Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cleaning Junk from my Computer [Solved]

Started by lesadale , Oct 15 2014 08:51 AM

  • This topic is locked This topic is locked

#16
Naathim
Posted 22 October 2014 - 12:00 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 

Right now, I'm still getting the Spyware Blaster update request although I've deleted that program through the program file.

 

Means that some parts of it are still there. We'll get rid of them.



updates.png Update outdated software

Staying always updated is crucial, not only for your operating system, but also for any third-party installed software.
Your logs clearly indicate that some of your software needs updating.

firefox-256.jpg Updating Mozilla Firefox manually

  • Please open Firefox.
  • Click the firefoxmenu.png icon.
  • Click Help and select About Firefox.
  • Firefox will search for any updates and start downloading them automatically.
  • When the updates will be ready you will be prompted to restart Firefox. Please do it.

javacup.png Updating Java manually

  • Click the Start button
  • Click Control Panel
  • Double click Java - Looks like a coffee cup. You may have to switch to Classical View to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed.
  • If prompted (during the installation) to also install ASK toolbar, leave this unchecked - Ask does not have a good reputation.
  • From Control panel also please remove any older versions of Java - do not leave them installed!.

Remember to keep them always updated.


FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


  • 0

Advertisements

#17
lesadale
Posted 22 October 2014 - 11:01 AM

lesadale

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

Here are the new scans:

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by Lesa (administrator) on LESA-PC on 22-10-2014 11:40:59
Running from C:\Users\Lesa\Downloads
Loaded Profile: Lesa (Available profiles: Lesa)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DeviceVM) C:\ASUS.SYS\config\DVMExportService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
(Smith Micro Software, Inc.) C:\Program Files (x86)\Smith Micro\StuffIt11\ArcNameService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Hightail Inc.) C:\Program Files (x86)\Hightail Desktop App\Hightail.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BitTorrent, Inc.) C:\Users\Lesa\Program Files (x86)\DNA\btdna.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files\ASUS\Turbo Key\TurboKey.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV\TurboV.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(LG Electronics) C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-01-27] (LogMeIn, Inc.)
HKLM\...\Run: [Hightail Sync Agent] => C:\Program Files (x86)\Hightail Desktop App\Hightail.exe [7040056 2013-10-28] (Hightail Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2252800 2009-08-28] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Turbo Key] => C:\Program Files\ASUS\Turbo Key\TurboKey.exe [1769472 2009-06-02] ()
HKLM-x32\...\Run: [TurboV] => C:\Program Files\ASUS\TurboV\TurboV.exe [5516800 2009-10-26] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-05-14] (Sonic Solutions)
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BYRUA_AGENT] => C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe [380024 2012-09-24] (LG Electronics)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [508144 2013-11-14] (QFX Software Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\facebook\uninstall.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\facebook\uninstall.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\facebook\uninstall.exe <====== ATTENTION
HKU\S-1-5-21-3160849686-1691475319-3697074088-1001\...\Run: [BitTorrent DNA] => C:\Users\Lesa\Program Files (x86)\DNA\btdna.exe [323392 2002-01-01] (BitTorrent, Inc.)
HKU\S-1-5-21-3160849686-1691475319-3697074088-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3160849686-1691475319-3697074088-1001\...\Run: [Google Update] => C:\Users\Lesa\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.)
HKU\S-1-5-21-3160849686-1691475319-3697074088-1001\...\Run: [GoogleChromeAutoLaunch_E6657658FBB2FFBE69E67E8E7B31DA16] => C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe [852808 2014-09-22] (Google Inc.)
HKU\S-1-5-21-3160849686-1691475319-3697074088-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3160849686-1691475319-3697074088-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
Startup: C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lesa\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: [00001YSISyncComplete] -> {89B5F9CC-C4A2-462C-BD27-29CEAC972135} => C:\Program Files (x86)\Hightail Desktop App\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002YSISyncActive] -> {84B7BDFB-C50A-4335-B7C2-8AEC454F9E25} => C:\Program Files (x86)\Hightail Desktop App\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003YSISyncError] -> {306A9CDE-AC70-453A-8008-B5F9962B8F88} => C:\Program Files (x86)\Hightail Desktop App\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004YSILocalOnly] -> {23A7D2DC-F395-4E33-876C-84A2DFAB0EBB} => C:\Program Files (x86)\Hightail Desktop App\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll (Mozy, Inc.)
ShellIconOverlayIdentifiers-x32: [00001YSISyncComplete] -> {89B5F9CC-C4A2-462C-BD27-29CEAC972135} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002YSISyncActive] -> {84B7BDFB-C50A-4335-B7C2-8AEC454F9E25} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003YSISyncError] -> {306A9CDE-AC70-453A-8008-B5F9962B8F88} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004YSILocalOnly] -> {23A7D2DC-F395-4E33-876C-84A2DFAB0EBB} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x871F0B7F4DC0CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{BC0AD0B8-92CF-4212-8B87-43285EFEA894}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C685DDF4-1D1C-46A3-BD51-26EF4A10E425}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\4zvb12bh.default-1413995724453
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @bittorrent.com/BitTorrentDNA -> C:\Users\Lesa\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Lesa\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Lesa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Lesa\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Lesa\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF HKCU\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Lesa\Program Files (x86)\DNA
FF Extension: DNA - C:\Users\Lesa\Program Files (x86)\DNA [2002-01-01]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-06]
CHR Extension: (Send to Kindle for Google Chrome™) - C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2013-12-26]
CHR Extension: (Save to Pocket) - C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-10-30]
CHR Extension: (Google Wallet) - C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-22]
CHR Extension: (Evernote Web Clipper) - C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-10-30]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-03-16] (AMD) [File not signed]
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [124256 2009-04-22] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-01] () [File not signed]
R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [294912 2009-04-10] (DeviceVM) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-07-19] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-19] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54040 2011-07-11] (Mozy, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2009-09-06] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3505768 2010-06-17] (INCA Internet Co., Ltd.) [File not signed]
R2 Stuffit Archive Name Service; C:\Program Files (x86)\Smith Micro\StuffIt11\ArcNameService.exe [157000 2007-10-08] (Smith Micro Software, Inc.)
S2 SessionLauncher; C:\Users\Lesa\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-14] (AVG Technologies)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222200 2013-05-31] (QFX Software Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-27] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-05-21] (Mozy, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.) [File not signed]
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2007-12-10] (Windows ® Codename Longhorn DDK provider)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-09-28] () [File not signed]
S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-09-28] () [File not signed]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-10-10] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 dump_wmimmc; \??\C:\gPotato\Rappelz\GameGuard\dump_wmimmc.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
U2 wuaserv; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-22 11:40 - 2014-10-22 11:40 - 00000000 ____D () C:\Users\Lesa\Downloads\FRST-OlderVersion
2014-10-22 11:40 - 2014-10-18 08:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-22 11:40 - 2014-10-18 08:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-22 11:40 - 2014-10-18 08:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-22 11:36 - 2014-10-22 11:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-22 11:35 - 2014-10-22 11:35 - 00000000 ____D () C:\Users\Lesa\Desktop\Old Firefox Data
2014-10-21 22:10 - 2014-10-21 22:10 - 00006049 _____ () C:\Users\Lesa\.recently-used.xbel
2014-10-21 15:33 - 2014-10-21 15:33 - 00000199 _____ () C:\Users\Lesa\.gtk-bookmarks
2014-10-21 12:18 - 2014-10-21 12:19 - 00854448 _____ () C:\Users\Lesa\Downloads\SecurityCheck.exe
2014-10-20 09:10 - 2014-10-20 09:11 - 208577772 _____ () C:\Users\Lesa\Downloads\SmartMoneySmartKids-Audiobook.zip
2014-10-20 09:01 - 2014-10-20 09:01 - 02347384 _____ (ESET) C:\Users\Lesa\Downloads\esetsmartinstaller_enu (1).exe
2014-10-19 23:59 - 2014-10-20 00:00 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Lesa\Downloads\mbam-setup-2.0.3.1025 (2).exe
2014-10-19 09:46 - 2014-10-19 09:47 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Lesa\Downloads\mbam-setup-2.0.3.1025 (1).exe
2014-10-19 08:50 - 2014-10-22 11:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-19 08:49 - 2014-10-19 08:49 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-19 08:49 - 2014-10-19 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-19 08:49 - 2014-10-19 08:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-19 08:49 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-19 08:49 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-19 08:49 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-19 08:48 - 2014-10-19 08:48 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Lesa\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-18 22:10 - 2014-10-18 22:10 - 00011058 _____ () C:\Users\Lesa\Downloads\Result.txt
2014-10-18 22:09 - 2014-10-18 22:09 - 00401920 _____ (Farbar) C:\Users\Lesa\Downloads\MiniToolBox.exe
2014-10-18 09:12 - 2014-10-18 09:13 - 01976320 _____ () C:\Users\Lesa\Downloads\AdwCleaner (1).exe
2014-10-18 09:10 - 2014-10-18 09:10 - 00001153 _____ () C:\Users\Lesa\Desktop\JRT.txt
2014-10-18 09:06 - 2014-10-18 09:06 - 01705698 _____ (Thisisu) C:\Users\Lesa\Downloads\JRT (1).exe
2014-10-18 08:44 - 2014-10-18 08:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-17 23:54 - 2014-10-17 23:54 - 00021719 _____ () C:\Users\Lesa\Downloads\week_7_scores.xlsx
2014-10-17 23:52 - 2014-10-17 23:52 - 00021910 _____ () C:\Users\Lesa\Downloads\week_8_scores.xlsx
2014-10-17 23:51 - 2014-10-17 23:51 - 00056794 _____ () C:\Users\Lesa\Downloads\2014_brackets.xlsx
2014-10-17 11:19 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 11:19 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-17 11:19 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-17 11:19 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-10-17 08:58 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-10-17 08:58 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-10-17 08:58 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-10-17 08:58 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-10-17 08:58 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-10-17 08:58 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-17 08:58 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-10-17 08:58 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-10-17 08:58 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-10-17 08:58 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-10-17 08:58 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-10-17 08:58 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-10-17 08:58 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-17 08:58 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-17 08:58 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-10-17 08:58 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-17 08:57 - 2014-10-18 12:34 - 00042423 _____ () C:\Users\Lesa\Downloads\Addition.txt
2014-10-17 08:56 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-10-17 08:56 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-10-17 08:56 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-10-17 08:56 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-10-17 08:53 - 2014-10-22 11:41 - 00036567 _____ () C:\Users\Lesa\Downloads\FRST.txt
2014-10-17 08:53 - 2014-10-22 11:41 - 00000000 ____D () C:\FRST
2014-10-17 08:52 - 2014-10-22 11:40 - 02110976 _____ (Farbar) C:\Users\Lesa\Downloads\FRST64.exe
2014-10-17 08:50 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-17 08:50 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-17 08:50 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-17 08:50 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-17 08:50 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-17 08:50 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-17 08:50 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-17 08:50 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-17 08:50 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-17 08:50 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-17 08:50 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-17 08:50 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-17 08:50 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-17 08:50 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-17 08:50 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-17 08:50 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-17 08:50 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-17 08:50 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-17 08:50 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-17 08:50 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-17 08:50 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-17 08:50 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-17 08:50 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-17 08:50 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-17 08:50 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-17 08:50 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-17 08:50 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-17 08:50 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-17 08:50 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-17 08:50 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-17 08:50 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-17 08:50 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-17 08:50 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-17 08:50 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-17 08:50 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-17 08:50 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-17 08:50 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-17 08:50 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-17 08:50 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-17 08:50 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-17 08:50 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-17 08:50 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-17 08:50 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-17 08:50 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-17 08:50 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-17 08:50 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-17 08:50 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-17 08:50 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-17 08:50 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-17 08:50 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-17 08:50 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-17 08:50 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-17 08:50 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-17 08:50 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-17 08:50 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-17 08:50 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-17 08:50 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-16 14:08 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 14:08 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 14:08 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 14:08 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 14:08 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 14:08 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 14:08 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 14:08 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 14:08 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 14:08 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 14:08 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 14:08 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 14:08 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 14:08 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 14:08 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 14:08 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 14:08 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 14:08 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 14:08 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 14:08 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 14:08 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 14:08 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 14:08 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 14:08 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 14:08 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 14:08 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 14:08 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 14:08 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 14:08 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 14:08 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 14:08 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 14:08 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 14:08 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 14:08 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 14:08 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 14:08 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 14:08 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 14:08 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 14:08 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 14:08 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 14:08 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 14:07 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 14:07 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 14:07 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 14:07 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 14:07 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 14:07 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 14:07 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 14:07 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 14:07 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 14:07 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 14:07 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 14:07 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 14:07 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 14:07 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 14:07 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 14:07 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 14:07 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 14:07 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 14:07 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 14:07 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 14:07 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 14:07 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 14:07 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 14:07 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 14:07 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 14:06 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 14:06 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 14:06 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 14:06 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 14:06 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 14:06 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 14:06 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 14:06 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 14:06 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 14:06 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 14:06 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 14:06 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 14:06 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 14:06 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 14:06 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 14:04 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 14:04 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 09:18 - 2014-10-15 09:18 - 00602112 _____ (OldTimer Tools) C:\Users\Lesa\Downloads\OTL (1).exe
2014-10-13 09:15 - 2014-10-13 09:15 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-10-13 09:15 - 2014-10-13 09:15 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-10-13 09:13 - 2014-10-13 09:14 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-10-13 09:07 - 2014-10-13 09:07 - 00000000 ____D () C:\Users\Lesa\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
2014-10-13 09:06 - 2014-10-13 09:06 - 140852175 _____ () C:\Users\Lesa\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2014-10-12 17:42 - 2014-10-12 17:42 - 00052561 _____ () C:\Users\Lesa\Downloads\adine-kirnberg.zip
2014-10-12 17:37 - 2014-10-12 17:37 - 01750006 _____ () C:\Users\Lesa\Downloads\agasilva_trufla-words (1).zip
2014-10-12 17:36 - 2014-10-12 17:36 - 01750006 _____ () C:\Users\Lesa\Downloads\agasilva_trufla-words.zip
2014-10-11 09:19 - 2014-10-11 09:20 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-10-11 09:13 - 2014-10-11 09:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-11 09:13 - 2014-10-11 09:13 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-08 01:01 - 2014-10-08 01:01 - 00339608 _____ () C:\Windows\Minidump\100814-29718-01.dmp
2014-10-07 23:12 - 2014-10-07 23:12 - 00339608 _____ () C:\Windows\Minidump\100714-70387-01.dmp
2014-10-03 02:09 - 2014-10-03 02:10 - 00000000 ____D () C:\Users\Lesa\Documents\SYC2014
2014-09-30 23:48 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 23:48 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 21:32 - 2014-09-30 21:32 - 00031754 _____ () C:\Users\Lesa\Downloads\cash-receipt.xlsx
2014-09-30 21:32 - 2014-09-30 21:32 - 00000165 ____H () C:\Users\Lesa\Downloads\~$cash-receipt.xlsx
2014-09-26 17:02 - 2014-09-26 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-26 16:59 - 2014-09-26 16:59 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-26 16:59 - 2014-09-26 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-26 16:57 - 2014-09-26 16:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-26 16:57 - 2014-09-26 16:59 - 00000000 ____D () C:\Program Files\iTunes
2014-09-26 16:57 - 2014-09-26 16:59 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-26 16:57 - 2014-09-26 16:57 - 00000000 ____D () C:\Program Files\iPod
2014-09-23 13:49 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 13:49 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-22 11:41 - 2002-01-01 00:43 - 00000000 ____D () C:\Users\Lesa\AppData\Roaming\DNA
2014-10-22 11:40 - 2010-06-11 20:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-22 11:37 - 2013-11-27 16:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-22 11:37 - 2013-11-21 19:38 - 02262956 _____ () C:\Windows\setupact.log
2014-10-22 11:25 - 2013-02-01 09:59 - 00000000 ____D () C:\Users\Lesa\Documents\Outlook Files
2014-10-22 11:09 - 2014-02-28 14:39 - 00000556 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3160849686-1691475319-3697074088-1001.job
2014-10-22 10:58 - 2010-03-23 15:16 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001UA.job
2014-10-22 10:55 - 2012-04-02 09:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-22 04:04 - 2010-03-22 22:10 - 01078060 _____ () C:\Windows\WindowsUpdate.log
2014-10-22 03:58 - 2011-09-12 10:18 - 00003740 _____ () C:\Windows\mozy.blk
2014-10-22 03:58 - 2011-09-12 10:18 - 00003196 _____ () C:\Windows\mozy.flt
2014-10-22 03:21 - 2009-07-13 23:45 - 00027936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-22 03:21 - 2009-07-13 23:45 - 00027936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-22 02:40 - 2011-09-14 12:01 - 00035328 ___SH () C:\Users\Lesa\Documents\Thumbs.db
2014-10-22 02:40 - 2010-07-28 14:45 - 00000000 ____D () C:\Users\Lesa\Documents\Dustin
2014-10-22 02:20 - 2011-02-26 20:51 - 00000467 _____ () C:\Windows\BRWMARK.INI
2014-10-22 01:58 - 2014-01-27 22:50 - 00000000 ____D () C:\Users\Lesa\Documents\Financial Coaching
2014-10-22 01:58 - 2010-03-23 15:16 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001Core.job
2014-10-22 01:53 - 2010-03-23 15:16 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001UA
2014-10-22 01:53 - 2010-03-23 15:16 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001Core
2014-10-22 00:28 - 2011-03-01 23:02 - 00000000 ____D () C:\Users\Lesa\.gimp-2.6
2014-10-22 00:21 - 2011-02-08 15:52 - 00000000 ____D () C:\ProgramData\Temp
2014-10-21 23:44 - 2010-06-21 08:40 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-10-21 22:10 - 2013-10-22 14:30 - 00000000 ____D () C:\Users\Lesa\Documents\2DoWebs
2014-10-21 22:10 - 2011-03-01 23:05 - 00000000 ____D () C:\Users\Lesa\AppData\Roaming\gtk-2.0
2014-10-21 22:10 - 2010-03-22 18:21 - 00000000 ____D () C:\Users\Lesa
2014-10-21 14:49 - 2010-05-14 19:52 - 00000000 ____D () C:\Users\Lesa\Documents\Lesa's Stuff
2014-10-20 17:04 - 2011-07-13 12:00 - 00000000 ___RD () C:\Users\Lesa\Documents\Security
2014-10-20 09:14 - 2011-05-06 20:28 - 00000000 ____D () C:\Users\Lesa\AppData\Local\SMSI
2014-10-20 00:11 - 2014-02-28 14:39 - 00003578 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3160849686-1691475319-3697074088-1001
2014-10-19 23:54 - 2010-08-16 04:08 - 00000000 ____D () C:\Users\Lesa\AppData\Local\CrashDumps
2014-10-19 23:44 - 2014-01-25 23:46 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-10-19 23:44 - 2014-01-25 23:46 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-10-19 23:44 - 2010-03-23 16:10 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-19 10:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-19 10:01 - 2010-03-23 15:02 - 01999324 _____ () C:\Windows\PFRO.log
2014-10-19 08:49 - 2011-07-13 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-18 09:22 - 2013-11-27 10:22 - 00000000 ____D () C:\AdwCleaner
2014-10-18 08:45 - 2013-10-16 13:14 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-17 09:55 - 2010-06-17 20:49 - 00000059 _____ () C:\Windows\wpd99.drv
2014-10-17 09:55 - 2010-06-17 20:49 - 00000000 ____D () C:\ProgramData\pdf995
2014-10-17 09:50 - 2009-07-14 00:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-17 09:32 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-17 09:26 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-17 09:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-17 09:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-17 09:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-17 03:47 - 2009-07-13 23:45 - 00518880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 03:44 - 2014-06-05 03:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 03:25 - 2010-04-14 15:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 03:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-17 03:17 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 03:01 - 2010-04-14 14:52 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-16 16:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-16 16:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-10-15 09:36 - 2011-07-13 11:58 - 00066816 _____ () C:\Users\Lesa\Downloads\Extras.Txt
2014-10-15 09:35 - 2011-07-13 11:57 - 00091308 _____ () C:\Users\Lesa\Downloads\OTL.Txt
2014-10-14 08:39 - 2010-08-30 08:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-10-14 08:26 - 2010-03-23 15:14 - 00149048 _____ () C:\Users\Lesa\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-13 09:13 - 2002-01-01 00:56 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2014-10-12 17:39 - 2010-06-18 18:45 - 00000000 ____D () C:\Users\Lesa\Documents\Printing
2014-10-11 10:30 - 2010-08-30 08:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0
2014-10-11 09:31 - 2010-04-30 08:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-11 09:30 - 2010-04-30 08:42 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2014-10-11 09:30 - 2010-04-30 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-10-11 09:25 - 2010-04-30 08:42 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-10-11 09:13 - 2010-04-30 09:34 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-11 09:13 - 2010-04-30 09:34 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-08 18:45 - 2011-07-13 13:56 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-10-08 01:01 - 2014-02-25 01:54 - 422566106 _____ () C:\Windows\MEMORY.DMP
2014-10-08 01:01 - 2010-03-22 22:07 - 00000000 ____D () C:\Windows\Minidump
2014-10-03 09:51 - 2013-02-13 11:07 - 00000000 ___RD () C:\Users\Lesa\Hightail
2014-10-01 20:42 - 2010-05-14 10:32 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozyHome
2014-10-01 20:42 - 2010-05-14 10:32 - 00000000 ____D () C:\Program Files\MozyHome
2014-09-27 16:19 - 2011-07-13 13:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-27 16:09 - 2013-11-21 01:38 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-27 09:35 - 2014-01-16 17:52 - 00000000 ____D () C:\Users\Lesa\Documents\91 Day Quantum Challenge
2014-09-23 18:55 - 2013-12-10 20:55 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 18:55 - 2012-04-02 09:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 18:55 - 2011-05-16 07:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 01:42 - 2010-03-22 20:37 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\Lesa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbxr7sx.dll
C:\Users\Lesa\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Lesa\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Lesa\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Lesa\AppData\Local\Temp\Quarantine.exe
C:\Users\Lesa\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 15:36
 
