.exe [282016 2015-09-24] (Symantec Corporation)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]

S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [3337728 2015-07-10] (Microsoft Corporation) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150928.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605040.018\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150929.001\IDSvia64.sys [767216 2015-09-22] (Symantec Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-30] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150929.025\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150929.025\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)

S3 NWVoltron; C:\Windows\System32\DRIVERS\NWVoltron.sys [28440 2011-03-08] ()

R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605040.018\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)

R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605040.018\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-21] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605040.018\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-30] ()

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-09-30 17:02 - 2015-09-30 17:06 - 00019227 _____ C:\Users\Sarah Care\Downloads\FRST.txt

2015-09-30 16:59 - 2015-09-30 17:03 - 00000000 ____D C:\FRST

2015-09-30 16:58 - 2015-09-30 16:59 - 02192384 _____ (Farbar) C:\Users\Sarah Care\Downloads\FRST64.exe

2015-09-30 16:48 - 2015-09-30 16:48 - 18801736 _____ C:\Users\Sarah Care\Downloads\RogueKiller (1).exe

2015-09-30 16:47 - 2015-09-30 16:47 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys

2015-09-30 16:46 - 2015-09-30 16:46 - 18801736 _____ C:\Users\Sarah Care\Downloads\RogueKiller.exe

2015-09-30 16:46 - 2015-09-30 16:46 - 00000000 ____D C:\ProgramData\RogueKiller

2015-09-30 16:11 - 2015-09-30 16:16 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-09-30 16:11 - 2015-09-30 16:11 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-09-30 16:11 - 2015-09-30 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-09-30 16:11 - 2015-09-30 16:11 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-09-30 16:11 - 2015-09-30 16:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-09-30 16:11 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-09-30 16:11 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-09-30 16:11 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-09-30 16:10 - 2015-09-30 16:10 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Sarah Care\Downloads\mbam-setup-2.1.8.1057.exe

2015-09-30 13:39 - 2015-09-30 13:39 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360

2015-09-28 16:51 - 2015-09-30 13:28 - 00008140 _____ C:\Users\Sarah Care\Desktop\dengi.xlsx

2015-09-28 09:19 - 2015-09-28 09:19 - 00018740 _____ C:\Users\Sarah Care\Downloads\Book1 (3).xlsx

2015-09-24 14:11 - 2015-09-24 14:11 - 00018740 _____ C:\Users\Sarah Care\Downloads\Book1 (2).xlsx

2015-09-24 14:02 - 2015-09-24 14:02 - 00018740 _____ C:\Users\Sarah Care\Downloads\Book1 (1).xlsx

2015-09-22 10:27 - 2015-09-22 10:27 - 00150853 _____ C:\Users\Sarah Care\Downloads\896 (1).csv

2015-09-22 10:26 - 2015-09-22 10:26 - 00150853 _____ C:\Users\Sarah Care\Downloads\896.csv

2015-09-22 10:24 - 2015-09-22 10:24 - 00489292 _____ C:\Users\Sarah Care\Downloads\0922201555296958_SKPA0.era.txt

2015-09-22 10:03 - 2015-09-22 10:03 - 00059860 _____ C:\Users\Sarah Care\Downloads\353.csv

2015-09-22 10:01 - 2015-09-22 10:01 - 00314772 _____ C:\Users\Sarah Care\Downloads\0922201555296500_SKPA0.era.txt

2015-09-22 09:59 - 2015-09-22 09:59 - 00002163 _____ C:\Users\Sarah Care\Downloads\0922201555296496_SKPA0.era.txt

2015-09-22 09:46 - 2015-09-22 09:46 - 00026085 _____ C:\Users\Sarah Care\Downloads\153.csv

2015-09-22 09:44 - 2015-09-22 09:44 - 00130197 _____ C:\Users\Sarah Care\Downloads\0922201555295701_SKPA0.era.txt

2015-09-22 09:18 - 2015-09-22 09:18 - 00050115 _____ C:\Users\Sarah Care\Downloads\0922201555295143_SKPA0.era.txt

