Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015 Ran by Ruth (administrator) on RUTH-PC (10-01-2016 00:18:27) Running from C:\Users\Ruth\Desktop Loaded Profiles: Ruth (Available Profiles: Ruth) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\22.5.2.15\NAV.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\22.5.2.15\NAV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (CenturyLink Inc) C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [EEventManager] => c:\program files (x86)\epson software\event manager\eeventmanager.exe [1065024 2015-10-29] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [CenturyLinkTouchPointAgent] => C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe [48616 2015-07-21] (CenturyLink Inc) HKU\S-1-5-21-3438633565-1124592229-3206170717-1001\...\MountPoints2: E - E:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3438633565-1124592229-3206170717-1001\...\MountPoints2: {6a46b436-67ed-11e5-8c39-0013779d2629} - F:\setup.exe -a HKU\S-1-5-21-3438633565-1124592229-3206170717-1001\...\MountPoints2: {ae948ad3-5ce6-11e5-8103-806e6f6e6963} - E:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3438633565-1124592229-3206170717-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-09-25] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25 Tcpip\..\Interfaces\{247F3CC2-2473-4E29-9ABF-8EBBAA152E7F}: [NameServer] 156.154.70.22,156.154.71.22 Tcpip\..\Interfaces\{247F3CC2-2473-4E29-9ABF-8EBBAA152E7F}: [DhcpNameServer] 192.168.0.1 205.171.2.25 Tcpip\..\Interfaces\{5F6EE01C-ACCB-4B81-8A08-FCA76655A84E}: [NameServer] 156.154.70.22,156.154.71.22 Tcpip\..\Interfaces\{5F6EE01C-ACCB-4B81-8A08-FCA76655A84E}: [DhcpNameServer] 192.168.0.1 205.171.2.25 Internet Explorer: ================== HKU\S-1-5-21-3438633565-1124592229-3206170717-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dwndlm_16_01_ssg01¶m1=1¶m2=f%3d1%26b%3die%26cc%3dus%26pa%3dwincy%26cd%3d2xzuyetn2y1l1qzutbtbtbtcyctatbycta0e0a0f0eyd0dtbtn0d0tzu0stcyeyczytn1l2xzutatftctbtfybtftdtn1l1czu1btbtn1l1g1b1v1n2y1l1qzu2sybyc0a0dtayetbyctgyd0b0bzztgyd0c0b0etgye0dyeydtgtczytczyyetdtc0ftbybzzye2qtn1m1f1b2z1v1n2y1l1qzu2stayd0f0b0f0e0ftbtgta0b0btdtgyetb0b0dtg0a0d0b0btgybzy0dtd0btczz0bzyyd0e0f2qtn0a0lzuyetn1b2z1v1t1s1nzutctbzyyc%26cr%3d2095267537%26a%3dwbf_dwndlm_16_01_ssg01%26os%3dwindows%2b7%2bultimate SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dwndlm_16_01_ssg01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtBtBtCyCtAtByCtA0E0A0F0EyD0DtBtN0D0Tzu0StCyEyCzytN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyByC0A0DtAyEtByCtGyD0B0BzztGyD0C0B0EtGyE0DyEyDtGtCzytCzyyEtDtC0FtByBzzyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyD0F0B0F0E0FtBtGtA0B0BtDtGyEtB0B0DtG0A0D0B0BtGyBzy0DtD0BtCzz0BzyyD0E0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyC%26cr%3D2095267537%26a%3Dwbf_dwndlm_16_01_ssg01%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dwndlm_16_01_ssg01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtBtBtCyCtAtByCtA0E0A0F0EyD0DtBtN0D0Tzu0StCyEyCzytN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyByC0A0DtAyEtByCtGyD0B0BzztGyD0C0B0EtGyE0DyEyDtGtCzytCzyyEtDtC0FtByBzzyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyD0F0B0F0E0FtBtGtA0B0BtDtGyEtB0B0DtG0A0D0B0BtGyBzy0DtD0BtCzz0BzyyD0E0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyC%26cr%3D2095267537%26a%3Dwbf_dwndlm_16_01_ssg01%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKU\S-1-5-21-3438633565-1124592229-3206170717-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dwndlm_16_01_ssg01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtBtBtCyCtAtByCtA0E0A0F0EyD0DtBtN0D0Tzu0StCyEyCzytN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyByC0A0DtAyEtByCtGyD0B0BzztGyD0C0B0EtGyE0DyEyDtGtCzytCzyyEtDtC0FtByBzzyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyD0F0B0F0E0FtBtGtA0B0BtDtGyEtB0B0DtG0A0D0B0