==================== End Of Log ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2014
Ran by Lesa at 2014-10-22 11:42:48
Running from C:\Users\Lesa\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.3.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
All-in-One PDF 4.0 (HKLM-x32\...\All-in-One PDF) (Version: 4.0 - )
Amazon MP3 Downloader 1.0.10 (HKLM-x32\...\Amazon MP3 Downloader) (Version:  - )
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.239 - Amazon)
AMD OverDrive (HKLM-x32\...\{EB0F4554-AD4F-4C8C-9764-66AC2CF8D184}) (Version: 3.0.1.0287 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{2A3636F8-1207-DFA3-E4E2-A78CCD798795}) (Version: 3.0.745.0 - ATI Technologies, Inc.)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-9440CN (HKLM-x32\...\{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Camtasia Studio 6 (HKLM-x32\...\{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}) (Version: 6.0.0 - TechSmith Corporation)
Catalyst Control Center Core Implementation (x32 Version: 2009.0918.2132.36825 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0918.2132.36825 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0918.2132.36825 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0918.2132.36825 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0918.2132.36825 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0918.2132.36825 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0918.2132.36825 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
CCC Help English (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
CCC Help French (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
CCC Help German (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0918.2131.36825 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0918.2132.36825 - ATI) Hidden
ccc-utility64 (Version: 2009.0918.2132.36825 - ATI) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.2.7.1801 - CDBurnerXP)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Dave Ramsey's Financial Peace Financial Software 5.4.1 (HKLM-x32\...\Dave Ramsey's Financial Peace Financial Software 5.45.4) (Version: 5.4.1 - The Lampo Group, Inc)
Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
DNA (HKCU\...\BitTorrent DNA) (Version: 2.2.4 (16502) - BitTorrent Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
EMCGadgets64 (Version: 1.1.501 - Sonic) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
FileZilla Client 3.6.0.2 (HKCU\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
GoToMeeting 6.4.4.1831 (HKCU\...\GoToMeeting) (Version: 6.4.4.1831 - CitrixOnline)
GPU NOS (HKLM-x32\...\{3356EDC7-9373-4D5D-852D-9AB7DBB5A7FC}) (Version: 1.00.10 - )
Hightail Desktop App (HKLM\...\{A1B827F9-8A85-4DEE-8E72-3CF347F71999}) (Version: 2.4.7.1621 - Hightail)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.3.0.0 - QFX Software Corporation)
Kindle Comic Creator (HKCU\...\KC2) (Version: 1.100 - Amazon)
Kindle Previewer (HKCU\...\KindlePreviewer) (Version: 2.92 - Amazon)
LogMeIn (HKLM-x32\...\{4475560E-9418-4908-A158-472D873AE139}) (Version: 4.1.1310 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.00 - Alliance Software Pty Ltd)
Market Samurai (x32 Version: 0.93.00 - Alliance Software Pty Ltd) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MozyHome (HKLM\...\{DCFDCF4D-F10C-322C-AA4B-5B9A5E3D278B}) (Version: 2.26.7.405 - Mozy, Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Pamela Pro 4.7 (HKLM-x32\...\Pamela) (Version: 4.7 - Scendix Software GmbH)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.83 - ASUSTeK Computer Inc.)
Pdf995 (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (HKLM-x32\...\PdfEdit995) (Version:  - )
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 2.4.1540.26 - AMD)
RAIDXpert (x32 Version: 2.4.1540.26 - AMD) Hidden
Rapport (Version: 3.5.1205.18 - Trusteer) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5880 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Premier (HKLM-x32\...\{469EF13B-4AD0-48D7-AF89-6B92278293E2}) (Version: 10.1 - Roxio)
Roxio Creator Premier (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Premier 10 (x32 Version: 10.2.606 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler (x32 Version: 3.2 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
ScorpionSaver (HKLM-x32\...\{273E1F1A-7B1A-436C-A783-A4A8C97AD036}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Snap.Do (HKLM-x32\...\{92109C97-2662-4353-9386-B64309F595C9}) (Version: 11.8.1.13233 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKCU\...\{373498cd-d26b-4c15-928f-b99d07e5739e}) (Version: 11.8.1.13233 - ReSoft Ltd.) <==== ATTENTION
StuffIt 11 (HKLM-x32\...\{9D2B054C-D335-4870-ADFB-BC645CCC3C76}) (Version: 11.2.0 - SmithMicro)
Turbo Key (HKLM-x32\...\{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}) (Version: 1.00.13 - )
TurboV (HKLM-x32\...\{A31951C5-DCD8-4DFE-A525-CFC701F54792}) (Version: 1.01.05 - )
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.47 - Creative Island Media, LLC) <==== ATTENTION
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
YNAB 4 version 4.3.624 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.624 - YouNeedABudget.com)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3160849686-1691475319-3697074088-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lesa\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3160849686-1691475319-3697074088-1001_Classes\CLSID\{0C3BA0B1-BC14-4B55-98DC-F1E913C1DA10}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3160849686-1691475319-3697074088-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Lesa\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3160849686-1691475319-3697074088-1001_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3160849686-1691475319-3697074088-1001_Classes\CLSID\{6FFA7438-3E00-4176-9717-B3BBE2E704AB}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3160849686-1691475319-3697074088-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3160849686-1691475319-3697074088-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lesa\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3160849686-1691475319-3697074088-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lesa\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3160849686-1691475319-3697074088-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lesa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3160849686-1691475319-3697074088-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lesa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3160849686-1691475319-3697074088-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lesa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3160849686-1691475319-3697074088-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lesa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3160849686-1691475319-3697074088-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lesa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3160849686-1691475319-3697074088-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lesa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3160849686-1691475319-3697074088-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lesa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3160849686-1691475319-3697074088-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lesa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3160849686-1691475319-3697074088-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lesa\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
18-10-2014 08:00:13 Windows Update
18-10-2014 13:41:59 Installed Java 7 Update 71
19-10-2014 08:00:13 Windows Update
22-10-2014 08:17:59 Windows Update
22-10-2014 16:38:46 Removed Java™ 6 Update 22
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2013-11-25 12:12 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02C7CEB8-1B5C-4FAE-9052-7DC13E10D6E7} - System32\Tasks\ASUS\ASUS GPU NOS => C:\Program Files (x86)\ASUS\GPU NOS\Gpu.exe [2009-10-20] (ASUSTeK Computer Inc.)
Task: {47FA44C4-DC2F-4F2A-90BC-D7AB78B7E1C3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\20.4.0.40\WSCStub.exe
Task: {4A152924-221F-4098-BA0B-1421C9E0D34E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {4BFB90EA-B083-4108-93F7-0EFE4C9406C6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001UA => C:\Users\Lesa\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {504E3C1D-7744-482F-852E-9D6E46215B73} - System32\Tasks\{FD14F46C-FBD1-4653-A594-B3A5CF8879F9} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {613F9E99-1DD6-4CAA-9254-3FC8A11E1A50} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {75A5A063-23C9-4381-A9F5-C2D75A28BA2F} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.02\AsLoader.exe [2009-08-19] (ASUSTeK Computer Inc.)
Task: {79C54ECD-C02B-4F2A-8290-C03710DC03FA} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\20.4.0.40\SymErr.exe
Task: {98FE8AEC-8BCF-462A-A3DB-F1CB2CF4217B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001Core => C:\Users\Lesa\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {9F801E77-6E29-4767-8B93-CCFB701DB816} - System32\Tasks\SpywareBlaster AutoUpdate => C:\Program Files (x86)\SpywareBlaster\sbautoupdate.exe [2013-03-01] ()
Task: {B64F49CB-FC06-445F-919D-330336666FE8} - System32\Tasks\G2MUpdateTask-S-1-5-21-3160849686-1691475319-3697074088-1001 => C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe [2014-10-20] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F3B4F081-B360-43AE-8DED-CBCDE30C038B} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\20.4.0.40\SymErr.exe
Task: {F9B48E44-1A29-4BC9-BC7B-EB57CF188596} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-10-08] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3160849686-1691475319-3697074088-1001.job => C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001Core.job => C:\Users\Lesa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001UA.job => C:\Users\Lesa\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-10-18 14:06 - 2007-07-12 22:37 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2010-06-17 20:49 - 2006-10-19 21:44 - 00047616 _____ () C:\Windows\System32\pdf995mon64.dll
2009-03-16 00:47 - 2009-03-16 00:47 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2010-04-30 09:39 - 2009-04-01 23:27 - 00090112 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
2010-10-18 13:51 - 2009-09-06 12:38 - 00071096 _____ () C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
2011-02-26 20:49 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2009-03-16 00:47 - 2009-03-16 00:47 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-03-16 00:47 - 2009-03-16 00:47 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2010-04-30 08:39 - 2009-05-07 03:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2010-04-30 08:39 - 2009-05-07 03:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2010-04-30 08:39 - 2008-01-18 01:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2010-04-30 08:39 - 2009-08-27 22:31 - 47601664 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2010-04-30 09:39 - 2009-06-02 19:31 - 01769472 _____ () C:\Program Files\ASUS\Turbo Key\TurboKey.exe
2010-04-30 08:42 - 2010-04-30 08:42 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-11-29 16:59 - 2012-11-29 16:59 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2010-04-30 09:39 - 2009-04-29 14:24 - 00253952 _____ () C:\Program Files\ASUS\Turbo Key\pngio.dll
2010-04-30 09:39 - 2009-04-29 14:24 - 00208896 _____ () C:\Program Files\ASUS\Turbo Key\AiNap.dll
2010-04-30 09:39 - 2009-04-29 14:24 - 00008704 _____ () C:\Program Files\ASUS\Turbo Key\vvc.dll
2014-09-24 19:57 - 2014-09-22 23:06 - 01098056 _____ () C:\Users\Lesa\AppData\Local\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-24 19:57 - 2014-09-22 23:06 - 00174408 _____ () C:\Users\Lesa\AppData\Local\Google\Chrome\Application\37.0.2062.124\libegl.dll
2010-04-30 09:39 - 2008-12-10 20:27 - 00565248 _____ () C:\Program Files\ASUS\TurboV\pngio.dll
2010-04-30 09:39 - 2009-10-26 14:52 - 00135680 _____ () C:\Program Files\ASUS\TurboV\TVOCLIB.DLL
2014-09-24 19:57 - 2014-09-22 23:07 - 08577864 _____ () C:\Users\Lesa\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 19:57 - 2014-09-22 23:07 - 00331592 _____ () C:\Users\Lesa\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 19:57 - 2014-09-22 23:06 - 01660232 _____ () C:\Users\Lesa\AppData\Local\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2011-02-26 20:49 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: FileZilla Server Interface => "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3160849686-1691475319-3697074088-500 - Administrator - Disabled)
Guest (S-1-5-21-3160849686-1691475319-3697074088-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3160849686-1691475319-3697074088-1002 - Limited - Enabled)
Lesa (S-1-5-21-3160849686-1691475319-3697074088-1001 - Administrator - Enabled) => C:\Users\Lesa
 