2015-09-21 14:24 - 2015-09-23 10:42 - 00013281 _____ C:\Users\Sarah Care\Desktop\cedar woods.xlsx

2015-09-17 09:55 - 2015-09-17 09:55 - 00013780 _____ C:\Users\Sarah Care\Downloads\0917201555122841_SKPA0.era.txt

2015-09-17 09:41 - 2015-09-17 09:41 - 00086030 _____ C:\Users\Sarah Care\Downloads\510.csv

2015-09-17 09:40 - 2015-09-17 09:40 - 00454069 _____ C:\Users\Sarah Care\Downloads\0917201555121576_SKPA0.era.txt

2015-09-17 09:21 - 2015-09-17 09:21 - 00061175 _____ C:\Users\Sarah Care\Downloads\361.csv

2015-09-17 09:20 - 2015-09-17 09:20 - 00316396 _____ C:\Users\Sarah Care\Downloads\0917201555119684_SKPA0.era.txt

2015-09-17 09:13 - 2015-09-17 09:13 - 00023737 _____ C:\Users\Sarah Care\Downloads\139.csv

2015-09-17 09:11 - 2015-09-17 09:11 - 00128206 _____ C:\Users\Sarah Care\Downloads\0917201555119620_SKPA0.era.txt

2015-09-17 09:06 - 2015-09-17 09:06 - 00048079 _____ C:\Users\Sarah Care\Downloads\0917201555119600_SKPA0.era.txt

2015-09-11 14:25 - 2015-09-24 15:17 - 00436224 ___SH C:\Users\Sarah Care\Desktop\Thumbs.db

2015-09-11 09:16 - 2015-09-29 16:19 - 00000000 ____D C:\Users\Sarah Care\Desktop\SCANS

2015-09-10 14:52 - 2015-09-16 16:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2015-09-10 09:42 - 2015-09-10 09:42 - 00333533 _____ C:\Users\Sarah Care\Desktop\aides.xlsx

2015-09-08 22:30 - 2015-08-05 13:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll

2015-09-08 22:30 - 2015-08-05 13:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll

2015-09-08 22:30 - 2015-08-05 13:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll

2015-09-08 22:30 - 2015-08-05 13:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

2015-09-08 22:30 - 2015-07-22 20:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-09-08 22:30 - 2015-07-22 20:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-09-08 22:30 - 2015-07-22 20:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-09-08 22:30 - 2015-07-22 20:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-09-08 22:30 - 2015-07-22 20:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2015-09-08 22:30 - 2015-07-22 20:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-09-08 22:30 - 2015-07-22 20:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2015-09-08 22:30 - 2015-07-22 20:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-09-08 22:30 - 2015-07-22 20:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-09-08 22:30 - 2015-07-22 20:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-09-08 22:30 - 2015-07-22 20:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-09-08 22:30 - 2015-07-22 20:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-09-08 22:30 - 2015-07-22 20:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-09-08 22:30 - 2015-07-22 20:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-09-08 22:30 - 2015-07-22 19:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-09-08 22:30 - 2015-07-22 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 19:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-09-08 22:30 - 2015-07-22 13:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-09-08 22:30 - 2015-07-22 13:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-09-08 22:30 - 2015-07-22 13:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-09-08 22:30 - 2015-07-22 13:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2015-09-08 22:30 - 2015-07-22 13:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2015-09-08 22:30 - 2015-07-22 13:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-09-08 22:30 - 2015-07-22 13:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-09-08 22:30 - 2015-07-22 13:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-09-08 22:30 - 2015-07-22 13:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-09-08 22:30 - 2015-07-22 13:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-09-08 22:30 - 2015-07-22 13:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-09-08 22:30 - 2015-07-22 13:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-09-08 22:30 - 2015-07-22 13:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2015-09-08 22:30 - 2015-07-22 13:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-09-08 22:30 - 2015-07-22 13:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-09-08 22:30 - 2015-07-22 13:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-09-08 22:30 - 2015-07-22 13:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2015-09-08 22:30 - 2015-07-22 13:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2015-09-08 22:30 - 2015-07-22 13:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2015-09-08 22:30 - 2015-07-22 13:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-09-08 22:30 - 2015-07-22 13:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-09-08 22:30 - 2015-07-22 13:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-09-08 22:30 - 2015-07-22 13:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-09-08 22:30 - 2015-07-22 13:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-09-08 22:30 - 2015-07-22 13:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 12:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll

2015-09-08 22:30 - 2015-07-22 12:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2015-09-08 22:30 - 2015-07-22 12:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2015-09-08 22:30 - 2015-07-22 12:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2015-09-08 22:30 - 2015-07-22 12:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-09-08 22:30 - 2015-07-22 12:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-09-08 22:30 - 2015-07-22 12:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-09-08 22:30 - 2015-07-22 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-09-08 22:30 - 2015-07-14 23:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2015-09-08 22:30 - 2015-07-14 22:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2015-09-08 22:30 - 2015-07-09 13:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll

2015-09-08 22:30 - 2015-07-09 13:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll

2015-09-08 22:30 - 2015-07-09 13:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll

2015-09-08 22:30 - 2015-07-09 13:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll

2015-09-08 22:30 - 2015-06-25 06:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2015-09-08 22:30 - 2015-06-25 06:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2015-09-08 22:30 - 2015-06-25 06:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2015-09-08 22:30 - 2015-06-25 05:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2015-09-08 22:29 - 2015-09-01 23:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-09-08 22:29 - 2015-09-01 23:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-09-08 22:29 - 2015-09-01 23:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-09-08 22:29 - 2015-09-01 23:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-09-08 22:29 - 2015-09-01 22:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2015-09-08 22:29 - 2015-09-01 22:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2015-09-08 22:29 - 2015-09-01 22:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2015-09-08 22:29 - 2015-09-01 22:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2015-09-08 22:29 - 2015-09-01 21:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-09-08 22:29 - 2015-09-01 21:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-09-08 22:29 - 2015-09-01 21:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2015-09-08 22:29 - 2015-08-26 14:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-09-08 22:29 - 2015-08-26 14:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-09-08 22:29 - 2015-08-26 14:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-09-08 22:29 - 2015-08-26 14:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-09-08 22:29 - 2015-08-26 14:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-09-08 22:29 - 2015-08-26 14:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-09-08 22:29 - 2015-08-26 14:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-09-08 22:29 - 2015-08-26 14:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-09-08 22:29 - 2015-08-26 14:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-09-08 22:29 - 2015-08-26 14:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-09-08 22:29 - 2015-08-26 14:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-09-08 22:29 - 2015-08-26 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-09-08 22:29 - 2015-08-26 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-09-08 22:29 - 2015-08-26 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-09-08 22:29 - 2015-08-26 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-09-08 22:29 - 2015-08-26 13:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-09-08 22:29 - 2015-08-22 10:40 - 14383616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-09-08 22:29 - 2015-08-22 10:40 - 13774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-09-08 22:29 - 2015-08-22 10:40 - 02865664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-09-08 22:29 - 2015-08-22 10:40 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-09-08 22:29 - 2015-08-22 10:40 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-09-08 22:29 - 2015-08-22 10:40 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-09-08 22:29 - 2015-08-22 10:40 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-09-08 22:29 - 2015-08-22 10:40 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-09-08 22:29 - 2015-08-22 10:40 - 00525312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-09-08 22:29 - 2015-08-22 10:40 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-09-08 22:29 - 2015-08-22 10:40 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-09-08 22:29 - 2015-08-22 10:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-09-08 22:29 - 2015-08-22 10:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-09-08 22:29 - 2015-08-22 10:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-09-08 22:29 - 2015-08-22 10:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-09-08 22:29 - 2015-08-22 10:40 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2015-09-08 22:29 - 2015-08-22 10:40 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-09-08 22:29 - 2015-08-22 10:40 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-09-08 22:29 - 2015-08-22 10:40 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-09-08 22:29 - 2015-08-22 10:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-09-08 22:29 - 2015-08-22 09:51 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-09-08 22:29 - 2015-08-22 09:51 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-09-08 22:29 - 2015-08-22 09:51 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-09-08 22:29 - 2015-08-22 09:51 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-09-08 22:29 - 2015-08-22 09:50 - 19291648 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-09-08 22:29 - 2015-08-22 09:50 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-09-08 22:29 - 2015-08-22 09:50 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-09-08 22:29 - 2015-08-22 09:50 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-09-08 22:29 - 2015-08-22 09:50 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-09-08 22:29 - 2015-08-22 09:50 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-09-08 22:29 - 2015-08-22 09:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-09-08 22:29 - 2015-08-22 09:50 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-09-08 22:29 - 2015-08-22 09:50 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-09-08 22:29 - 2015-08-22 09:50 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-09-08 22:29 - 2015-08-22 09:50 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-09-08 22:29 - 2015-08-22 09:50 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-09-08 22:29 - 2015-08-22 09:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2015-09-08 22:29 - 2015-08-22 09:50 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-09-08 22:29 - 2015-08-22 09:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-09-08 22:29 - 2015-08-22 09:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-09-08 22:29 - 2015-08-22 09:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-09-08 22:29 - 2015-08-20 14:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-09-08 22:29 - 2015-08-20 14:46 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-09-08 22:29 - 2015-08-20 14:21 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-09-08 22:29 - 2015-08-20 14:19 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-09-08 22:29 - 2015-08-20 13:56 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2015-09-08 22:29 - 2015-08-20 13:55 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2015-09-08 22:29 - 2015-08-04 14:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2015-09-08 22:29 - 2015-08-04 14:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2015-09-08 22:29 - 2015-08-04 13:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-09-08 22:29 - 2015-08-04 13:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-09-08 22:29 - 2015-08-04 13:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-09-08 22:29 - 2015-08-04 13:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-09-08 22:29 - 2015-08-04 13:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-09-08 22:29 - 2015-08-04 13:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2015-09-08 22:29 - 2015-08-04 12:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-09-08 14:40 - 2015-09-08 14:40 - 00003474 _____ C:\Users\Sarah Care\Downloads\0908201554733942_SKPA0.era.txt