BtGyBzy0DtD0BtCzz0BzyyD0E0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyC%26cr%3D2095267537%26a%3Dwbf_dwndlm_16_01_ssg01%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKU\S-1-5-21-3438633565-1124592229-3206170717-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dwndlm_16_01_ssg01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtBtBtCyCtAtByCtA0E0A0F0EyD0DtBtN0D0Tzu0StCyEyCzytN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyByC0A0DtAyEtByCtGyD0B0BzztGyD0C0B0EtGyE0DyEyDtGtCzytCzyyEtDtC0FtByBzzyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyD0F0B0F0E0FtBtGtA0B0BtDtGyEtB0B0DtG0A0D0B0BtGyBzy0DtD0BtCzz0BzyyD0E0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyC%26cr%3D2095267537%26a%3Dwbf_dwndlm_16_01_ssg01%26os%3DWindows%2B7%2BUltimate&p={searchTerms} BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: No Name -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> No File Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation) Toolbar: HKU\S-1-5-21-3438633565-1124592229-3206170717-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\gwyc7crn.default FF NewTab: about:newtab FF DefaultSearchEngine.US: Bing FF Homepage: hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dwndlm_16_01_ssg01¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtBtBtCyCtAtByCtA0E0A0F0EyD0DtBtN0D0Tzu0StCyEyCzytN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyByC0A0DtAyEtByCtGyD0B0BzztGyD0C0B0EtGyE0DyEyDtGtCzytCzyyEtDtC0FtByBzzyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyD0F0B0F0E0FtBtGtA0B0BtDtGyEtB0B0DtG0A0D0B0BtGyBzy0DtD0BtCzz0BzyyD0E0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyC%26cr%3D2095267537%26a%3Dwbf_dwndlm_16_01_ssg01%26os%3DWindows%2B7%2BUltimate FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-10-30] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-10-30] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-10-30] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-10-30] (Foxit Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF SearchPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\gwyc7crn.default\searchplugins\polycola-search.xml [2016-01-07] FF Extension: Speed Dial - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\gwyc7crn.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2016-01-06] FF Extension: Easy Search - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\gwyc7crn.default\extensions\easysearch@itechjobs.in.xpi [2016-01-07] FF Extension: YesScript - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\gwyc7crn.default\extensions\yesscript@userstyles.org.xpi [2016-01-08] FF Extension: All search engines on your tab - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\gwyc7crn.default\Extensions\brais33@gmail.com [2016-01-07] FF Extension: Yandex Search - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\gwyc7crn.default\Extensions\quicksearch@yandex.ru.xpi [2016-01-07] FF Extension: Qwant - Websearch Evolved - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\gwyc7crn.default\Extensions\qwantcomforfirefox@jetpack.xpi [2016-01-07] FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-11-10] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.2.15\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.2.15\coFFPlgn [2016-01-09] [not signed] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-10] CHR Extension: (Google Docs) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-10] CHR Extension: (Google Drive) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-12] CHR Extension: (YouTube) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-12] CHR Extension: (Google Search) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-12] CHR Extension: (Google Sheets) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-10] CHR Extension: (Google Docs