==================== Faulty Device Manager Devices =============
 
Name: LogMeIn Mirror Driver
Description: LogMeIn Mirror Driver
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: lmimirr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/22/2014 03:30:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/22/2014 03:26:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/22/2014 03:25:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/22/2014 03:20:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/21/2014 10:53:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/21/2014 02:01:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/21/2014 01:59:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/21/2014 01:58:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/21/2014 01:54:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/20/2014 03:49:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (10/22/2014 04:11:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140995069
 
Error: (10/22/2014 04:11:54 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140995069
 
Error: (10/22/2014 04:11:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140995069
 
Error: (10/22/2014 04:11:54 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140995069
 
Error: (10/22/2014 04:11:54 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630203
 
Error: (10/22/2014 04:11:54 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630203
 
Error: (10/22/2014 01:11:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140995069
 
Error: (10/22/2014 01:11:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140995069
 
Error: (10/22/2014 01:11:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140995069
 
Error: (10/22/2014 01:11:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140995069
 
 
Microsoft Office Sessions:
=========================
Error: (10/22/2014 03:30:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (10/22/2014 03:26:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin64\InstallManagerApp.exe
 
Error: (10/22/2014 03:25:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\ScanSoft\PaperPort\CheckPPItem.exe
 
Error: (10/22/2014 03:20:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin64\Setup.exe
 
Error: (10/21/2014 10:53:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Lesa\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (10/21/2014 02:01:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (10/21/2014 01:59:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin64\InstallManagerApp.exe
 
Error: (10/21/2014 01:58:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\ScanSoft\PaperPort\CheckPPItem.exe
 
Error: (10/21/2014 01:54:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin64\Setup.exe
 
Error: (10/20/2014 03:49:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-21 18:17:54.536
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-21 18:17:54.206
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-21 18:17:53.886
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-21 18:17:53.516
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-08-22 06:29:12.763
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-08-22 06:29:12.731
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 945 Processor
Percentage of memory in use: 64%
Total physical RAM: 3839.18 MB
Available physical RAM: 1380.87 MB
Total Pagefile: 7676.53 MB
Available Pagefile: 3266.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.95 GB) (Free:29.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: FB37FB37)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#18
Naathim
Posted 22 October 2014 - 12:14 PM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)





remove%20outdated.jpg Uninstall some programs

We need to uninstall some programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • ScorpionSaver
  • Snap.Do
  • Snap.Do Engine
  • Updater

After completing uninstalls, please manually reboot your machine!



51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
autoclean;
{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B};c
{92109C97-2662-4353-9386-B64309F595C9};c
{373498cd-d26b-4c15-928f-b99d07e5739e};c
{273E1F1A-7B1A-436C-A783-A4A8C97AD036};c
C:\Program Files (x86)\SpywareBlaster;fs
{9F801E77-6E29-4767-8B93-CCFB701DB816};c
C:\ProgramData\Temp;fs
md C:\ProgramData\Temp>>%temp%\log.txt;b
process;
services-list;
systemspecs;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;
installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!