2015-09-08 13:36 - 2015-09-08 13:36 - 00087501 _____ C:\Users\Sarah Care\Downloads\519.csv

2015-09-08 13:34 - 2015-09-08 13:34 - 00454650 _____ C:\Users\Sarah Care\Downloads\0908201554732140_SKPA0.era.txt

2015-09-08 13:21 - 2015-09-08 13:25 - 00011415 _____ C:\Users\Sarah Care\Downloads\351.csv

2015-09-08 09:48 - 2015-09-08 09:48 - 00294029 _____ C:\Users\Sarah Care\Downloads\0908201554724917_SKPA0.era.txt

2015-09-08 09:35 - 2015-09-08 09:35 - 00002611 _____ C:\Users\Sarah Care\Downloads\0908201554724750_SKPA0.era.txt

2015-09-08 09:23 - 2015-09-08 09:23 - 00026714 _____ C:\Users\Sarah Care\Downloads\157.csv

2015-09-08 09:22 - 2015-09-08 09:22 - 00122208 _____ C:\Users\Sarah Care\Downloads\0908201554723305_SKPA0.era.txt

2015-09-08 09:03 - 2015-09-08 09:03 - 00041033 _____ C:\Users\Sarah Care\Downloads\0908201554721995_SKPA0.era.txt

2015-09-04 08:35 - 2015-09-04 08:35 - 00000000 ____D C:\Users\Sarah Care\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stratis Business Systems