Offline) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-20] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-11-10] CHR Extension: (Chrome Web Store Payments) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-10] CHR Extension: (Gmail) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-12] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\22.5.2.15\Exts\Chrome.crx [2016-01-09] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\22.5.2.15\Exts\Chrome.crx [2016-01-09] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR Extension: (History Disabler) - C:\Users\Ruth\AppData\Roaming\Opera Software\Opera Stable\Extensions\bkgimjheklbpeleldfdinehgnpilgjpm [2015-11-10] OPR Extension: (Search Roulette) - C:\Users\Ruth\AppData\Roaming\Opera Software\Opera Stable\Extensions\cennagnkobiopdhlophkkiobhopmijkh [2015-11-10] OPR Extension: (All in one web searcher) - C:\Users\Ruth\AppData\Roaming\Opera Software\Opera Stable\Extensions\djgcjceckcmegimfjjaobgghbdnibndh [2015-11-10] OPR Extension: (SurfEasy Proxy, an Opera Software Company) - C:\Users\Ruth\AppData\Roaming\Opera Software\Opera Stable\Extensions\ebpielhlnnpkiddeeacoephkilopgblc [2015-11-10] OPR Extension: (rentamob) - C:\Users\Ruth\AppData\Roaming\Opera Software\Opera Stable\Extensions\eenddkdfifnnmgbohackpefaggccbcgp [2015-11-10] OPR Extension: (WOT) - C:\Users\Ruth\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2015-11-10] OPR Extension: (InSite Search) - C:\Users\Ruth\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibecflcgbbicgocembmkbgmgbmkmcanl [2015-11-10] OPR Extension: (rentamob) - C:\Users\Ruth\AppData\Roaming\Opera Software\Opera Stable\Extensions\pcdbekffgfnmjeacgnmdbekgjffgfckb [2015-11-10] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2015-10-30] (Seiko Epson Corporation) R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\22.5.2.15\NAV.exe [282016 2015-07-16] (Symantec Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) S2 CmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [X] S3 cmdvirth; "C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe" [X] S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X] S2 rtop; "C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\NortonData\22.5.2.15\Definitions\BASHDefs\20160104.001\BHDrvx64.sys [1665608 2016-01-04] (Symantec Corporation) R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-08-05] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-08-05] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2016-01-08] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2016-01-08] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\NortonData\22.5.2.15\Definitions\IPSDefs\20160108.001\IDSvia64.sys [767224 2016-01-08] (Symantec Corporation) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-05] (COMODO) R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\NortonData\22.5.2.15\Definitions\VirusDefs\20160109.038\ENG64.SYS [138488 2016-01-08] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\NortonData\22.5.2.15\Definitions\VirusDefs\20160109.038\EX64.SYS [2148080 2016-01-08] (Symantec Corporation) R3 SRTSP; C:\Windows\system32\drivers\NAVx64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\NAVx64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-01-09] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation) R1 SymNetS; C:\Windows\system32\drivers\NAVx64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation) S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2015-10-07] (The OpenVPN Project) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X] S3 motccgp; system32\DRIVERS\motccgp.sys [X] S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X] S3 motmodem; system32\DRIVERS\motmodem.sys [X] S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X] S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X] S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-10 00:10 - 2016-01-10 00:16 - 00027930 _____ C:\Users\Ruth\Desktop\Addition.txt 2016-01-10 00:01 - 2016-01-10 00:24 - 00023435 _____ C:\Users\Ruth\Desktop\FRST.txt 2016-01-09 23:59 - 2016-01-10 00:18 - 00000000 ___DC C:\FRST 2016-01-09 23:56 - 2016-01-09 23:58 - 02370560 _____ (Farbar) C:\Users\Ruth\Desktop\FRST64.exe 2016-01-09 21:54 - 2016-01-09 21:54 - 00000000 ____D C:\Windows\System32\Tasks\Norton AntiVirus 2016-01-09 21:11 - 2016-01-09 21:11 - 00000066 _____ C:\Windows\ntbtlog.txt 2016-01-09 20:38 - 2016-01-09 20:38 - 00000000 ___DC C:\NPE 2016-01-09 19:56 - 2016-01-09 21:00 - 00000000 ____D C:\Users\Ruth\AppData\Local\NPE 2016-01-09 19:54 - 2016-01-09 19:56 - 03088296 _____ (Symantec Corporation) C:\Users\Ruth\Downloads\NPE.exe 2016-01-09 10:08 - 2016-01-09 10:08 - 00000000 ____D C:\ProgramData\ByteFence 2016-01-09 10:05 - 2016-01-09 13:34 - 00000000 ____D C:\Users\Ruth\AppData\Local\{BC7F8A23-98D7-E69B-F54F-C373D1273FEB} 2016-01-09 10:04 - 2016-01-09 13:34 - 00000000 ____D C:\Users\Ruth\AppData\Local\Setup2213841 2016-01-09 10:04 - 2016-01-09 10:04 - 00000000 ____D C:\Users\Ruth\AppData\Local\noso 2016-01-09 10:01 - 2016-01-09 10:00 - 00459696 _____ C:\Users\Ruth\Downloads\System Mechanic Setup [1].exe 2016-01-09 09:55 - 2016-01-09 09:55 - 00979560 _____ (App ) C:\Users\Ruth\Downloads\System Mechanic Setup.exe 2016-01-09 09:15 - 2016-01-09 13:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus 2016-01-09 08:50 - 2016-01-09 08:50 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2016-01-09 08:50 - 2016-01-09 08:50 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2016-01-09 08:47 - 2016-01-09 08:47 - 00002614 _____ C:\Users\Public\Desktop\Norton AntiVirus Online.LNK 2016-01-09 08:46 - 2016-01-09 21:10 - 00000000 ____D C:\Windows\system32\Drivers\NAVx64 2016-01-09 08:46 - 2016-01-09 13:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus Online 2016-01-09 08:42 - 2016-01-09 08:42 - 00001718 _____ C:\Users\Ruth\Desktop\centurylink.net.lnk 2016-01-09 08:04 - 2016-01-09 08:04 - 00001236 _____ C:\Users\Ruth\Desktop\Norton AntiVirus - Shortcut.lnk 2016-01-09 07:46 - 2016-01-09 19:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-01-09 07:29 - 2016-01-09 08:45 - 00001945 _____ C:\Windows\epplauncher.mif 2016-01-09 07:27 - 2016-01-09 07:28 - 14243008 _____ (Microsoft Corporation) C:\Users\Ruth\Downloads\mseinstall(1).exe 2016-01-09 07:27 - 2016-01-09 07:27 - 14243008 _____ (Microsoft Corporation) C:\Users\Ruth\Downloads\mseinstall.exe 2016-01-09 06:07 - 2016-01-09 06:08 - 00000000 ___DC C:\480b96ff7a09a84d78 2016-01-09 05:59 - 2016-01-09 05:59 - 00000000 ___HD C:\Windows\AxInstSV 2016-01-09 05:43 - 2016-01-09 05:43 - 00032811 _____ C:\Users\Ruth\Documents\What do you do.abw 2016-01-09 05:39 - 2016-01-09 05:39 - 00022436 _____ C:\Users\Ruth\Documents\Arizona SECURITY DEPOSIT.abw 2016-01-09 05:23 - 2016-01-09 05:23 - 00009017 _____ C:\Users\Ruth\Documents\Waiver of lien.abw 2016-01-09 05:22 - 2016-01-09 05:22 - 00028456 _____ C:\Users\Ruth\Documents\request for repairs.abw 2016-01-09 05:20 - 2016-01-09 05:20 - 00011101 _____ C:\Users\Ruth\Documents\notice of return of security deposit if not returned.abw 2016-01-09 05:16 - 2016-01-09 05:16 - 00005730 _____ C:\Users\Ruth\Documents\info about late fees.abw 2016-01-09 05:13 - 2016-01-09 05:13 - 00004703 _____ C:\Users\Ruth\Documents\rent increase info.abw 2016-01-09 05:07 - 2016-01-09 05:07 - 00044176 _____ C:\Users\Ruth\Documents\information about move-inand move-out list.abw 2016-01-09 05:04 - 2016-01-09 05:04 - 00034102 _____ C:\Users\Ruth\Documents\security deposit info.abw 2016-01-09 05:00 - 2016-01-09 05:00 - 00008579 _____ C:\Users\Ruth\Documents\partial payment info.abw 2016-01-09 04:59 - 2016-01-09 04:59 - 00021484 _____ C:\Users\Ruth\Documents\notice of vacating.abw 2016-01-09 04:17 - 2016-01-09 04:17 - 00012295 _____ C:\Users\Ruth\Documents\important phone numbers.abw 2016-01-09 04:10 - 2016-01-09 04:10 - 00010964 _____ C:\Users\Ruth\Documents\des letter 3013.abw 2016-01-09 04:04 - 2016-01-09 04:04 - 00000000 ____D C:\Users\Ruth\Documents\New folder 2016-01-09 03:41 - 2016-01-09 03:41 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2016-01-06 12:47 - 2016-01-06 12:47 - 00008846 _____ C:\Users\Ruth\Documents\for max.abw 2016-01-06 12:03 - 2016-01-06 12:03 - 00930900 _____ C:\Users\Ruth\Documents\az_tenant_rights_2009.pdf 2016-01-06 11:37 - 2016-01-06 11:37 - 00000000 ____D C:\Users\Ruth\Documents\westwood apartments rental agreement 2016-01-06 11:34 - 2013-01-16 08:28 - 00430712 _____ C:\Users\Ruth\Documents\air purifier info.PDF 2016-01-06 11:33 - 2014-01-17 02:34 - 00016504 _____ C:\Users\Ruth\Documents\Fieldtex-HealthChoiceAZ Invoice.htm 2016-01-06 11:33 - 2013-02-27 13:23 - 00116333 _____ C:\Users\Ruth\Documents\Joseph_resume (1).pages 2016-01-06 11:33 - 2013-02-27 13:22 - 00116333 _____ C:\Users\Ruth\Documents\Joseph_resume.pages 2016-01-06 10:59 - 2016-01-06 10:59 - 00000000 ____D C:\Users\Ruth\AppData\LocalLow\Adobe 2016-01-04 08:50 - 2016-01-05 02:00 - 00000000 ____D C:\Users\Ruth\Documents\Direct Express ®2_files 2016-01-04 08:50 - 2016-01-05 02:00 - 00000000 ____D C:\Users\Ruth\Documents\Direct Express ®_files 2016-01-04 08:50 - 2016-01-04 08:50 - 00020861 _____ C:\Users\Ruth\Documents\Direct Express ®.htm 2016-01-04 08:50 - 2016-01-04 08:50 - 00014304 _____ C:\Users\Ruth\Documents\Direct Express ®2.htm 2016-01-04 08:34 - 2016-01-09 13:34 - 00000000 ___DC C:\Program Files\Common Files\Symantec Shared 2016-01-04 08:28 - 2016-01-09 08:46 - 00000000 ____D C:\Program Files (x86)\Norton AntiVirus 2016-01-04 07:52 - 2016-01-04 08:01 - 00000000 ____D C:\ProgramData\CenturyLink 2016-01-04 06:28 - 2016-01-09 21:10 - 00000000 ____D C:\Program Files (x86)\NortonInstaller 2016-01-04 06:28 - 2016-01-05 02:27 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan 2016-01-04 05:27 - 2016-01-09 19:42 - 00000000 ____D C:\Users\Ruth\Documents\My Digital Editions 2016-01-04 04:37 - 2016-01-04 04:37 - 00000000 ____D C:\Users\Ruth\AppData\Roaming\ioloGovernor 2016-01-04 04:37 - 2016-01-04 04:37 - 00000000 ____D C:\ProgramData\ioloGovernor 2016-01-04 04:37 - 2016-01-04 04:37 - 00000000 ____D C:\Program Files (x86)\iolo 2016-01-04 04:34 - 2016-01-04 04:34 - 00000000 ___DC C:\iolo 2016-01-04 04:33 - 2016-01-05 02:27 - 00000000 ____D C:\Users\Ruth\AppData\Roaming\iolo 2016-01-04 04:33 - 2016-01-05 02:00 - 00000000 ____D C:\ProgramData\iolo 2016-01-03 20:17 - 2016-01-03 20:17 - 00000000 ____D C:\Users\Ruth\AppData\Roaming\Sun 2016-01-03 20:17 - 2016-01-03 20:17 - 00000000 ____D C:\Users\Ruth\AppData\LocalLow\Sun 2016-01-03 20:17 - 2016-01-03 20:17 - 00000000 ____D C:\Users\Ruth\.oracle_jre_usage 2016-01-03 20:16 - 2016-01-09 06:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-01-03 20:15 - 2016-01-06 03:19 - 00000000 ____D C:\Program Files (x86)\Java 2016-01-03 20:13 - 2016-01-06 03:21 - 00000000 ____D C:\ProgramData\Oracle 2016-01-03 20:13 - 2016-01-03 20:13 - 00000000 ____D C:\Users\Ruth\AppData\LocalLow\Oracle 2016-01-02 20:30 - 2016-01-03 23:51 - 00000000 ____D C:\Users\Ruth\Desktop\Old Firefox Data 2015-12-31 08:20 - 2015-12-31 08:20 - 00094276 _____ C:\Users\Ruth\Documents\report.abw 2015-12-31 06:17 - 2015-12-31 06:17 - 00149556 _____ C:\Users\Ruth\Documents\ruth harris_TransUnion Personal Credit Report_20151231.pdf 2015-12-31 06:16 - 2015-12-31 06:16 - 00000000 ____D C:\ProgramData\McAfee 2015-12-31 06:15 - 2016-01-05 02:25 - 00000000 ____D C:\ProgramData\Adobe 2015-12-29 11:34 - 2015-12-29 11:37 - 00000000 ____D C:\Users\Ruth\Documents\dustin 2015-12-26 09:11 - 2015-12-26 09:11 - 00007597 _____ C:\Users\Ruth\AppData\Local\Resmon.ResmonCfg 2015-12-23 18:24 - 2015-12-23 18:26 - 00000000 ____D C:\Users\Ruth\Documents\recipes 