FarbarServiceScanner.png Scan with Farbar Service Scanner

Download Farbar Service Scanner by Farbar and save it to your desktop.

  • Right-click on FarbarServiceScanner.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Make sure all of the options are checked!
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.

Please include that log in your next reply.


  • 0

#19
lesadale
Posted 22 October 2014 - 01:15 PM

lesadale

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

Could not find ScorpionSaver.  SnapDo and SnapDo Engine would not let me remove them and Updater said it had already been removed.


  • 0

#20
Naathim
Posted 22 October 2014 - 01:20 PM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Proceed with ZOEK & FSS :)


  • 0

#21
lesadale
Posted 22 October 2014 - 09:49 PM

lesadale

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

Here is the zoek-results:

 

 
Zoek.exe v5.0.0.0 Updated 19-10-2014
Tool run by Lesa on Wed 10/22/2014 at 22:04:50.55.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Lesa\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
10/22/2014 10:08:48 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92109C97-2662-4353-9386-B64309F595C9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{273E1F1A-7B1A-436C-A783-A4A8C97AD036} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Installed Programs ======================
 
Acrobat.com  
Adobe AIR  
Adobe Flash Player 15 ActiveX  
Adobe Flash Player 15 Plugin  
Adobe Reader XI (11.0.09)  
All-in-One PDF 4.0  
Amazon MP3 Downloader 1.0.10  
Amazon Send to Kindle  
AMD OverDrive  
Apple Application Support  
Apple Mobile Device Support  
Apple Software Update  
ASUSUpdate  
ATI Catalyst Install Manager  
Audacity 1.2.6  
Audacity 1.3.13 (Unicode)  
Bonjour  
Brother MFL-Pro Suite MFC-9440CN  
Camtasia Studio 6  
Catalyst Control Center Core Implementation  
Catalyst Control Center Graphics Full Existing  
Catalyst Control Center Graphics Full New  
Catalyst Control Center Graphics Light  
Catalyst Control Center Graphics Previews Vista  
Catalyst Control Center InstallProxy  
Catalyst Control Center Localization All  
ccc-core-static  
ccc-utility64  
CCC Help Chinese Standard  
CCC Help Chinese Traditional  
CCC Help Czech  
CCC Help Danish  
CCC Help Dutch  
CCC Help English  
CCC Help Finnish  
CCC Help French  
CCC Help German  
CCC Help Greek  
CCC Help Hungarian  
CCC Help Italian  
CCC Help Japanese  
CCC Help Korean  
CCC Help Norwegian  
CCC Help Polish  
CCC Help Portuguese  
CCC Help Russian  
CCC Help Spanish  
CCC Help Swedish  
CCC Help Thai  
CCC Help Turkish  
CDBurnerXP  
Citrix Online Launcher  
CryptoPrevent v4.3.0  
CutePDF Writer 2.7  
Dave Ramsey's Financial Peace Financial Software 5.4.1  
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition  
Diagnostic Utility  
DirectXInstallService  
DNA  
Dropbox  
EMCGadgets64  
Facebook Plug-In  
FileZilla Client 3.6.0.2  
GIMP 2.6.10  
Google Calendar Sync  
Google Chrome  
GoToMeeting 6.4.4.1831  
GPU NOS  
Hightail Desktop App  
iCloud  
iTunes  
Java 7 Update 71  
Java Auto Updater  
KeyScrambler  
Kindle Comic Creator  
Kindle Previewer  
LogMeIn  
Malwarebytes Anti-Malware version 2.0.3.1025  
Market Samurai  
Microsoft .NET Framework 4 Multi-Targeting Pack  
Microsoft .NET Framework 4.5.1  
Microsoft Application Error Reporting  
Microsoft Help Viewer 1.0  
Microsoft Office Access MUI (English) 2010  
Microsoft Office Access Setup Metadata MUI (English) 2010  
Microsoft Office Excel MUI (English) 2010  
Microsoft Office File Validation Add-In  
Microsoft Office Groove MUI (English) 2010  
Microsoft Office InfoPath MUI (English) 2010  
Microsoft Office Office 64-bit Components 2010  
Microsoft Office OneNote MUI (English) 2010  
Microsoft Office Outlook MUI (English) 2010  
Microsoft Office PowerPoint MUI (English) 2010  
Microsoft Office Professional Plus 2010  
Microsoft Office Proof (English) 2010  
Microsoft Office Proof (French) 2010  
Microsoft Office Proof (Spanish) 2010  
Microsoft Office Proofing (English) 2010  
Microsoft Office Publisher MUI (English) 2010  
Microsoft Office Shared 64-bit MUI (English) 2010  
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010  
Microsoft Office Shared MUI (English) 2010  
Microsoft Office Shared Setup Metadata MUI (English) 2010  
Microsoft Office Word MUI (English) 2010  
Microsoft Security Client  
Microsoft Security Essentials  
Microsoft Silverlight  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Mozilla Firefox 27.0.1 (x86 en-US)  
Mozilla Maintenance Service  
MozyHome  
MSXML 4.0 SP2 (KB954430)  
MSXML 4.0 SP2 (KB973688)  
OpenOffice 4.1.1  
Pamela Pro 4.7  
PaperPort Image Printer 64-bit  
PC Probe II  
Pdf995  
PdfEdit995  
Platform  
QuickTime 7  
RAIDXpert  
Rapport  
Realtek 8136 8168 8169 Ethernet Driver  
Realtek High Definition Audio Driver  
Roxio Activation Module  
Roxio CinePlayer Decoder Pack  
Roxio Creator Audio  
Roxio Creator Copy  
Roxio Creator Data  
Roxio Creator Premier  
Roxio Creator Premier 10  
Roxio Creator Tools  
Roxio Express Labeler  
Roxio Update Manager  
ScanSoft PaperPort 11  
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)  
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition  
Security Update for Microsoft Word 2010 (KB2883013) 32-Bit Edition  
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition  
Skype Toolbars  
SkypeT 6.11  
Snap.Do Engine  
StuffIt 11  
Turbo Key  
TurboV  
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition  
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition  
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition  
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition  
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2494150)  
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition  
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition  
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition  
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition  
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition  
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition  
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition  
VIA Platform Device Manager  
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU  
YNAB 4 version 4.3.624  
 
==== Running Processes ======================
 
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Program Files (x86)\Smith Micro\StuffIt11\ArcNameService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Hightail Desktop App\Hightail.exe
C:\Users\Lesa\Program Files (x86)\DNA\btdna.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\ASUS\Turbo Key\TurboKey.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesa\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 
==== Services (whitelist) ======================
Powered by E Dev
 
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [AMD External Events Utility] - AMD External Events Utility - C:\Windows\system32\atiesrxx.exe
R2 - [AMD_RAIDXpert] - AMD RAIDXpert - "C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe" -s
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [AsSysCtrlService] - ASUS System Control Service - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [DvmMDES] - DeviceVM Meta Data Export Service - C:\ASUS.SYS\config\DVMExportService.exe
R2 - [LMIGuardianSvc] - LMIGuardianSvc - "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe"
R2 - [LMIMaint] - LogMeIn Maintenance Service - "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe"
R2 - [LogMeIn] - LogMeIn - "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe"
R2 - [MBAMScheduler] - MBAMScheduler - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
R2 - [MBAMService] - MBAMService - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
R2 - [mozybackup] - MozyHome Backup Service - "C:\Program Files\MozyHome\mozybackup.exe"
R2 - [MsMpSvc] - Microsoft Antimalware Service - "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
R2 - [NMSAccessU] - NMSAccessU - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
R2 - [Stuffit Archive Name Service] - Stuffit Archive Name Service - "C:\Program Files (x86)\Smith Micro\StuffIt11\ArcNameService.exe"
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
R3 - [osppsvc] - Office Software Protection Platform - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [SkypeUpdate] - Skype Updater - "C:\Program Files (x86)\Skype\Updater\Updater.exe"
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V
S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - "C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [NisSrv] - Microsoft Network Inspection - "c:\Program Files\Microsoft Security Client\NisSrv.exe"
S3 - [ose] - Office  Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [stllssvr] - stllssvr - "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe"
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\Program Files (x86)\SpywareBlaster deleted
C:\ProgramData\Temp deleted
C:\PROGRA~2\Constant Guard Protection Suite deleted
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deleted
C:\Users\Lesa\Downloads\CouponActivator.exe deleted
C:\Users\Lesa\Downloads\CouponPrinter (1).exe deleted
C:\Users\Lesa\Downloads\CouponPrinter (2).exe deleted
C:\Users\Lesa\Downloads\CouponPrinter.exe deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
 