2015-09-04 04:48 - 2015-09-04 04:48 - 00000000 ____D C:\Users\Sarah Care\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-09-03 15:05 - 2015-08-27 14:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2015-09-03 15:05 - 2015-08-27 14:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2015-09-03 15:05 - 2015-08-27 14:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2015-09-03 15:05 - 2015-08-27 14:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2015-09-03 15:05 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2015-09-03 15:05 - 2015-08-27 13:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2015-09-03 15:05 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll

2015-09-03 15:05 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2015-09-02 10:16 - 2015-09-02 10:16 - 00040682 _____ C:\Users\Sarah Care\Downloads\0902201554518740_SKPA0.era.txt

2015-09-02 10:11 - 2015-09-02 10:11 - 00124654 _____ C:\Users\Sarah Care\Downloads\0902201554518161_SKPA0.era.txt

2015-09-02 10:09 - 2015-09-02 10:09 - 00018769 _____ C:\Users\Sarah Care\Downloads\0902201554517913_SKPA0.era.txt

2015-09-01 15:26 - 2015-07-10 06:59 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll

2015-09-01 13:06 - 2015-09-01 13:06 - 00005440 _____ C:\Users\Sarah Care\Downloads\0901201554459286_SKPA0.era.txt

2015-09-01 10:55 - 2015-09-01 10:55 - 00426954 _____ C:\Users\Sarah Care\Downloads\0901201554454222_SKPA0.era.txt

2015-09-01 10:49 - 2015-09-01 10:49 - 00286827 _____ C:\Users\Sarah Care\Downloads\0901201554453817_SKPA0.era.txt

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-09-30 17:05 - 2015-06-23 11:16 - 00000592 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2023128739-2569144306-2742317746-1000.job

2015-09-30 16:47 - 2015-06-15 21:30 - 00000938 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2023128739-2569144306-2742317746-1000UA.job

2015-09-30 16:30 - 2013-12-27 18:58 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-09-30 16:28 - 2014-06-13 08:59 - 00000000 ____D C:\Users\Sarah Care\Desktop\Billing Extracts

2015-09-30 16:10 - 2015-06-23 11:16 - 00000688 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2023128739-2569144306-2742317746-1000.job

2015-09-30 16:08 - 2013-12-27 18:58 - 00000000 ____D C:\Users\Sarah Care\AppData\Local\Deployment

2015-09-30 13:41 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-09-30 13:41 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-09-30 13:38 - 2013-12-27 13:30 - 01358817 _____ C:\Windows\WindowsUpdate.log

2015-09-30 13:34 - 2014-11-18 15:18 - 00000000 ___RD C:\Users\Sarah Care\Dropbox

2015-09-30 13:34 - 2014-11-18 15:17 - 00000000 ____D C:\Users\Sarah Care\AppData\Roaming\Dropbox

2015-09-30 13:33 - 2015-07-15 03:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360

2015-09-30 13:33 - 2014-02-21 15:41 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration

2015-09-30 13:33 - 2014-02-21 15:41 - 00000000 ____D C:\Windows\system32\Drivers\N360x64

2015-09-30 13:33 - 2013-12-27 18:58 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-09-30 13:32 - 2010-11-20 23:47 - 02304136 _____ C:\Windows\PFRO.log

2015-09-30 13:32 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-09-30 13:32 - 2009-07-14 00:51 - 00062781 _____ C:\Windows\setupact.log

2015-09-30 09:46 - 2015-06-15 21:30 - 00000886 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2023128739-2569144306-2742317746-1000Core.job

2015-09-29 10:11 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp

2015-09-25 15:32 - 2013-12-27 18:59 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-09-24 15:18 - 2015-06-05 10:31 - 00000000 ____D C:\Users\Sarah Care\Desktop\new id sheet

2015-09-19 22:57 - 2015-06-23 11:16 - 00003732 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2023128739-2569144306-2742317746-1000

2015-09-19 22:57 - 2015-06-23 11:16 - 00003636 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2023128739-2569144306-2742317746-1000