2015-12-23 18:23 - 2015-12-23 18:26 - 00000000 ____D C:\Users\Ruth\Documents\home remedy tips 2015-12-23 18:22 - 2015-12-23 18:22 - 00000000 ____D C:\Users\Ruth\Documents\orbit busses 2015-12-23 18:15 - 2016-01-04 04:57 - 00000000 ____D C:\Users\Ruth\AppData\Local\Foxit Reader 2015-12-23 17:59 - 2015-12-23 17:59 - 00021462 _____ C:\Users\Ruth\Documents\phone numbers.abw 2015-12-23 17:54 - 2015-12-23 17:54 - 00420689 _____ C:\Users\Ruth\Documents\rental lease for 8th place.abw 2015-12-22 01:07 - 2016-01-09 04:04 - 00000000 ____D C:\Users\Ruth\Documents\dan 2015-12-20 15:42 - 2015-12-20 15:42 - 00001469 _____ C:\Users\Ruth\AppData\Local\recently-used.xbel 2015-12-20 15:39 - 2015-12-20 15:39 - 00000000 ____D C:\Users\Ruth\AppData\Local\gtk-2.0 2015-12-19 22:43 - 2015-12-19 22:43 - 00000000 ____D C:\Users\Ruth\AppData\Local\webkit 2015-12-19 22:23 - 2015-12-19 22:23 - 00000000 ____D C:\Users\Ruth\AppData\Local\gegl-0.2 2015-12-19 22:23 - 2015-12-19 22:23 - 00000000 ____D C:\Users\Ruth\AppData\Local\fontconfig 2015-12-12 09:01 - 2015-12-12 09:01 - 00274360 _____ C:\Windows\Minidump\121215-19406-01.dmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-10 00:18 - 2015-08-12 12:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-01-10 00:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows 2016-01-09 23:56 - 2009-07-13 21:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-09 23:56 - 2009-07-13 21:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-09 23:27 - 2015-11-26 01:26 - 00000288 _____ C:\Windows\Tasks\UpdaterEX.job 2016-01-09 21:18 - 2015-11-01 12:36 - 00000000 ____D C:\Program Files (x86)\Qwest 2016-01-09 21:17 - 2015-11-01 12:35 - 00000000 ____D C:\Program Files (x86)\CenturyLink 2016-01-09 20:38 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-09 20:37 - 2015-11-02 09:20 - 01112625 _____ C:\Windows\system32\Drivers\sfi.dat 2016-01-09 19:56 - 2015-11-01 13:43 - 00000000 ____D C:\ProgramData\Norton 2016-01-09 19:42 - 2015-11-27 06:54 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-01-09 17:13 - 2015-08-12 12:46 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-01-09 13:34 - 2015-12-08 03:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CenturyLink 2016-01-09 13:34 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF 2016-01-09 13:34 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration 2016-01-09 13:34 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf 2016-01-09 13:32 - 2015-10-25 16:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-01-09 12:36 - 2015-08-11 19:41 - 00000000 ____D C:\Users\Ruth 2016-01-09 08:51 - 2015-11-01 13:45 - 00003252 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2016-01-09 08:22 - 2009-07-13 22:13 - 00210506 _____ C:\Windows\system32\PerfStringBackup.INI 2016-01-09 08:18 - 2015-10-30 22:49 - 00000000 ____D C:\Users\Ruth\AbiSuite 2016-01-09 06:44 - 2015-11-27 09:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2016-01-09 06:44 - 2015-11-27 06:55 - 00000000 ____D C:\Users\Ruth\AppData\Local\Adobe_Systems_Incorporate 2016-01-09 06:44 - 2015-10-20 20:25 - 00000000 ____D C:\Program Files (x86)\SumatraPDF 2016-01-09 06:44 - 2015-09-30 07:50 - 00000000 ____D C:\Windows\Minidump 2016-01-09 06:44 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\Offline Web Pages 2016-01-09 06:44 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\Downloaded Program Files 2016-01-09 06:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Msdtc 2016-01-09 06:42 - 2015-11-18 02:55 - 00000000 ____D C:\Users\Ruth\AppData\Local\Mozilla 2016-01-09 06:41 - 2015-11-27 09:40 - 00000000 ____D C:\Program Files (x86)\Windows Live 2016-01-09 05:44 - 2015-11-13 21:45 - 00000000 ____D C:\Users\Ruth\Documents\standage place apartments 2016-01-09 04:07 - 2015-10-20 23:18 - 00000000 ____D C:\Users\Ruth\Documents\passwords 2016-01-09 03:46 - 2015-11-27 09:35 - 00000000 ____D C:\Users\Ruth\AppData\Local\Windows Live 2016-01-06 11:00 - 2015-08-12 12:45 - 00000000 ____D C:\Users\Ruth\AppData\Local\Adobe 2016-01-06 10:59 - 2015-11-19 04:58 - 00000000 ____D C:\Users\Ruth\AppData\Roaming\Adobe 2015-12-29 20:12 - 2015-10-22 14:54 - 00000000 ____D C:\Users\Ruth\AppData\Local\ElevatedDiagnostics 2015-12-28 14:18 - 2015-08-12 12:46 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-28 14:18 - 2015-08-12 12:46 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-26 12:12 - 2015-11-28 07:59 - 00000000 ____D C:\Users\Ruth\AppData\Roaming\QuickScan 2015-12-23 18:26 - 2015-10-22 14:31 - 00000000 ____D C:\Users\Ruth\Documents\quotes, sayings and poems 2015-12-23 18:19 - 2015-10-22 14:28 - 00000000 ____D C:\Users\Ruth\Documents\assurance wireless 2015-12-23 18:18 - 2015-11-13 21:46 - 00000000 ____D C:\Users\Ruth\Documents\desert willow apartments 2015-12-23 18:06 - 2015-11-13 21:50 - 00000000 ____D C:\Users\Ruth\Documents\des 2015-12-23 18:05 - 2015-10-22 14:30 - 00000000 ____D C:\Users\Ruth\Documents\my personal information 2015-12-22 14:10 - 2015-11-09 08:24 - 00000000 ____D C:\Users\Ruth\AppData\Local\AvgSetupLog 2015-12-22 03:18 - 2009-07-14 00:46 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents 2015-12-22 03:18 - 2009-07-14 00:46 - 00000000 ____D C:\Windows\ShellNew 2015-12-22 03:18 - 2009-07-14 00:46 - 00000000 ____D C:\Program Files\Windows Journal 2015-12-22 03:18 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Sidebar 2015-12-22 03:18 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Defender 2015-12-22 03:18 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\DVD Maker 2015-12-22 03:18 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2015-12-22 03:18 - 2009-07-13 20:20 - 00000000 __RSD C:\Windows\Media 2015-12-22 03:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Setup 2015-12-22 03:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\ras 2015-12-22 03:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz 2015-12-22 03:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV 2015-12-22 03:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT 2015-12-22 03:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE 2015-12-22 03:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Setup 2015-12-22 03:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\ras 2015-12-22 03:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\oobe 2015-12-22 03:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\migwiz 2015-12-22 03:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\lv-LV 2015-12-22 03:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\lt-LT 2015-12-22 03:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\ias 2015-12-22 03:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\et-EE 2015-12-22 03:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism 2015-12-22 03:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-12-22 03:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-12-22 03:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\L2Schemas 2015-12-22 03:18 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\System 2015-12-22 03:18 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Services 2015-12-12 09:01 - 2015-11-02 22:00 - 204382267 _____ C:\Windows\MEMORY.DMP ==================== Files in the root of some directories ======= 2015-12-20 15:42 - 2015-12-20 15:42 - 0001469 _____ () C:\Users\Ruth\AppData\Local\recently-used.xbel 2015-12-26 09:11 - 2015-12-26 09:11 - 0007597 _____ () C:\Users\Ruth\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== C:\Users\Ruth\AppData\Local\Temp\ICReinstall_System Mechanic Setup.exe C:\Users\Ruth\AppData\Local\Temp\NAV2015.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-12-31 08:14 ==================== End of FRST.txt ============================