==== System Specs ======================
 
Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3840 MB
CPU Info: AMD Phenom™ II X4 945 Processor
CPU Speed: 3102.4 MHz
Sound Card: Speakers (VIA High Definition A | 
Realtek HDMI Output (ATI HDMI A | 
SPDIF Interface (TX0) (VIA High | 
SPDIF Interface (TX1) (VIA High | 
Display Adapters: ATI Radeon HD 4200 | ATI Radeon HD 4200 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1360 X 768 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (D: | ) D: OPTIARC DVD-ROM DDU1681S
Ports: COM1 LPT1
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  149.0GB
Hard Disks - Free: C:  33.0GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 01/07/10 | 010710 - 20100107
Time Zone: Central Standard Time
Motherboard *: ASUSTeK Computer INC. M4A785TD-V EVO
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 37.0.2062.124
Internet Explorer Version: 11.0.9600.17358 
Mozilla Firefox version: 27.0.1 (x86 en-US)
Google Chrome version: 37.0.2062.124
Adobe Reader version: 11.0.9.29
Sun Java version: 1.7.0_71 (32-bit) 
Flash Player version: 15.0.0.152
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
====== C:\Users\Lesa\AppData\Local\Temp ====
2014-10-20 05:11:28 F339C7F273B0441B8037276914DE99D2 6664040 ----a-w- C:\Users\Lesa\AppData\Local\Temp\CitrixUpdates\GoToMeeting\1831\G2MCoreInstExtractor.exe
2014-10-20 05:11:17 102D0F383AD476D0AE996E1EA9D1482A 6954856 ----a-w- C:\Users\Lesa\AppData\Local\Temp\CitrixUpdates\GoToMeeting\1796\G2MCoreInstExtractor.exe
2014-10-20 05:11:07 8977A384A61734C091F53E9234F9B68F 6663016 ----a-w- C:\Users\Lesa\AppData\Local\Temp\CitrixUpdates\GoToMeeting\1767\G2MCoreInstExtractor.exe
2014-10-18 14:07:02 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Lesa\AppData\Local\Temp\jrt\libiconv2.dll
2014-10-18 14:07:02 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Lesa\AppData\Local\Temp\jrt\libintl3.dll
2014-10-18 14:07:02 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Lesa\AppData\Local\Temp\jrt\pcre3.dll
2014-10-18 14:07:02 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Lesa\AppData\Local\Temp\jrt\regex2.dll
2014-10-18 14:07:02 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Lesa\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-10-12 16:54:48 E17B30D3B06DBC63E9E94DAE70290A35 787968 ----a-w- C:\Users\Lesa\AppData\Local\Temp\sqlite3.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-10-22 16:40:15 B9F9FD6188CC732F19DB69CAE5CC597C 272808 ----a-w- C:\Windows\SysWOW64\javaws.exe
2014-10-22 16:40:15 3594C0ABBFFE10B3CF95714B8B3C89A4 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe
2014-10-22 16:40:15 095826BCBBFA5C09C72463A82612B23C 175528 ----a-w- C:\Windows\SysWOW64\java.exe
2014-10-18 13:44:41 8FA677D5F2AFE2A3F111C50D68A93542 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-17 16:19:43 0C9988BDA3CEC3C421B773982C5E2EC6 5703168 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2014-10-17 13:58:25 AB5EFB103DB01C1912C9D2F545EA5621 17920 ----a-w- C:\Windows\SysWOW64\wksprtPS.dll
2014-10-17 13:58:25 8DEEE20D8D30E9B0FBDCA31E58A027BD 53248 ----a-w- C:\Windows\SysWOW64\tsgqec.dll
2014-10-17 13:58:24 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2014-10-17 13:58:24 2EFB1279E7BEA7D12D9F4D6508D27880 50176 ----a-w- C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-10-17 13:58:23 5E676B296B762E211D83B87635F2C330 855552 ----a-w- C:\Windows\SysWOW64\rdvidcrl.dll
2014-10-17 13:56:50 8999F18D38D55E34D356796507FFD639 192000 ----a-w- C:\Windows\SysWOW64\rdpendp_winip.dll
2014-10-17 13:50:46 2C5D7D6C3C3E998306F0BFD7FF7114B9 744960 ----a-w- C:\Windows\SysWOW64\blackbox.dll
2014-10-17 13:50:45 C1140AAB50F59C68394CE4C4046A9A8D 988160 ----a-w- C:\Windows\SysWOW64\drmv2clt.dll
2014-10-17 13:50:42 089236B6EC2E6C52A1864B79A09D7690 617984 ----a-w- C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-17 13:50:41 152FCD9B979D70FDB703A28152B634EA 11411456 ----a-w- C:\Windows\SysWOW64\wmp.dll
2014-10-17 13:50:39 F50F1EBD832CA070E1717C2044806ECF 3208704 ----a-w- C:\Windows\SysWOW64\mf.dll
2014-10-17 13:50:39 1858EF9B8A1E334AC1262D664367F451 406016 ----a-w- C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-17 13:50:38 9153F819C855EBD72417DAE7C176CF50 442880 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-17 13:50:37 776DBF61BA3E8FA64FFA052559A29174 195584 ----a-w- C:\Windows\SysWOW64\AudioSes.dll
2014-10-17 13:50:36 FDA08BEB01B0B0E372088DC21CBA73F3 3970488 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-17 13:50:36 623E143F2DF17C0106A9988F5D7DC878 143872 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll
2014-10-17 13:50:35 E365C7B3EBB96451D3C9DF6B6B6900C2 179200 ----a-w- C:\Windows\SysWOW64\wintrust.dll
2014-10-17 13:50:35 B18B9BD51C8D86596110B9ABD138B92F 3914680 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-17 13:50:34 F8028D69DE63F180623D4444A39BAB3E 489984 ----a-w- C:\Windows\SysWOW64\evr.dll
2014-10-17 13:50:34 6BB12A7CA8779D96334B258548B071F5 1005056 ----a-w- C:\Windows\SysWOW64\cryptui.dll
2014-10-17 13:50:34 5C3BA07E215B4F693E7D78D6F4980D98 1329664 ----a-w- C:\Windows\SysWOW64\quartz.dll
2014-10-17 13:50:34 454BF1E3B844306E764ADC0EA7B6E64C 1174528 ----a-w- C:\Windows\SysWOW64\crypt32.dll
2014-10-17 13:50:33 8C147D67D4E75882DA88206DF098229A 354816 ----a-w- C:\Windows\SysWOW64\mfplat.dll
2014-10-17 13:50:32 77F95AE51E834BAFE903912F7EBE825B 374784 ----a-w- C:\Windows\SysWOW64\AudioEng.dll
2014-10-17 13:50:32 6B07EE9C7668D2C704563DA838026828 81408 ----a-w- C:\Windows\SysWOW64\cryptsp.dll
2014-10-17 13:50:31 60FBCF033FF42A40C916C01A962A8802 50176 ----a-w- C:\Windows\SysWOW64\rrinstaller.exe
2014-10-17 13:50:31 534177269B23D1999DD1FCA50A396611 504320 ----a-w- C:\Windows\SysWOW64\msscp.dll
2014-10-17 13:50:31 4BA17820B97F1CAED69E5BE5F1BC7C96 265216 ----a-w- C:\Windows\SysWOW64\msnetobj.dll
2014-10-17 13:50:30 4F1FCBB6A312825B9A84F813E5093AE9 50688 ----a-w- C:\Windows\SysWOW64\appidapi.dll
2014-10-17 13:50:30 20257A0BFB824B49055A6EEC29C72C03 103424 ----a-w- C:\Windows\SysWOW64\mfps.dll
2014-10-17 13:50:29 D17954CA6343F43B62637F51996B4E95 23040 ----a-w- C:\Windows\SysWOW64\mfpmp.exe
2014-10-17 13:50:29 9590D4F5699C176217A8CA2330E54D8A 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll
2014-10-17 13:50:26 E637A7187CAFB3EEEED0540CBEF27C8B 8192 ----a-w- C:\Windows\SysWOW64\spwmp.dll
2014-10-17 13:50:26 73AC4B12E706CD7D0447976507E50DBE 4096 ----a-w- C:\Windows\SysWOW64\dxmasf.dll
2014-10-17 13:50:25 73AC4B12E706CD7D0447976507E50DBE 4096 ----a-w- C:\Windows\SysWOW64\msdxm.ocx
2014-10-17 13:50:25 52096F5F476733F2E2725CF346FF373B 2048 ----a-w- C:\Windows\SysWOW64\mferror.dll
2014-10-17 13:50:24 A7DD5C1F29877A473265D4B98B3495ED 12625408 ----a-w- C:\Windows\SysWOW64\wmploc.DLL
2014-10-16 19:08:41 D5D5BBF6AA45D820BAA0BD1303B8AAF6 81560 ----a-w- C:\Windows\SysWOW64\mscories.dll
2014-10-16 19:08:41 A139A5E6B34F136405B030EA04595A20 156824 ----a-w- C:\Windows\SysWOW64\mscorier.dll
2014-10-16 19:08:41 8580484193CE0A0788830FBAB97CF13B 1131664 ----a-w- C:\Windows\SysWOW64\dfshim.dll
2014-10-16 19:08:06 DF59F2510EDABBF216FA837D5D964106 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 19:08:06 BD66BA5A924DCC8392CFAEB67131A246 597504 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 19:08:06 604C67F58747D6A333EA641BCCC2C842 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2014-10-16 19:08:06 201EAFA3F17BE4990999C28657212D8E 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 19:08:05 D78C4DB153874DB7AC6AA6A03BE38B66 331448 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 19:08:05 97F2F82BF0B4AF86A85FFDD78DFDC87D 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 19:08:05 3065FF6794A7FDC882F0DA8B6230AB6E 1190400 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-10-16 19:08:04 F91E55DA404B834648A3B0A2477C10DB 17484800 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-10-16 19:08:04 B89F5D2B3D3BC730FAB93CFCD931742F 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 19:08:04 B5B1C277E46A5B0E2FC63E5FC5624CE5 365056 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 19:08:03 8FAA1E45198C4ECEC691326B7F5E71C5 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2014-10-16 19:08:03 835807E2AC0A8FA15B9A2EA80E2D5169 2017280 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 19:08:03 58EC068116BCE16A94B1B2C429A35E41 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 19:08:03 55A400FDB21D157E947A0EE65AEDB1B3 2187264 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-10-16 19:08:02 B74B348D13134D67B4F68ADDDC76A447 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 19:08:02 410BECCA3354D471E45344F0754CC0E4 243200 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 19:08:01 158690737381C49120165A7F3F5D13EB 440320 ----a-w- C:\Windows\SysWOW64\ieui.dll
2014-10-16 19:08:00 EF94FA1F3D90520CCA4AE65D639A9E62 11807232 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-10-16 19:07:59 AA103FEAD721863B86A1B1260948E662 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 19:07:59 8E8E6E7B4CC27B92F40F74E29C1F6290 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 19:07:58 FBE852643EDEB9D6D6502AFE6017CD64 678400 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 19:07:58 DF4BA130BD41F29A894E026E456B8481 454656 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2014-10-16 19:07:58 D03EB7605435FE24ADE670661A932651 4201472 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-10-16 19:07:58 7AE80F921027CF88CB9D0433088A3E55 1810944 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-10-16 19:07:58 6D4DD5706C297234F457B9D9018C493F 61952 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 19:07:58 2409C41081D657A3FABE3659BB989AFB 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll
2014-10-16 19:06:29 3888D02CE6413C2A06D903DE1C778BF5 2363904 ----a-w- C:\Windows\SysWOW64\msi.dll
2014-10-16 19:06:11 37C395C075E6FA66623C82DE50A8FAED 372736 ----a-w- C:\Windows\SysWOW64\rastls.dll
2014-10-16 19:06:01 FD67683FBA9B2C4BB551780BD8846F64 157696 ----a-w- C:\Windows\SysWOW64\winsta.dll
2014-10-16 19:06:01 13829161C1297F4170A5546430147BBD 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 19:06:00 DB1D6751689B4A7EE2439C64F2ADF1C9 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll
2014-10-16 19:04:54 C120855C1133DF8FFD5E0C04A7E70B67 67072 ----a-w- C:\Windows\SysWOW64\packager.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-10-17 16:19:53 E9CB5F138943D383DB67F29AAB60453F 3179520 ----a-w- C:\Windows\Sysnative\rdpcorets.dll
2014-10-17 16:19:52 2147C5330F983D76A36B73F4A804F778 16384 ----a-w- C:\Windows\Sysnative\RdpGroupPolicyExtension.dll
2014-10-17 16:19:42 6DD73E4E947DB3B0608321AE13210D94 6584320 ----a-w- C:\Windows\Sysnative\mstscax.dll
2014-10-17 13:58:31 DDED7C5558B3AE09F568945281A9A6D1 44544 ----a-w- C:\Windows\Sysnative\TsUsbGDCoInstaller.dll
2014-10-17 13:58:27 FEC6178962DFF33074D39CA907971405 12800 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyExtension.dll
2014-10-17 13:58:27 108C257D765AAD2E6EC46557DA0B02BD 13824 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyControl.exe
2014-10-17 13:58:25 7BD2E6E2458A5B95F8341244C7FC7DD4 18944 ----a-w- C:\Windows\Sysnative\wksprtPS.dll
2014-10-17 13:58:25 5289A00E2D21BB3A7D6761646543ED5C 62976 ----a-w- C:\Windows\Sysnative\tsgqec.dll
2014-10-17 13:58:24 8E75B1112C374EBDF18FD640DA2F0655 1147392 ----a-w- C:\Windows\Sysnative\mstsc.exe
2014-10-17 13:58:24 79EE5ECB4BE89343E4CF1E48F7769F59 420864 ----a-w- C:\Windows\Sysnative\wksprt.exe
2014-10-17 13:58:24 149A388C17F04AD1F99B477A43BE1A9F 56832 ----a-w- C:\Windows\Sysnative\MsRdpWebAccess.dll
2014-10-17 13:58:24 0D2C2FAC4F29B5868D39B7267058CFEF 83968 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe
2014-10-17 13:58:23 A4420969E5AB94856E5C0C02E6099D3F 1057280 ----a-w- C:\Windows\Sysnative\rdvidcrl.dll
2014-10-17 13:56:50 D346E07D62E3D4BEAB040939744EC31B 228864 ----a-w- C:\Windows\Sysnative\rdpendp_winip.dll
2014-10-17 13:56:50 AD4D0AEDB5993EDA31EB80A54EDBC344 243200 ----a-w- C:\Windows\Sysnative\rdpudd.dll
2014-10-17 13:50:47 2F5AF776A7B24C6B82D20B5F3179B235 842240 ----a-w- C:\Windows\Sysnative\blackbox.dll
2014-10-17 13:50:46 EF86A7118A3950F03B364FAC93A08E96 1202176 ----a-w- C:\Windows\Sysnative\drmv2clt.dll