2015-09-16 16:58 - 2015-01-19 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2015-09-14 23:25 - 2013-12-27 18:58 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-09-14 23:25 - 2013-12-27 18:58 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-09-11 08:39 - 2013-12-27 18:58 - 00000000 ____D C:\Users\Sarah Care\AppData\Local\Google

2015-09-10 14:12 - 2014-11-17 11:03 - 00000000 ____D C:\Users\Sarah Care\AppData\Local\join.me

2015-09-09 08:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

2015-09-09 03:45 - 2009-07-14 01:13 - 00797170 _____ C:\Windows\system32\PerfStringBackup.INI

2015-09-09 03:40 - 2009-07-14 00:45 - 00410928 _____ C:\Windows\system32\FNTCACHE.DAT

2015-09-09 03:38 - 2010-11-21 03:17 - 00000000 ____D C:\Program Files\Windows Journal

2015-09-09 03:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2015-09-09 03:19 - 2015-04-16 10:31 - 00000000 ____D C:\Windows\system32\MRT

2015-09-09 03:19 - 2014-01-22 15:01 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-09-08 09:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\spool

2015-09-04 08:35 - 2014-03-26 11:52 - 00000318 _____ C:\Users\Sarah Care\Desktop\Soneto-SarahCare.appref-ms

2015-09-01 09:25 - 2014-12-26 16:22 - 00000000 ____D C:\Users\Sarah Care\AppData\Local\CrashDumps

 

==================== Files in the root of some directories =======

 

2011-06-21 16:28 - 2010-03-02 19:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe

2015-06-23 11:26 - 2015-06-23 11:26 - 0000110 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

2013-12-27 16:04 - 2013-12-27 16:04 - 0000032 _____ () C:\ProgramData\PS.log

2013-12-27 13:34 - 2013-12-27 13:35 - 0000108 _____ () C:\ProgramData\{2637C347-9DAD-11D6-9EA2-00055D0CA761}.log

2013-12-27 13:35 - 2013-12-27 13:35 - 0000114 _____ () C:\ProgramData\{70CC0095-AA68-45BE-AE98-D8170182E9EB}.log

 

Some files in TEMP:

====================

C:\Users\Sarah Care\AppData\Local\Temp\dllnt_dump.dll

C:\Users\Sarah Care\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprgax7w.dll

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-09-21 04:35

 

==================== End of FRST.txt ============================

Link to post
Share on other sites

RogueKiller V10.10.7.0 [sep 28 2015] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Sarah Care [Administrator]

Started from : C:\Users\Sarah Care\Downloads\RogueKiller.exe

Mode : Scan -- Date : 10/01/2015 08:53:26

 

¤¤¤ Processes : 1 ¤¤¤

[suspicious.Path|VT.Unknown] Soneto.exe(3400) -- C:\Users\Sarah Care\AppData\Local\Apps\2.0\3L8CAG1Z.OGA\V0L9109A.1BO\sone..care_8772b53aa08aedbd_0001.0023_9b6abe8e82432c54\Soneto.exe[-] -> Killed [TermProc]

 

¤¤¤ Registry : 4 ¤¤¤

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2023128739-2569144306-2742317746-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com/ -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2023128739-2569144306-2742317746-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com/ -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2023128739-2569144306-2742317746-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus.msn.com/ -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2023128739-2569144306-2742317746-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus.msn.com/ -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: ST31000524AS +++++

--- User ---

[MBR] bf5a0b1fec83e01452432cd72ab7937a

[bSP] fa23c310300d13a9444deb5b88d386f3 : Windows Vista/7/8|VT.Unknown MBR Code

Partition table:

0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 2048 | Size: 20240 MB

1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 41453568 | Size: 933588 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

2 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 1953441792 | Size: 39 MB

User = LL1 ... OK

User = LL2 ... OK
Link to post
Share on other sites

Do not see any obvious malware or infection in your logs, continue please:

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


 

Next,

 

ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.


To perform the scan:

  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.



Please include this logfile in your next reply.

Don't forget to re-enable security software!

Post those logs, also give an update on any remaining issues or concerns...

 

Thank you,

 

Kevin.
 

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.