2014-10-17 13:50:44 73D3B2408952890DE8157EAA014B9A52 14632960 ----a-w- C:\Windows\Sysnative\wmp.dll
2014-10-17 13:50:42 FE4ABDE0BC70BF9F82531FDB416C4B4E 4120576 ----a-w- C:\Windows\Sysnative\mf.dll
2014-10-17 13:50:42 868FE3B478D05A225D27A28E933CE33C 782848 ----a-w- C:\Windows\Sysnative\wmdrmsdk.dll
2014-10-17 13:50:41 87222A707545E783D9FAE7940645A2C3 500224 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll
2014-10-17 13:50:40 5807843607013D16EEEDC15DA4AA83E7 497664 ----a-w- C:\Windows\Sysnative\drmmgrtn.dll
2014-10-17 13:50:39 999A7FD4D9F8B1656F1167D94743E50A 457400 ----a-w- C:\Windows\Sysnative\ci.dll
2014-10-17 13:50:38 DA9AF4793B4874BE0BE28170DB890CDF 440832 ----a-w- C:\Windows\Sysnative\AudioEng.dll
2014-10-17 13:50:38 8F3FE4C327D30629266F1F0650C2E910 1574400 ----a-w- C:\Windows\Sysnative\quartz.dll
2014-10-17 13:50:38 84396ACFCF981E2CBFACD084DF1271B9 616352 ----a-w- C:\Windows\Sysnative\winresume.efi
2014-10-17 13:50:38 00B454421642EF68B7A17D2C153920E2 693176 ----a-w- C:\Windows\Sysnative\winload.efi
2014-10-17 13:50:37 F06D511B37BB101A7951A1837224B7A5 631808 ----a-w- C:\Windows\Sysnative\evr.dll
2014-10-17 13:50:37 D382414098819BA8A0C2A5F362A710DC 5551032 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe
2014-10-17 13:50:37 C2664AA33B7127C737FC5612EBEB4DE9 619056 ----a-w- C:\Windows\Sysnative\winload.exe
2014-10-17 13:50:37 7FC292D1527EDFEBA2576B6789DE6AB5 229376 ----a-w- C:\Windows\Sysnative\wintrust.dll
2014-10-17 13:50:37 73D81B5B4B2655CB1B5662E770F755D5 532176 ----a-w- C:\Windows\Sysnative\winresume.exe
2014-10-17 13:50:37 19D511CC455C19DE1ADF60E6C39C85B6 187904 ----a-w- C:\Windows\Sysnative\cryptsvc.dll
2014-10-17 13:50:36 6B381E24EC6A6519DC0A67F1DF5EF82C 284672 ----a-w- C:\Windows\Sysnative\EncDump.dll
2014-10-17 13:50:36 08835F1772B58DE4C3AAF604760276A5 1480192 ----a-w- C:\Windows\Sysnative\crypt32.dll
2014-10-17 13:50:35 C92075D9FFC8429E6CA1279EA8D25722 296448 ----a-w- C:\Windows\Sysnative\AudioSes.dll
2014-10-17 13:50:35 81A2008198A6E450E4BC7EF361154C8A 1069056 ----a-w- C:\Windows\Sysnative\cryptui.dll
2014-10-17 13:50:35 2C1B6A64294F2182DC4999F923873974 679424 ----a-w- C:\Windows\Sysnative\audiosrv.dll
2014-10-17 13:50:34 4BE4D8091FBE4DE496B3EFBA206F29AE 432128 ----a-w- C:\Windows\Sysnative\mfplat.dll
2014-10-17 13:50:34 256390425414F90FCBC12F525A84EB11 188416 ----a-w- C:\Windows\Sysnative\pcasvc.dll
2014-10-17 13:50:33 D9A61370B40ABAA9F509113504CD8425 82432 ----a-w- C:\Windows\Sysnative\cryptsp.dll
2014-10-17 13:50:33 724EE88C7003974720087A4344331FC1 503808 ----a-w- C:\Windows\Sysnative\srcore.dll
2014-10-17 13:50:32 D179B4872554CFFD5621FD76E4469C81 325632 ----a-w- C:\Windows\Sysnative\msnetobj.dll
2014-10-17 13:50:32 6F86A81133E8D468DDBE74E2A96CEA03 641024 ----a-w- C:\Windows\Sysnative\msscp.dll
2014-10-17 13:50:31 F71CA01C24FC3798A717B5A6F682F9AD 32256 ----a-w- C:\Windows\Sysnative\appidsvc.dll
2014-10-17 13:50:31 F4F4D51214FEC718D798CA4FF7629FC5 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe
2014-10-17 13:50:31 A8DDFADCA566D4EA38C9DA928D14A658 126464 ----a-w- C:\Windows\Sysnative\audiodg.exe
2014-10-17 13:50:31 68E09E7CD4DC52F132A4B492ACE8C243 55808 ----a-w- C:\Windows\Sysnative\rrinstaller.exe
2014-10-17 13:50:31 01C98E5902E428D5C7EA136895FAEF4C 58880 ----a-w- C:\Windows\Sysnative\appidapi.dll
2014-10-17 13:50:30 D79539E35A0F4A1A6E5DC9A268696DC5 146944 ----a-w- C:\Windows\Sysnative\appidpolicyconverter.exe
2014-10-17 13:50:30 9797A23F773C0782A0D91BEC44054166 206848 ----a-w- C:\Windows\Sysnative\mfps.dll
2014-10-17 13:50:29 C15F3DF9122C70F42AC6D66CBC90918B 63488 ----a-w- C:\Windows\Sysnative\setbcdlocale.dll
2014-10-17 13:50:29 B86AE91A441FA81CFFF2B53F2A1BF123 17920 ----a-w- C:\Windows\Sysnative\appidcertstorecheck.exe
2014-10-17 13:50:29 AB2EB93A982A2C26BA3E4D2D65328804 24576 ----a-w- C:\Windows\Sysnative\mfpmp.exe
2014-10-17 13:50:29 310A2A61A5588D932002F83651188C9E 50176 ----a-w- C:\Windows\Sysnative\srclient.dll
2014-10-17 13:50:27 5C90E1F072AF0579620B500DA14588C3 9728 ----a-w- C:\Windows\Sysnative\spwmp.dll
2014-10-17 13:50:26 855056F06F3677063DB2CC51899BC216 5120 ----a-w- C:\Windows\Sysnative\msdxm.ocx
2014-10-17 13:50:26 855056F06F3677063DB2CC51899BC216 5120 ----a-w- C:\Windows\Sysnative\dxmasf.dll
2014-10-17 13:50:24 71EF970D853661A6BAFBD45C36714FEC 12625920 ----a-w- C:\Windows\Sysnative\wmploc.DLL
2014-10-17 13:50:24 63578DB847FCC40883CB8F303E785D46 2048 ----a-w- C:\Windows\Sysnative\mferror.dll
2014-10-16 19:08:43 5602D4C331FD7938ADE06D9242138922 3198976 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-10-16 19:08:41 50EC828370CB5F5E9FF08B10F1B701C8 73880 ----a-w- C:\Windows\Sysnative\mscories.dll
2014-10-16 19:08:41 5083CC5456FE8A5D21ECF9E32ACC779F 1943696 ----a-w- C:\Windows\Sysnative\dfshim.dll
2014-10-16 19:08:41 2D6C77A3DB3D8EE00FB55834A67E4073 156312 ----a-w- C:\Windows\Sysnative\mscorier.dll
2014-10-16 19:08:10 974F83636F841739FEA5CC6219BFB241 276480 ----a-w- C:\Windows\Sysnative\generaltel.dll
2014-10-16 19:08:10 510D5492BCA9E63E10E3CE0285965722 507392 ----a-w- C:\Windows\Sysnative\aepdu.dll
2014-10-16 19:08:09 767D478BB4B2F84B47B3C0956E6A5A05 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll
2014-10-16 19:08:06 C109D5136DF0A6CA668C7AD888AA125F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-10-16 19:08:05 739D9C9F220CCEDAFD8212C6B976B60D 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll
2014-10-16 19:08:05 29C0530E0F120AC3E583889DCD6A63DD 710656 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-10-16 19:08:04 DD8E9C85F9F428859713055183661956 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-10-16 19:08:04 4D21F4FDF57DF86FAD9149ED1C071D15 72704 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-10-16 19:08:03 87D14AF9A2C3F3D5233B613CFA9C321D 378552 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-10-16 19:08:03 0F5A279522FA6A30C9C5A297A1064933 1447936 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-10-16 19:08:02 E9109E91BB8366759822DC2FC9B5DA8B 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-10-16 19:08:02 B07E9AFF50DC007E7D5AC54736AA5A25 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2014-10-16 19:08:01 DAF317E9F4CEC206D0D443014A427341 446464 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-10-16 19:08:01 45B736E3184B68515FDB71D4083A9BCF 731136 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-10-16 19:08:00 646C004F58AA4762F92BF7C595216C37 2108416 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-10-16 19:08:00 0467A4DDA6B2CE8E27A8178BF035BA18 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll
2014-10-16 19:07:59 050FD78BA4EFA62417F61F4C098B5B25 2796032 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-10-16 19:07:58 BE37AA454460539877420951EEA16EF0 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-10-16 19:07:57 98241BE7EB26C41562D33393DD12608F 289280 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2014-10-16 19:07:57 88D2165E07CEDC3F34CBE1A5A807673D 595968 ----a-w- C:\Windows\Sysnative\ieui.dll
2014-10-16 19:07:57 7E60EE8A68F7270D1E1662CBA275D4FA 13619200 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-10-16 19:07:56 F9FA80C1CB6EAC55A7F534937F6AC4E4 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-10-16 19:07:56 DB101A62F9BF8E7765685950169EF52B 758272 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-10-16 19:07:56 D3B07C2FABEAE749E4E51F1E93CABA23 5829632 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-10-16 19:07:56 A2105E46DC9CE38A1D57FB124436E1BC 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2014-10-16 19:07:56 70527367E5779C3537992F0768D9C59A 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2014-10-16 19:07:56 328143D6BC5951E1797BD524C4E98CDC 547328 ----a-w- C:\Windows\Sysnative\vbscript.dll
2014-10-16 19:07:56 2E5AF1507CBE735B4D7EBFF1908EA0E1 775168 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-10-16 19:07:55 EB710A3AF29BEC4EE7475A1ED5C575DE 195584 ----a-w- C:\Windows\Sysnative\msrating.dll
2014-10-16 19:07:55 9D98D4F390F0B14A782F3B931E613A1A 2309632 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-10-16 19:07:55 30FB9ABB6C45C3299CFA5F556904DD5F 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
2014-10-16 19:07:54 7415B29AFE2E4494A57358B8C7E78600 23631360 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-10-16 19:07:54 15847E14811FEDDF77E934AF4F0BEF45 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-10-16 19:06:30 ADD3F2C3E6B89BD16D4BFC61B3658DD9 3241472 ----a-w- C:\Windows\Sysnative\msi.dll
2014-10-16 19:06:11 DD7C31F12936795C0516BB6C59CBCCD8 424448 ----a-w- C:\Windows\Sysnative\rastls.dll
2014-10-16 19:06:02 C23B6D9D16FD86F446BE607CA18389D9 235520 ----a-w- C:\Windows\Sysnative\winsta.dll
2014-10-16 19:06:02 4FC4C50985E5B840F4D72E57286887B8 681984 ----a-w- C:\Windows\Sysnative\termsrv.dll
2014-10-16 19:06:01 85E03B6E05939845BC924C91AEDE0E24 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll
2014-10-16 19:06:01 0374D83D003043E7DE33036294A2EFAE 150528 ----a-w- C:\Windows\Sysnative\rdpcorekmts.dll
2014-10-16 19:06:00 560CF90C026C0FE51CC6820302FF94FE 22016 ----a-w- C:\Windows\Sysnative\credssp.dll
2014-10-16 19:04:55 1DB68B8A1E3BDE3C19F1D3612CE436CA 77312 ----a-w- C:\Windows\Sysnative\packager.dll
====== C:\Windows\Sysnative\drivers =====
2014-10-19 13:50:12 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-10-19 13:49:41 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-10-19 13:49:41 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-10-19 13:49:41 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-10-17 13:58:26 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys
2014-10-17 13:56:59 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys
2014-10-17 13:50:39 946010CDFA91469351B22E2620CEBCD8 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys
2014-10-17 13:50:31 80B9412C4DE09147581FC935FB4C97AB 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys
2014-10-16 19:06:01 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys
2014-10-16 19:06:00 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-09-26 21:57:35 -------- d-----w- C:\Program Files\iPod
2014-09-26 21:57:34 -------- d-----w- C:\Program Files\iTunes
======= C:\PROGRA~2 =====
2014-10-18 13:45:47 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
2014-10-13 14:13:59 -------- d-----w- C:\PROGRA~2\OpenOffice 4
2014-09-26 21:57:34 -------- d-----w- C:\PROGRA~2\iTunes
======= C: =====
====== C:\Users\Lesa\AppData\Roaming ======
====== C:\Users\Lesa ======
2014-10-22 18:42:43 0CAA019EE0A420D6B11CDB99344003E1 7308 ----a-w- C:\Users\Lesa\.recently-used.xbel
2014-10-21 20:33:44 61DD88699A1E0E03D530AC960E9CD523 199 ----a-w- C:\Users\Lesa\.gtk-bookmarks
2014-10-20 14:01:52 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\Users\Lesa\Downloads\esetsmartinstaller_enu (1).exe
2014-10-20 04:59:34 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Lesa\Downloads\mbam-setup-2.0.3.1025 (2).exe
2014-10-19 14:46:23 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Lesa\Downloads\mbam-setup-2.0.3.1025 (1).exe
2014-10-19 13:48:18 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Lesa\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-19 03:09:33 1747A50E01D0FDB324F9F50E025FDB66 401920 ----a-w- C:\Users\Lesa\Downloads\MiniToolBox.exe
2014-10-18 14:12:59 590AE97695A21AE8FA5B419BE3E13452 1976320 ----a-w- C:\Users\Lesa\Downloads\AdwCleaner (1).exe
2014-10-18 14:06:31 3F5D9D75F6523CB30924999EDFDAD28B 1705698 ----a-w- C:\Users\Lesa\Downloads\JRT (1).exe
2014-10-17 13:52:08 81C5A0A80C6C40508088B9EB5B522D73 2110976 ----a-w- C:\Users\Lesa\Downloads\FRST64.exe
2014-10-16 19:35:12 -------- d-----r- C:\Users\Lesa\Favorites
2014-10-15 14:18:36 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Lesa\Downloads\OTL (1).exe
2014-10-13 14:15:11 -------- d-s---w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-10-13 14:06:04 40FC525BC8B26AC7E1A7CEF0E02A08F3 140852175 ----a-w- C:\Users\Lesa\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2014-09-26 22:02:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-26 21:59:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-26 21:57:34 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
 
====== C: exe-files ==
2014-10-22 16:37:02 338037EFA0E8E8699B2667D57B751574 118896 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
2014-10-22 06:53:35 821E577AB0B119278BD1940FEF224DDA 51080 ----atw- C:\Users\Lesa\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateBroker.exe
2014-10-22 06:53:35 4067DC9EA0640485F1CF395427FD5E9B 51080 ----atw- C:\Users\Lesa\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe
2014-10-22 06:53:35 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Users\Lesa\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateSetup.exe
2014-10-22 06:53:28 976D5F35A058340DA2C160CEC4063C4B 230792 ----atw- C:\Users\Lesa\AppData\Local\Google\Update\1.3.25.5\GoogleCrashHandler.exe
2014-10-22 06:53:28 26E37D5EAC3F1CF66587183AB348168C 114568 ----atw- C:\Users\Lesa\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateComRegisterShell64.exe
2014-10-22 06:53:28 047556104954A72A2222FFF169166EEE 285064 ----atw- C:\Users\Lesa\AppData\Local\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
2014-10-22 06:53:20 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Users\Lesa\AppData\Local\Google\Update\1.3.25.5\GoogleUpdate.exe
2014-10-22 06:53:06 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Users\Lesa\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.5\GoogleUpdateSetup.exe
2014-10-20 14:53:27 68270679465EC5A66B65489C6E44AD64 11100752 ----a-w- C:\Users\Lesa\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\38.0.2125.104\38.0.2125.104_37.0.2062.124_chrome_updater.exe
2014-10-20 14:02:28 E273331224005C5A8A504164373DE1DC 535304 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2014-10-20 14:02:28 47B06E473B78A792DF07D226E0537D63 119184 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2014-10-20 05:11:43 F47DBB47E45D94BFC81B3428C2E66CC5 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1831\G2MUninstall.exe
2014-10-20 05:11:43 F47DBB47E45D94BFC81B3428C2E66CC5 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1831\G2MInstHigh.exe
2014-10-20 05:11:43 C6745F35D52B597B86F5D39BD883DCC7 39792 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1831\g2mui.exe
2014-10-20 05:11:43 675140C8FFCB6E0377634B10B5B1A419 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1831\g2mvideoconference.exe
2014-10-20 05:11:43 675140C8FFCB6E0377634B10B5B1A419 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe
2014-10-20 05:11:43 675140C8FFCB6E0377634B10B5B1A419 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1831\g2mtranscoder.exe
2014-10-20 05:11:43 675140C8FFCB6E0377634B10B5B1A419 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1831\g2mstart.exe
2014-10-20 05:11:43 675140C8FFCB6E0377634B10B5B1A419 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1831\g2mlauncher.exe
2014-10-20 05:11:43 675140C8FFCB6E0377634B10B5B1A419 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1831\G2MInstaller.exe
2014-10-20 05:11:43 4287C244F56BBF75D2B5B35BDB518120 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1831\g2mcomm.exe
2014-10-20 05:11:31 C38A80559545062BBAD3EBE750361F03 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1796\G2MUninstall.exe
2014-10-20 05:11:31 C38A80559545062BBAD3EBE750361F03 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1796\G2MInstHigh.exe
2014-10-20 05:11:31 A9ECC1F13A1743DEBD08FCB16BC59550 39792 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1796\g2mui.exe
2014-10-20 05:11:31 651E38D9DF4903FE1337564E8E1F00DD 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1796\g2mvideoconference.exe
2014-10-20 05:11:31 651E38D9DF4903FE1337564E8E1F00DD 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1796\g2mupdate.exe
2014-10-20 05:11:31 651E38D9DF4903FE1337564E8E1F00DD 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1796\g2mtranscoder.exe
2014-10-20 05:11:31 651E38D9DF4903FE1337564E8E1F00DD 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1796\g2mstart.exe
2014-10-20 05:11:31 651E38D9DF4903FE1337564E8E1F00DD 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1796\g2mlauncher.exe
2014-10-20 05:11:31 651E38D9DF4903FE1337564E8E1F00DD 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1796\G2MInstaller.exe
2014-10-20 05:11:31 4A89B56CBA8E04F75DAE971DDABBF229 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1796\g2mcomm.exe
2014-10-20 05:11:21 8FAFB8F867480C580244401FBF4B5B5D 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1767\g2mvideoconference.exe
2014-10-20 05:11:21 8FAFB8F867480C580244401FBF4B5B5D 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1767\g2mupdate.exe
2014-10-20 05:11:21 8FAFB8F867480C580244401FBF4B5B5D 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1767\g2mtranscoder.exe
2014-10-20 05:11:21 8FAFB8F867480C580244401FBF4B5B5D 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1767\g2mstart.exe
2014-10-20 05:11:21 8FAFB8F867480C580244401FBF4B5B5D 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1767\g2mlauncher.exe
2014-10-20 05:11:21 8FAFB8F867480C580244401FBF4B5B5D 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1767\G2MInstaller.exe
2014-10-20 05:11:21 7D18B04A2FB5FB47257CE007993C72CF 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1767\g2mcomm.exe
2014-10-20 05:11:21 71653AE98502F8892279DA42A0249722 39792 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1767\g2mui.exe
2014-10-20 05:11:21 6F1BC36EA2F8126A959E315978814C53 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1767\G2MUninstall.exe
2014-10-20 05:11:21 6F1BC36EA2F8126A959E315978814C53 40304 ----a-w- C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1767\G2MInstHigh.exe
2014-10-18 13:44:28 EAFDA2D17FF6CC0B2AFEE21E9134EBF8 145832 ----a-w- C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
2014-10-18 13:44:28 CBE8C6FAEDBA9A2C2577133F0321CBD8 16808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\tnameserv.exe
2014-10-18 13:44:27 DB769E9AE525963168BD4B60BFBF55EB 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\pack200.exe
2014-10-18 13:44:27 BFEC01FEA21A749C43DE15F1644E7900 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\servertool.exe
2014-10-18 13:44:27 BDB4ABB929ADBC7B98E1087830809564 16808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\orbd.exe
2014-10-18 13:44:27 9FF29AE2E75939EFF8A390AD51F5FEFF 50088 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ssvagent.exe
2014-10-18 13:44:27 9D9A28606B59C3D8D8FD1F7704AAAD81 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmid.exe
2014-10-18 13:44:27 74222EDB01CF2D9865D8AC1EEE7C5B63 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\policytool.exe
2014-10-18 13:44:27 6DCF8B667B6C9AD851B2B5CB256521ED 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmiregistry.exe
2014-10-18 13:44:26 EEFD7F935D944118FED39D3041352990 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\kinit.exe
2014-10-18 13:44:26 C935769C537A94BC026BD813015DA450 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\keytool.exe
2014-10-18 13:44:26 93F297984DB0561694F6454A3066D542 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ktab.exe
2014-10-18 13:44:26 6A4970A237A9FE01A36C4181E2A8C1B0 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\klist.exe
2014-10-18 13:44:25 DBDB1A25291B2D18C614F5CA963156A8 182696 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jqs.exe
2014-10-18 13:44:25 93CFE0C1473D2220FBDA2A9C08848F34 75688 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
2014-10-18 13:44:24 D3BC8953C21770FC147064B0BAE78063 68008 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
2014-10-18 13:44:24 B9F9FD6188CC732F19DB69CAE5CC597C 272808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaws.exe
2014-10-18 13:44:24 3594C0ABBFFE10B3CF95714B8B3C89A4 175528 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
2014-10-18 13:44:23 E04E87CDF6CA797BA7C8EA45228FE9E0 48040 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jabswitch.exe
2014-10-18 13:44:23 DD8E9CE0BDF8CE1131004673D9C5444D 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java-rmi.exe
2014-10-18 13:44:23 095826BCBBFA5C09C72463A82612B23C 175528 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java.exe
2014-10-17 13:50:29 E017E313FB86FDD356D3F15A7024B4F2 102400 ----a-w- C:\Program Files\Windows Media Player\wmpconfig.exe
2014-10-17 13:50:29 D5F60B28FB5F9210AD9827FEB47B1AF2 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-10-17 13:50:29 AC3B58FFD38D515DE923C63C2ACDFD54 102400 ----a-w- C:\Program Files (x86)\Windows Media Player\wmpshare.exe
2014-10-17 13:50:29 686A215E51F5FF66B529AF7AA940EAE3 102912 ----a-w- C:\Program Files\Windows Media Player\wmpshare.exe
2014-10-17 13:50:29 0786D45A6F41F075E20A18E2F7285BA0 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-10-17 13:50:28 B56E64D20C205B219C717496E00303D0 101888 ----a-w- C:\Program Files (x86)\Windows Media Player\wmpconfig.exe
2014-10-16 19:08:05 6B9FDB34A5A490FF6A7EDE280062626A 810680 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-10-16 19:08:05 54C9747BB0A64F4D9D401E4648363386 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-10-16 19:08:03 F9F310F9FB7F294F00ABDD03453D8CEE 812736 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-10-16 19:08:03 649E8F572EC0D929F4EED13A53AC0475 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-10-16 19:08:03 53E24F2DB97EFAF85FE093AA254790EC 470528 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-10-16 19:08:00 C876F8303AA30481A36FE2AACDE77671 483840 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
=== C: other files ==
2014-10-20 14:10:41 48F7095C91B73C1896C6DB2DA61D8CD6 208577772 ----a-w- C:\Users\Lesa\Downloads\SmartMoneySmartKids-Audiobook.zip
2014-10-19 13:50:12 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-19 13:49:41 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-19 13:49:41 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-19 13:49:41 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-18 14:07:01 FC1F36A7844235BACFE12DF3FD486026 14957 ----a-w- C:\Users\Lesa\AppData\Local\Temp\jrt\get.bat
2014-10-18 14:07:01 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\Lesa\AppData\Local\Temp\jrt\prelim.bat
2014-10-18 14:07:01 E5E1041DE1DBDDF20D704BA894BEAD05 183929 ----a-w- C:\Users\Lesa\AppData\Local\Temp\jrt\misc.bat
2014-10-18 14:07:01 E01FF880FC345F56C61E80C91FA03687 9384 ----a-w- C:\Users\Lesa\AppData\Local\Temp\jrt\runvalues.bat
2014-10-18 14:07:01 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Lesa\AppData\Local\Temp\jrt\TDL4.bat
2014-10-18 14:07:01 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Lesa\AppData\Local\Temp\jrt\medfos.bat
2014-10-18 14:07:01 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\Lesa\AppData\Local\Temp\jrt\surfvox.bat
2014-10-18 14:07:01 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Lesa\AppData\Local\Temp\jrt\searchlnk.bat
2014-10-18 14:07:01 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Lesa\AppData\Local\Temp\jrt\firefox.bat
2014-10-18 14:07:01 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Lesa\AppData\Local\Temp\jrt\ev_clear.bat
2014-10-18 14:07:01 4D80C7010E2CE44AB25FA25B013649E4 8085 ----a-w- C:\Users\Lesa\AppData\Local\Temp\jrt\mws.bat
2014-10-18 14:07:01 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Lesa\AppData\Local\Temp\jrt\ask.bat
2014-10-18 14:07:01 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Lesa\AppData\Local\Temp\jrt\iexplore.bat
2014-10-18 14:07:01 1EFD82B5DDC672FE3D2AFE731898BAF4 14044 ----a-w- C:\Users\Lesa\AppData\Local\Temp\jrt\chrome.bat
2014-10-18 14:07:01 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Lesa\AppData\Local\Temp\jrt\delfolders.bat
2014-10-18 13:44:28 EC9D939B904C3A942484AFB3293AA413 18714 ----a-w- C:\Program Files (x86)\Java\jre7\lib\deploy\ffjcext.zip
2014-10-17 13:58:26 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2014-10-17 13:56:59 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2014-10-17 13:50:39 946010CDFA91469351B22E2620CEBCD8 663552 ----a-w- C:\Windows\System32\drivers\PEAuth.sys
2014-10-17 13:50:31 80B9412C4DE09147581FC935FB4C97AB 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2014-10-16 19:08:43 5602D4C331FD7938ADE06D9242138922 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-16 19:06:01 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2014-10-16 19:06:00 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-21-3160849686-1691475319-3697074088-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"BitTorrent DNA"="C:\Users\Lesa\Program Files (x86)\DNA\btdna.exe"
"Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe -SpeechUX -Startup"
"Google Update"="C:\Users\Lesa\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"GoogleChromeAutoLaunch_E6657658FBB2FFBE69E67E8E7B31DA16"="C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"Turbo Key"="C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
"TurboV"="C:\Program Files\ASUS\TurboV\TurboV.exe -b"
"RoxWatchTray"="C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe"
"SSBkgdUpdate"="C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot"
"PaperPort PTD"="C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
"IndexSearch"="C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
"PPort11reminder"="C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe -r C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
"BrMfcWnd"="C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN"
"ControlCenter3"="C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun"
"BYRUA_AGENT"="C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"KeyScrambler"="C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"BitTorrent DNA"="C:\Users\Lesa\Program Files (x86)\DNA\btdna.exe"
"Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe -SpeechUX -Startup"
"Google Update"="C:\Users\Lesa\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"GoogleChromeAutoLaunch_E6657658FBB2FFBE69E67E8E7B31DA16"="C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
"Hightail Sync Agent"="C:\Program Files (x86)\Hightail Desktop App\Hightail.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FileZilla Server Interface]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FileZilla Server Interface"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\FileZilla Server\\FileZilla Server Interface.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
 
 
==== Startup Folders ======================
 
2011-05-19 03:36:58 1047 ----a-w- C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2011-03-31 19:16:28 2214 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
2010-05-14 15:32:44 913 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/23/2014 06:55 PM]
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-3160849686-1691475319-3697074088-1001.job --a------ C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe [10/20/2014 12:11 AM]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\G2MUpdateTask-S-1-5-21-3160849686-1691475319-3697074088-1001" [C:\Users\Lesa\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001Core" [C:\Users\Lesa\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001UA" [C:\Users\Lesa\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\20.4.0.40\WSCStub.exe"]
"C:\Windows\SysNative\tasks\SpywareBlaster AutoUpdate" [C:\Program Files (x86)\SpywareBlaster\sbautoupdate.exe]
"C:\Windows\SysNative\tasks\{FD14F46C-FBD1-4653-A594-B3A5CF8879F9}" [C:\Program Files (x86)\Skype\Phone\Skype.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\ASUS\ASUS GPU NOS" [C:\Program Files (x86)\ASUS\GPU NOS\Gpu.exe]
"C:\Windows\SysNative\tasks\ASUS\ASUS RegRun Loader" [C:\Program Files (x86)\ASUS\AASP\1.01.02\AsLoader.exe]
"C:\Windows\SysNative\tasks\ASUS\ASUS Update Checker" [C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe]
"C:\Windows\SysNative\tasks\Norton Security Suite\Norton Error Analyzer" [C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\20.4.0.40\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton Security Suite\Norton Error Processor" [C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\20.4.0.40\SymErr.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== Firefox Extensions Registry ======================
 
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}"="C:\Users\Lesa\Program Files (x86)\DNA" [10/19/2014 11:45 PM]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Lesa\AppData\Roaming\KompoZer\Profiles\o3v2widn.default
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
- KompoZer classic - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\4zvb12bh.default-1413995724453
40AAE0A1A4F664828DF5A95875AEA1C8 - C:\Users\Lesa\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll - Google Update
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Lesa\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
D94C362E750F8C283BF52537D3DF28B5 - C:\Users\Lesa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll - Facebook Plugin
 
 
==== Chromium Look ======================
 
Google Voice Search Hotword (Beta) - Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Send to Kindle for Google Chrome™ - Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea
Save to Pocket - Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Google Wallet - Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Evernote Web Clipper - Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc
 
==== Chromium Fix ======================
 
C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_businessfinder.al.com_0.localstorage deleted successfully
C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_businessfinder.al.com_0.localstorage-journal deleted successfully
C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_saverocity.com_0.localstorage deleted successfully
C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_saverocity.com_0.localstorage-journal deleted successfully
C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage deleted successfully
C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal deleted successfully
C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_expense-tracking-services-review.toptenreviews.com_0.localstorage deleted successfully
C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_expense-tracking-services-review.toptenreviews.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE8SRC"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{373498cd-d26b-4c15-928f-b99d07e5739e} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\79C901292662353439686B34905F599C deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Lesa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Lesa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GCSKC39 will be deleted at reboot
C:\Users\Lesa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q1XCF27H will be deleted at reboot
C:\Users\Lesa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYZMDLC0 will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
C:\Users\Lesa\AppData\Local\Mozilla\Firefox\Profiles\4zvb12bh.default-1413995724453\Cache emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache is not empty, a reboot is needed
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=162 folders=52 50498507 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Lesa\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\TEMP\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Lesa\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\Lesa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GCSKC39" not found
"C:\Users\Lesa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q1XCF27H" not found
"C:\Users\Lesa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYZMDLC0" not found
"C:\Users\Lesa\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GE8CYDKL\ultimatebookcoach.com"  not found
 
==== EOF on Wed 10/22/2014 at 22:37:52.93 ======================
 
 
And here is the FSS:
 

Farbar Service Scanner Version: 21-07-2014
Ran by Lesa (administrator) on 22-10-2014 at 22:42:29
Running from "C:\Users\Lesa\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#22
Naathim
Posted 23 October 2014 - 12:17 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hello :)
 
 
These logs look good. Do you experience any other issues that should be taken care of?



51a5ce45263de-delfix.png Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.

  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.

Include it for my review.
Please also manually reboot your machine after posting your logfile.


  • 0

#23
lesadale
Posted 23 October 2014 - 08:39 AM

lesadale

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

Here is the log and I'm rebooting my computer.  I don't seem to have the problem with SpyBot anymore.

 

# DelFix v10.8 - Logfile created 23/10/2014 at 08:35:51
# Updated 29/07/2014 by Xplode
# Username : Lesa - LESA-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\Users\Lesa\Downloads\FRST-OlderVersion
Deleted : C:\sc-cleaner.txt
Deleted : C:\zoek-results.log
Deleted : C:\Users\Lesa\Desktop\JRT.txt
Deleted : C:\Users\Lesa\Downloads\Addition.txt
Deleted : C:\Users\Lesa\Downloads\AdwCleaner (1).exe
Deleted : C:\Users\Lesa\Downloads\AdwCleaner.exe
Deleted : C:\Users\Lesa\Downloads\esetsmartinstaller_enu (1).exe
Deleted : C:\Users\Lesa\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Lesa\Downloads\Extras.Txt
Deleted : C:\Users\Lesa\Downloads\FRST.txt
Deleted : C:\Users\Lesa\Downloads\FRST64.exe
Deleted : C:\Users\Lesa\Downloads\FSS.exe
Deleted : C:\Users\Lesa\Downloads\FSS.txt
Deleted : C:\Users\Lesa\Downloads\JRT (1).exe
Deleted : C:\Users\Lesa\Downloads\JRT.exe
Deleted : C:\Users\Lesa\Downloads\MiniToolBox.exe
Deleted : C:\Users\Lesa\Downloads\OTL.Txt
Deleted : C:\Users\Lesa\Downloads\OTL (1).exe
Deleted : C:\Users\Lesa\Downloads\OTL.exe
Deleted : C:\Users\Lesa\Downloads\Result.txt
Deleted : C:\Users\Lesa\Downloads\sc-cleaner.exe
Deleted : C:\Users\Lesa\Downloads\SecurityCheck.exe
Deleted : C:\Users\Lesa\Downloads\SystemLook.txt
Deleted : C:\Users\Lesa\Downloads\SystemLook_x64.exe
Deleted : C:\Users\Lesa\Downloads\TFC (1).exe
Deleted : C:\Users\Lesa\Downloads\TFC (2).exe
Deleted : C:\Users\Lesa\Downloads\TFC.exe
Deleted : C:\Users\Lesa\Downloads\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
 
~ Cleaning system restore ...
 
Deleted : RP #530 [Windows Update | 10/22/2014 08:17:59]
Deleted : RP #531 [Removed Java™ 6 Update 22 | 10/22/2014 16:38:46]
Deleted : RP #532 [zoek.exe restore point | 10/23/2014 03:08:25]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#24
Naathim
Posted 23 October 2014 - 11:41 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
I am very glad to hear that. And now, subject to no further issues, I think that you are ready to go :)



Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.


Recommended reading:


icon_exclaim.gif MUST READ - security tips: Computer Security - a short guide to staying safer online.
icon_exclaim.gif MUST READ - general maintenance: What to do if your Computer is running slowly?


Recommended additional software:


icon_arrow.gif TFC - to clean unneeded temporary files.
icon_arrow.gif Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gif Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gif McShield - to prevent infections spread by removable media.
icon_arrow.gif CryptoPrevent - to secure yourself from very severe CryptoLocker infection.
icon_arrow.gif Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.


My help is always free, but if you are happy with the help provided and wish to help my fight against malware, please consider making a donation.
All donations are to refund a new HDD to replace the old one, which recently passed away! btn_donate_SM.gif


Now if you have any other questions, feel free to ask me. Otherwise simply acknowledge my recommendations and this topic will be closed.


Minion-Bye-smaller.jpg


Stay safe,
Naat :)
  • 0

#25
Naathim
Posted 24 October 2014 - 01:31 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP