[rubymars]

I've been trying to remove "iwintoolbarforpogo".  No success.  I did regedit and found a pogo file with sub files.  Removed that but still see iwintoolbarforpogo . While doing all this I found virtumonde.dll and discovered it is not. I need help getting rid of this stuff.

[Advertisements]

Greetings and

My nickname is Ruggie and I will be assisting you in cleaning your computer.

• Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
• When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
• If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

Please be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

If at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

Please stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.

• Right click to run as administrator. >> Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
• When the tool opens click Yes to the disclaimer.
• Ensure that the following are ticked as in the image below

Drivers MD5
Shortcut.txt
Addition.txt

• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Items I need to see in your next post:

• FRST.txt
• Shortcut.txt
• Addition.txt
   

[ruggie_uk]

Greetings and

My nickname is Ruggie and I will be assisting you in cleaning your computer.

• Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
• When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
• If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

Please be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

If at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

Please stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.

• Right click to run as administrator. >> Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
• When the tool opens click Yes to the disclaimer.
• Ensure that the following are ticked as in the image below

Drivers MD5
Shortcut.txt
Addition.txt

• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Items I need to see in your next post:

• FRST.txt
• Shortcut.txt
• Addition.txt
   

[rubymars]

Hi Ruggie.
I'm Ruby Mars. Thrilled that you actually answered back. I will begin the process tomorrow evening. Thank you.

[ruggie_uk]

Look forward to it

[rubymars]

Hi Ruggie. Rubymars here.
Stuck already. Here's where I start with message --> If the download process does not begin automatically, please click here.

When I go to save first download I get --download has completed. Then when I hit run I get FRST64.exe might have been moved or deleted---retry.
I am stuck there. SOS
Sponsored Products

[ruggie_uk]

It is possible that your antivirus software removed FRST as it is an intrusive tool. Try temporarily disabling your protection until you have managed to run the scan.

[rubymars]

ok here we go.

[rubymars]

First let me say that--iwintoolbarforpogo--is no longer showing like it has for nearly a week. But anyway I uninstalled my virus protection. I'll try the first download again.

[rubymars]

So sorry. Can't stay on the computer. Please let's try again tomorrow evening.

[ruggie_uk]

No problem

[rubymars]

Before I start let me say that I'm not exactly pc illiterate but definitely not an expert. So my concern is that I might get stuck during the process. For instance I was reading the FRST tutorial page and there were things I was clueless about like how do I upload a log as an attachment for analysis? How do I paste to notepad? I have sticky notes. Will that work the same? I want to go ahead but must feel pretty secure in my ability to follow you to the end. BTW, I know that what I've learned about computing through the years, I've learned by jumping in so I'm willing but I hope you understand my concern.

[ruggie_uk]

Hi.
Don't worry. I will be here at every stage and we can go as quick or as slow as you like.
Whatever you need more detailed or extra help with. Just ask at that stage and I will help you through it.
As well as a clean up. It also becomes a leaning experience.

[rubymars]

I'm starting now.

[rubymars]

Did FRST. REimage repair is scan done. Now it asks to choose repair. Yes?

[rubymars]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015
Ran by Maria (administrator) on BEDROOM-PC on 17-01-2015 21:18:28
Running from C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A882WID4
Loaded Profiles: UpdatusUser & Maria (Available profiles: UpdatusUser & Maria)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Crawler.com) C:\Program Files (x86)\CStart8\CStart8Tray64.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Dell) C:\Users\Maria\AppData\Local\Apps\2.0\BL0M5R8W.999\EYJHRHKM.0XE\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [692208 2012-12-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-06] (IDT, Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4391072 2012-11-09] (Dell Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [CStart8] => C:\Program Files (x86)\CStart8\CStart8Tray64.exe [3138656 2013-10-03] (Crawler.com)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1695502234-2404808496-3934146252-1002\...\Run: [DellSystemDetect] => C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-1695502234-2404808496-3934146252-1002\...\Run: [SkyDrive] => C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-1695502234-2404808496-3934146252-1002\...\MountPoints2: {02b14fb8-ff0e-11e3-beaa-606c66cf9526} - "E:\VZW_Software_upgrade_assistant.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-01-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-01-11] (NVIDIA Corporation)
Startup: C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Maria\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1695502234-2404808496-3934146252-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ntoolbarforpogo
HKU\S-1-5-21-1695502234-2404808496-3934146252-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie10
URLSearchHook: [S-1-5-21-1695502234-2404808496-3934146252-1001] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM-x32 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKU\S-1-5-21-1695502234-2404808496-3934146252-1002 -> DefaultScope {8BE5AC9C-4486-4365-BA02-78DE8951EB3E} URL =
SearchScopes: HKU\S-1-5-21-1695502234-2404808496-3934146252-1002 -> Yahoo URL = http://search.yahoo....ntoolbarforpogo
SearchScopes: HKU\S-1-5-21-1695502234-2404808496-3934146252-1002 -> {5E051F48-EA24-4BCA-8E4A-D5EAF950D9E5} URL = http://search.yahoo....-8&fr=chr-yie10
SearchScopes: HKU\S-1-5-21-1695502234-2404808496-3934146252-1002 -> {8BE5AC9C-4486-4365-BA02-78DE8951EB3E} URL =
SearchScopes: HKU\S-1-5-21-1695502234-2404808496-3934146252-1002 -> {8FF6753F-46CD-437D-85BA-CCD83EFBE1D4} URL = http://www.flickr.co...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1695502234-2404808496-3934146252-1002 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKU\S-1-5-21-1695502234-2404808496-3934146252-1002 -> {F1233F02-E927-4DE4-9015-EC4A3BC4F103} URL = http://delicious.com...p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn [2015-01-17]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-17]
CHR Extension: (Google Drive) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-17]
CHR Extension: (YouTube) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-17]
CHR Extension: (Google Search) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-17]
CHR Extension: (Norton Identity Safe) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-20]
CHR Extension: (Google Wallet) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-17]
CHR Extension: (Gmail) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-17]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2015-01-17]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2015-01-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024 2015-01-14] (Reimage®)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 SMR430; \SystemRoot\System32\drivers\SMR430.SYS [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys E890C46E4754F0DF51BAFCC8D2E07498
C:\Windows\System32\drivers\3ware.sys 4F18D4C7EA14F11A7211F60D553C03DB
C:\Windows\System32\drivers\ACPI.sys 975AABEB243B800C23626D6B652C5A9C
C:\Windows\System32\Drivers\acpiex.sys DC968C37822117E576B933F34A2D130C
C:\Windows\System32\drivers\acpipagr.sys 0CA9F7C3A78227C21A0A7854E245CFB2
C:\Windows\System32\drivers\acpipmi.sys 8EB8DA03B142D3DD1EB9ED8107A76C43
C:\Windows\System32\drivers\acpitime.sys CBCE725C5D86ABA7D2604E22951AA9B8
C:\Windows\System32\drivers\adp94xx.sys 93C6388592B99925C1D1576E465BC80F
C:\Windows\System32\drivers\adpahci.sys D27763E0247292654E7F7D16444C7C72
C:\Windows\System32\drivers\adpu320.sys 67B90070FF48F794AF19F9FCF0080D75
C:\Windows\system32\drivers\afd.sys FE7FB9612D354EB41DF4F0FF5D6FB259
C:\Windows\System32\drivers\agp440.sys 01590377A5AB19E792528C628A2A68F9
C:\Windows\System32\drivers\amdk8.sys 5A81054B824004B1ECC04F0034A1CDF9
C:\Windows\System32\drivers\amdppm.sys B849D453E644FAB9BC8EF6DC8CA9C4C6
C:\Windows\System32\drivers\amdsata.sys 35A0EB5AECB0FA3C41A2FB514A562304
C:\Windows\System32\drivers\amdsbs.sys 00452671904F5EE94B50BF0219C97164
C:\Windows\System32\drivers\amdxata.sys EA3FFE53E92E59C87E3ECA9BEB20D9B7
C:\Windows\System32\drivers\AMPPAL.sys B716710EEE22D85EE26FB5EB26FC5C67
C:\Windows\system32\DRIVERS\amppal.sys B716710EEE22D85EE26FB5EB26FC5C67
C:\Windows\System32\drivers\Apfiltr.sys 9B672FD482DCD9F7212CE65A1CB2D6B3
C:\Windows\system32\drivers\appid.sys 83B3682CE922FB0F415734B26D9D6233
C:\Windows\System32\drivers\arc.sys E933401B392387F4BE34DE8BAF1722A7
C:\Windows\System32\drivers\arcsas.sys 07CA323EF2E8247A568AB0F3662AD644
C:\Windows\system32\DRIVERS\asyncmac.sys 74DBAEC35366C4EE7670428808715A6A
C:\Windows\System32\drivers\atapi.sys A721FF570C2387E383BDDEA9632863C9
C:\Windows\System32\drivers\bxvbda.sys 87AB5BB072A3F128541D5B815F82FFDD
C:\Windows\System32\drivers\BasicDisplay.sys 81703BC5D68DEDBB086C2368FBE7B334
C:\Windows\System32\drivers\BasicRender.sys 5EC68164E14D25675C98BBB5F09E8606
C:\Windows\System32\Drivers\Beep.sys 9E7AEA59776D904607985AFFE7E5E183
C:\Windows\System32\DRIVERS\bowser.sys B17AC10B47C7FCB44D22A1F06415840E
C:\Windows\System32\drivers\BthAvrcpTg.sys 6695200F455E251F0BCC9CE4D0978D59
C:\Windows\System32\drivers\BthEnum.sys A8B20D852B07AE19A13B5D47EC4E4C3B
C:\Windows\System32\drivers\bthhfenum.sys 616EB8748C988AEE98D93DA141C3D3B4
C:\Windows\System32\drivers\BthHFHid.sys DCB4EBD928A6FB368BE6CAE522412DE1
C:\Windows\system32\DRIVERS\BthLEEnum.sys 42201C346F0B8C458E1E9CDE04D68A2C
C:\Windows\System32\drivers\bthmodem.sys 033916CE8784A848B9A3D686B7F66D97
C:\Windows\system32\DRIVERS\bthpan.sys 091BB978E9504D0AD14586929431A957
C:\Windows\System32\Drivers\BTHport.sys 13795CAA34239D97A7211E7F9D96E012
C:\Windows\System32\Drivers\BTHUSB.sys 1F715957F5236D30B6020A19A4271F6A
C:\Windows\system32\DRIVERS\btmaux.sys 7235891AF09D13C4214DEEE57ED331D0
C:\Windows\system32\DRIVERS\btmhsf.sys 76D0DDD58A773CA1BFB4D30AAE03517A
C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys 0510396A957E9FD7205BA62D3CAE4528
C:\Windows\System32\DRIVERS\cdfs.sys 990B1BABE6E81FB18E65A87EBEFB1772
C:\Windows\System32\drivers\cdrom.sys 339BFF85D788268752DA8C9644B188EE
C:\Windows\System32\drivers\circlass.sys F64B7D1A37CC1D5F421D5359EEC81E2E
C:\Windows\System32\drivers\CLFS.sys 9905168708DB68849B879B5548F68AB3
C:\Windows\system32\DRIVERS\CLVirtualDrive.sys 075CCE75090786F124573A788C8656E6
C:\Windows\System32\drivers\CmBatt.sys 2DC8538A2260647484A6C921CA837313
C:\Windows\System32\Drivers\cng.sys DBF9E5346431557BF56F41E7F8EC0DC1
C:\Windows\System32\drivers\CompositeBus.sys 0E5B1E9E7122EDAAF1F6CE047965CA92
C:\Windows\System32\drivers\condrv.sys D9CB0782AF819548072AA45B70F8B22D
C:\Windows\System32\drivers\dam.sys FAEF4C245BE832DB41B15DAAC336AFB7
C:\Windows\System32\Drivers\dfsc.sys 431141C6859990824D17F71C30A78728
C:\Windows\system32\DRIVERS\ssudbus.sys 73BDD44A6088916964945886F9025409
C:\Windows\System32\drivers\discache.sys 3C736FAE17BA6F91BA37594AAB139CD0
C:\Windows\System32\drivers\disk.sys AE3786294CC246A5403783E1B86A0168
C:\Windows\System32\drivers\dmvsc.sys 82A7C72593793FE1EADA7A305BD1567A
C:\Windows\system32\drivers\drmkaud.sys 9C7C183F937951AE17C5B8B3259CF3FF
C:\Windows\System32\drivers\dxgkrnl.sys 2BB5627EB587FA995086C3D8C21B6D3F
C:\Windows\System32\drivers\evbda.sys 5AB97B3282D7D6114949D1EB5C8598E4
C:\Windows\System32\drivers\EhStorClass.sys 66D60BD9A4C05616ABECA2A901475098
C:\Windows\System32\drivers\EhStorTcgDrv.sys A61D0F543024E458C0FE32352E1978E2
C:\Windows\System32\drivers\errdev.sys D790D058D67582DB9C84C2D33695FE6B
C:\Windows\System32\Drivers\exfat.sys 7A4D6FEB8C52B3FE855E4DCDF9107E03
C:\Windows\System32\Drivers\fastfat.sys 60996602A7111FD2D086E803F33E4282
C:\Windows\System32\drivers\fdc.sys 73B2D11DF0B6E03A0CB0323218ACB3E4
C:\Windows\System32\drivers\fileinfo.sys 88A9EBACD1058ABB237A6B4E96E7F397
C:\Windows\System32\drivers\filetrace.sys 9E4EE3A0B00FF7D5F42A4AF9744CBA02
C:\Windows\System32\drivers\flpydisk.sys B1D4C168FF7B8579E3745888658FFB1D
C:\Windows\System32\drivers\fltmgr.sys B33EC133AE4E6C1881D2302D93D2467D
C:\Windows\System32\drivers\FsDepends.sys A5F7873A39E4E9FAAAE59B7E9E36B705
C:\Windows\System32\Drivers\Fs_Rec.sys A6DD7D491F587F4BC13FB972977DC8E8
C:\Windows\System32\DRIVERS\fvevol.sys C1646A95EAC515F60CDB2A7A8A013C1E
C:\Windows\System32\drivers\fxppm.sys A969D92973DFA895E7776B4BFE36DBB2
C:\Windows\System32\drivers\gagp30kx.sys 52BC441E07A827EBAB70CDC7EAEDB28D
C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\drivers\vmgencounter.sys 721F8EEF5E9747F32670DEFF7FB92541
C:\Windows\System32\Drivers\msgpioclx.sys FC2B8B06BDBD3B6457F5A3DA9AD2410E
C:\Windows\System32\drivers\HDAudBus.sys 58CC013EFA9893057160EDA018D8ADCE
C:\Windows\System32\drivers\HidBatt.sys 3F76BBA53D65E85A7F53E7A71082082C
C:\Windows\System32\drivers\hidbth.sys 085F150D002B7F0153D3C06DDF33A143
C:\Windows\System32\drivers\hidi2c.sys CC4A07E51D89575CAB6F4EB590D87CD4
C:\Windows\System32\drivers\hidir.sys DC96F7DACB777CDEAEF9958A50BFDA06
C:\Windows\System32\drivers\hidusb.sys 012C354B4AB48E9A7A657DF39E3A2073
C:\Windows\System32\drivers\HpSAMD.sys 64DB7A8D97CA53DCCF93D0A1E08342CF
C:\Windows\System32\drivers\HTTP.sys F4A91D985EB9D1D2717D538F3424603C
C:\Windows\System32\drivers\hwpolicy.sys 2A98301068801700906C06649860FE94
C:\Windows\System32\drivers\hyperkbd.sys DC76901D82097C9E297F20C287CB9A27
C:\Windows\system32\DRIVERS\HyperVideo.sys 716413AB3CA12DE0A7222D28C1C9352C
C:\Windows\System32\drivers\i8042prt.sys C9E9CBF73AFFBFE3E801EFB516787BA3
C:\Windows\System32\drivers\iaStorA.sys 459016E8A4FA6426EDB5A9456A6E5E58
C:\Windows\System32\drivers\iaStorV.sys 5E394EBD26FD68AA9300332C46BEDD62
C:\Windows\system32\DRIVERS\iBtFltCoex.sys C430482AC892D52CED021EDDD4D368A2
C:\Windows\system32\DRIVERS\igdkmd64.sys A1CF07D24EDCDC6870535471654D957C
C:\Windows\System32\drivers\iirsp.sys 24847A06B84339FEEDE5CABF3D27D320
C:\Windows\system32\drivers\intelaud.sys FD2032D2EAE8D7F3381EBA5FA3E7FEEA
C:\Windows\system32\DRIVERS\IntcDAud.sys F5495B38BFB9149925F54F65AB40EFBF
C:\Windows\System32\drivers\intelide.sys 4F37726CF764CA18A8A84F85EF3A7F24
C:\Windows\System32\drivers\intelppm.sys E15CDF68DD73423F15D4AC404793AF0D
C:\Windows\System32\DRIVERS\ipfltdrv.sys 8FCA66234A0933D796BB780B7953BAB9
C:\Windows\System32\drivers\IPMIDrv.sys A4071DA3AE419F9694BFCB267C7DB8D7
C:\Windows\System32\drivers\ipnat.sys 3969B9C218DD3FAA9F4ED2FFC3651C02
C:\Windows\System32\drivers\irenum.sys 25CD7C4BB2863FFC2B0B311F0AEBF77C
C:\Windows\System32\drivers\isapnp.sys D940C5BB9DC92E588533C19ABCC3D2C2
C:\Windows\System32\drivers\msiscsi.sys E6530FD4F61B40F338BF4355A21B9A09
C:\Windows\System32\drivers\iwdbus.sys C59B9CE2855E667809F9E63C20FC44A5
C:\Windows\System32\drivers\kbdclass.sys 8FBD94B69D6423E20ABCD59D86368B21
C:\Windows\System32\drivers\kbdhid.sys E88C932ABDF8185A62C8F2FC7B051FB6
C:\Windows\system32\DRIVERS\kdnic.sys FB6C185092E18011EF49989425C2AA87
C:\Windows\System32\Drivers\ksecdd.sys 8B3EB6372436195B8EA8AE09A184BCE2
C:\Windows\System32\Drivers\ksecpkg.sys 0EB535ADDC065F2D0CBFC089630A6065
C:\Windows\system32\drivers\ksthunk.sys 81492FEEBF2F26455B00EE8DBAE8A1B0
C:\Windows\system32\DRIVERS\lltdio.sys CEEFD29FC551F289810B0B9381B321DC
C:\Windows\System32\drivers\lsi_sas.sys 022CDD12161B063D7852B1075BF3FFF2
C:\Windows\System32\drivers\lsi_sas2.sys 07AD59D669B996F29F91817F0ECFA34F
C:\Windows\System32\drivers\lsi_scsi.sys 216FB796AA4E252ACCE93B1BCB80B5EC
C:\Windows\System32\drivers\lsi_sss.sys 5E80530AF37102488EE980B4A92AF99F
C:\Windows\system32\drivers\luafv.sys 2BDC5D711FA61307CE6190D47C956368
C:\Windows\System32\drivers\megasas.sys 9B0D829C3BE4E7472DB9DD2B79908E3C
C:\Windows\System32\drivers\MegaSR.sys ECC3F54C7AFC318271C4F0B4606D8DB0
C:\Windows\System32\drivers\HECIx64.sys 772A1DEEDFDBC244183B5C805D1B7D85
C:\Windows\System32\drivers\modem.sys 780098AD5DA8A4822E2563984C85EF7B
C:\Windows\System32\drivers\monitor.sys EA8EAD3F5B762F889CC7F3966625B48B
C:\Windows\System32\drivers\mouclass.sys 618446B98C79776654340CE27C73485E
C:\Windows\System32\drivers\mouhid.sys C0ADEBED913295803B579ED288936CBB
C:\Windows\System32\drivers\mountmgr.sys E7E9DBFDD3F25ED0C05B99AE9FA18BDE
C:\Windows\System32\drivers\mpsdrv.sys 4CCBBD4944777CA100B9A6C2F149A46F
C:\Windows\system32\drivers\mrxdav.sys 25560C1656DC7F0723A0CC0B0E1C6BED
C:\Windows\System32\DRIVERS\mrxsmb.sys 14EE56050E1637926F5CFA65B1F4209B
C:\Windows\System32\DRIVERS\mrxsmb10.sys 06D5F2FA3C61E8EA91648EA8E9F99FD3
C:\Windows\System32\DRIVERS\mrxsmb20.sys 0AA400AB21745F1153ECE75E0186509A
C:\Windows\system32\DRIVERS\bridge.sys 98487487D6B3797CA927E9D7B030AE13
C:\Windows\System32\Drivers\Msfs.sys 3886F1F2A4D2900ABAA7E4486BEEE6A2
C:\Windows\System32\drivers\msgpiowin32.sys C32A7A39B960A42BA9D4FBE47213CA03
C:\Windows\System32\drivers\mshidkmdf.sys D3857A767B91A061B408CCAB02DA4F40
C:\Windows\System32\drivers\mshidumdf.sys 839B48910FB1E887635C48F3EC11A05E
C:\Windows\System32\drivers\msisadrv.sys 55C0DB741E3AB7463242B185B1C2997C
C:\Windows\system32\drivers\MSKSSRV.sys 509809566E49F4411055864EA8D437CD
C:\Windows\system32\DRIVERS\mslldp.sys 63145201D6458E4958E572E7D6FC2604
C:\Windows\system32\drivers\MSPCLOCK.sys 99D526E803DB6D7FF290FD98B6204641
C:\Windows\system32\drivers\MSPQM.sys 06FA77C3E2A491ADCD704C5E73006269
C:\Windows\System32\Drivers\MsRPC.sys E134EC4DE11CF78CB01432D180710D84
C:\Windows\System32\drivers\mssmbios.sys B5AECF12F09DEE97C9FCAA5BA016CE1E
C:\Windows\system32\drivers\MSTEE.sys 72D66A05E0F99F2528F6C6204FD22AA1
C:\Windows\System32\drivers\MTConfig.sys 8AAAE399FC255FA105D4158CBA289001
C:\Windows\System32\Drivers\mup.sys 3BCB702F3E6CC622DCAFCAA45D7CDE0A
C:\Windows\System32\drivers\mvumis.sys 3A1E095277BBD406CEA8EA6B76950664
C:\Windows\system32\DRIVERS\nwifi.sys 43D7388A90A4C6EA346A4D6FF0377479
C:\Windows\System32\drivers\ndis.sys A10E176F3B2BF83EDE7B5C4658C93B66
C:\Windows\system32\DRIVERS\ndiscap.sys 39C8A1D9D46F5E83A016BCAB72455284
C:\Windows\system32\DRIVERS\NdisImPlatform.sys 762941932B7E4C588E48A577BA9D6440
C:\Windows\system32\DRIVERS\ndistapi.sys 7A6F8A6D0E01432EBA294EF29CDD0FA7
C:\Windows\system32\DRIVERS\ndisuio.sys 79AB68BB3FFF974AD4F41FA559F4EC67
C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8
C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8
C:\Windows\System32\Drivers\NDProxy.sys 3730942D7DB2F8BB5F84542B7FF6F650
C:\Windows\System32\drivers\Ndu.sys D3F60A4345FCA9C1BE68AD7D0D6DE770
C:\Windows\System32\DRIVERS\netbios.sys 7C203A76394F9AE68F69EEE5F9612C4A
C:\Windows\System32\DRIVERS\netbt.sys 7CEC25C682D319D484630B3952C31A11
C:\Windows\system32\DRIVERS\NETwew00.sys 75B9B86878CC159FBC40C4F9202ADBE3
C:\Windows\System32\drivers\nfrd960.sys 12DD2800E4EEA37DC9AE256AD62423B4
C:\Windows\System32\Drivers\Npfs.sys 17E19A742FB30C002F8B43575451DBE1
C:\Windows\System32\drivers\npsvctrig.sys 8ED299C30792544264E558BEA79F0947
C:\Windows\System32\drivers\nsiproxy.sys 689B3B1E95C70ABF7AFF29F9406EF1E0
C:\Windows\System32\Drivers\Ntfs.sys 7BE3EDFFA3216F989A6BDCB14795DD08
C:\Windows\System32\Drivers\Null.sys 4163ADE07DB51843AE31F65B94F5398D
C:\Windows\system32\DRIVERS\nvlddmkm.sys 993D73A8090C957230DE4E14AA9C5DFF
C:\Windows\System32\DRIVERS\nvpciflt.sys 29C4634D4B9A36CAA14BA5C91E5F4E8B
C:\Windows\System32\drivers\nvraid.sys D6D34118263412D3AAA8348A9572B7F2
C:\Windows\System32\drivers\nvstor.sys 27AFC428D1D32ABD04A86763A4EDDEA9
C:\Windows\System32\drivers\nvstusb.sys 03C0CB5CF01B8AB02D66B2C036BC3F37
C:\Windows\System32\drivers\nv_agp.sys 051CFB5107BAAE510419BDC41F8C4036
C:\Windows\System32\drivers\parport.sys 4563DAF8C6A740AD7F501E219BD10766
C:\Windows\System32\drivers\partmgr.sys D6ACCF9F2EEEEA711C14EFD976E573F3
C:\Windows\System32\drivers\pci.sys 4A003E8F718C1E6A2050CA98CD53E3E2
C:\Windows\System32\drivers\pciide.sys F9908D274D458220F91E89B54D78D837
C:\Windows\System32\drivers\pcmcia.sys 84D19CB6102627932DCB5DFDF89FE269
C:\Windows\System32\drivers\pcw.sys CEBBAD5391C2644560C55628A40BFD27
C:\Windows\System32\drivers\pdc.sys 0698DEDEAD6A00AD0D468C687D830FBF
C:\Windows\System32\drivers\peauth.sys 61FE70659CD43E07F94DA4DC31DEC493
C:\Windows\system32\DRIVERS\raspptp.sys 362D47E5B4D67270DE4B8606036F4ADD
C:\Windows\System32\drivers\processr.sys DD979EB6A7212F60E4AFBE96EDC7AE6D
C:\Windows\system32\DRIVERS\pacer.sys EB8034147D4820CD31BFCB11A2A652DF
C:\Windows\system32\drivers\qwavedrv.sys 13D47BB0CCA2FC51BD15F8E85C6A078E
C:\Windows\System32\DRIVERS\rasacd.sys 873C60F8178100557740A832FCE10B5F
C:\Windows\system32\DRIVERS\AgileVpn.sys 69B93F623B130976243ECA3D84CC99CA
C:\Windows\system32\DRIVERS\rasl2tp.sys A14D625C5AEE5FFE0F47D1A1D419FAAE
C:\Windows\system32\DRIVERS\raspppoe.sys 00695B9C2DB6111064499C529E90C042
C:\Windows\system32\DRIVERS\rassstp.sys A7F24D8CD1956B0A1FDCB86CC5114DE4
C:\Windows\System32\DRIVERS\rdbss.sys CA03D642ACE58E1BA54E4B383F91CD69
C:\Windows\System32\drivers\rdpbus.sys CA7DF5EC95D8DE0DD24BE7FF97369F68
C:\Windows\System32\drivers\rdpdr.sys B2A3AD74FF2E2FFA73AF2567108231B3
C:\Windows\System32\drivers\rdpvideominiport.sys 57F4787E4602A3FCA719C0A33137C6DA
C:\Windows\System32\Drivers\RDPWD.sys B3CB0721E81E30419CE7D837EF4EA151
C:\Windows\System32\drivers\rdyboost.sys 62C1F8A0685FE07E998AA296C4F697C4
C:\Windows\System32\drivers\rfcomm.sys CCBFCABDFE2BC22F0645CEAADDB36004
C:\Windows\system32\DRIVERS\rspndr.sys E04E770DD198B9399640717145E79EBF
C:\Windows\System32\Drivers\RtsUVStor.sys 8EB6DCEB7473C232D8BC9A886E3183AC
C:\Windows\system32\DRIVERS\Rt630x64.sys 15923AA360F7675D3D43C9669316A0BA
C:\Windows\System32\drivers\vms3cap.sys 752EC7DCD2F96871A3857EEE6AFE965A
C:\Windows\System32\drivers\sbp2port.sys 9C7B28CE0D136DB226E24DB3BC817F92
C:\Windows\System32\DRIVERS\scfilter.sys 5D7733A12756B267FCA021672B26BC9E
C:\Windows\System32\drivers\sdbus.sys F58B030A0664385C707B8C1C63682041
C:\Windows\System32\drivers\sdstor.sys BB107AA9980B0DA4E19A3A90C3BD4460
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\SerCx.sys 87C46B239A7EEF30FDFDD5E9BD46130C
C:\Windows\System32\drivers\serenum.sys 7A1F9347C85FD55E39B8A76B3A25C5AD
C:\Windows\System32\drivers\serial.sys F640A0A218BBF857F1D04A15D7D939F6
C:\Windows\System32\drivers\sermouse.sys F1A5F56B2620B862CC28FF96A0A6DAAB
C:\Windows\System32\drivers\sfloppy.sys 7EE65419B29302C795714FF8073969A1
C:\Windows\System32\drivers\SiSRaid2.sys 2560721D6F16D5B611C36A3A9D28C1B2
C:\Windows\System32\drivers\sisraid4.sys 3AA8FDE1DBF65BB8B88B053529554A0D
C:\Windows\System32\drivers\spaceport.sys 9110193D93960E38B8692E4519C75D72
C:\Windows\System32\drivers\SpbCx.sys 3D8679C8DF52EB26EB7583A4E0A29202
C:\Windows\System32\DRIVERS\srv.sys 0F1FCD575A03ABDE13FCA9D0ADE4DDA6
C:\Windows\System32\DRIVERS\srv2.sys B56A855B23676CCE05B626C6037FD02F
C:\Windows\System32\DRIVERS\srvnet.sys 78E9665C8DC59106D133CBEF0F0C3DE3
C:\Windows\system32\DRIVERS\ssudmdm.sys 5252D7BC56E5E0ED715AEA8FE173A455
C:\Windows\System32\drivers\stexstor.sys 4E85355B94CFCB67C135F6521A4895A7
C:\Windows\system32\DRIVERS\stwrt64.sys 70FC67F49972EA0EFC60F65EA9A4B716
C:\Windows\System32\drivers\storahci.sys B240874B2CA0CD02E8CD11E140B14C57
C:\Windows\System32\DRIVERS\vmstorfl.sys F74DBC95A57B1EE866D3732EB5F79BE2
C:\Windows\System32\drivers\storvsc.sys 543CD3CC0E05B8D8815E0D4F040B6F59
C:\Windows\System32\drivers\swenum.sys 4AFD66AAE74FFB5986BC240744DC5FC9
C:\Windows\System32\drivers\tcpip.sys 2AE9136724568DB4F08BC04F131CFC54
C:\Windows\system32\DRIVERS\tcpip.sys 2AE9136724568DB4F08BC04F131CFC54
C:\Windows\System32\drivers\tcpipreg.sys 8F2A13A5DF99D72FDDE87F502A66F989
C:\Windows\system32\DRIVERS\tdx.sys 73DC722CE5DF26D7638CE2446F2655C7
C:\Windows\System32\drivers\terminpt.sys F7C8AB5D8AFFAA318D6A21093D139BF4
C:\Windows\system32\drivers\tpm.sys E94F7A7B48C7638D1F3F8089344C97B7
C:\Windows\System32\drivers\tsusbflt.sys 4E7C5FB10A50435523DE0CAA37DE2BD3
C:\Windows\System32\drivers\TsUsbGD.sys 16D684A820872EE54F6370703AC0B513
C:\Windows\system32\DRIVERS\tunnel.sys 78C9EE193AC2B4CBDBC48B620314D740
C:\Windows\system32\DRIVERS\TurboB.sys 42350E49DA754D2D77362FDAE3491651
C:\Windows\System32\drivers\uagp35.sys 6D4F67CA56ACA2085DFA2CD89EAFBC1A
C:\Windows\System32\drivers\uaspstor.sys 6FD6D03B7752C78712E5CFF29A305026
C:\Windows\System32\drivers\ucx01000.sys 061BA3EE0D2BE17944990544008CF190
C:\Windows\System32\DRIVERS\udfs.sys 25C50F4EDF70D0A831E0566BD181CCF2
C:\Windows\System32\drivers\uliagpkx.sys 07FEBCDF24FABA0D47B635D85A0FFB7A
C:\Windows\System32\drivers\umbus.sys 02CEB3FE6152668A7BA420B93B664860
C:\Windows\System32\drivers\umpass.sys 991EE6B5FC41EAEF99C8AF5B92F2CA09
C:\Windows\System32\drivers\usb3Hub.sys 8047D8AFA070A4C3B9FCBDBF77A84C45
C:\Windows\System32\drivers\usbccgp.sys C976C4306F9AE133D6BBD47FDFC3BF92
C:\Windows\System32\drivers\usbcir.sys 427B6DB8C05A5A977E8C3525370A2595
C:\Windows\System32\drivers\usbehci.sys B24FDEB1B18496F1B463782235AA3AF1
C:\Windows\System32\drivers\usbhub.sys F8C2A832DF9403F5EA8080CBDBDA95FB
C:\Windows\System32\drivers\UsbHub3.sys FAAB461D5AEB21EE5FC5C0DBD6648223
C:\Windows\System32\drivers\usbohci.sys 325F6179009B5A7F6118951A5BA422AB
C:\Windows\System32\drivers\usbprint.sys 9FDBA6982582A6F2354144980F641E7B
C:\Windows\System32\drivers\USBSTOR.SYS BFC7FE4AAEB61317A921871B4085EF4B
C:\Windows\System32\drivers\usbuhci.sys 1ABF657259DB57F7E5558E4DF1357C0C
C:\Windows\System32\Drivers\usbvideo.sys 9EF7C01D3ACCBC243B5CB1A95865B2FF
C:\Windows\System32\drivers\USBXHCI.SYS 8DC398D7B8E02C929A2096E74A170970
C:\Windows\System32\drivers\vdrvroot.sys BACECBFF9C97F7627A60B0E0F1FE7EE8
C:\Windows\System32\drivers\VerifierExt.sys 74FA2D4368DE6F6CE14393EDF1F342BE
C:\Windows\System32\drivers\vhdmp.sys D4051AA2ACD38AABF9DEC24B8A331EB1
C:\Windows\System32\drivers\viaide.sys F5B4A14B00E89250C50982AC762DDD1D
C:\Windows\System32\drivers\vmbus.sys 78DB50F7329F6D1311658DABFFFC8BE0
C:\Windows\System32\drivers\VMBusHID.sys ECFEE2F2BA3932C7880D1A8F67D68F91
C:\Windows\System32\drivers\volmgr.sys CB60FAAED8B49B812EBBF77EB87D9B18
C:\Windows\System32\drivers\volmgrx.sys A74101DA9809251BCD0E5A26BAE0F824
C:\Windows\System32\drivers\volsnap.sys AA37946941ED3805AB3A924965907147
C:\Windows\System32\drivers\vpci.sys A8DA1C1B52ECEA3726DEBED4FF1B700D
C:\Windows\System32\drivers\vsmraid.sys 38A60CD9C009C55C6D3B5586F8E6A353
C:\Windows\System32\drivers\vstxraid.sys A0F6FE0FC2F647C22BBFD6BD4249DBCC
C:\Windows\System32\drivers\vwifibus.sys 62460A45435A26A334907E3F2EA45611
C:\Windows\system32\DRIVERS\vwififlt.sys 095E943D27025E4D588AF0A72CC2318F
C:\Windows\system32\DRIVERS\vwifimp.sys 73FA1A41A97A5C34ADC03B3577FF1A86
C:\Windows\System32\drivers\wacompen.sys 6B806E893714019969E2B50D7EF6A4D9
C:\Windows\system32\DRIVERS\wanarp.sys 61F6972FF9AC9A8D0B4D62076DC30051
C:\Windows\system32\DRIVERS\wanarp.sys 61F6972FF9AC9A8D0B4D62076DC30051
C:\Windows\System32\drivers\wd.sys B3A4D918DAB90505B6BC7B70632913CB
C:\Windows\system32\drivers\WdBoot.sys B7FD627AAE8E95848BFEC437C923A87E
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\system32\drivers\WdFilter.sys FAC362ED29713A535C6E2EEFFA5B4733
C:\Windows\System32\DRIVERS\wfplwfs.sys 44BB9C31E6242C4BD1CE7C2B440C2533
C:\Windows\System32\drivers\wimmount.sys A3C7624A42A3447EF5EDD1ED37FE4E60
C:\Windows\system32\DRIVERS\WinUsb.sys BB20956C424531003F7FA6CD36F11D5D
C:\Windows\System32\drivers\wmiacpi.sys E2A596CACFC6504306CDB7B593B90084
C:\Windows\System32\DRIVERS\wpcfltr.sys C6FF953D5D6F2EAE3B8883474D5076B3
C:\Windows\System32\drivers\WpdUpFltr.sys 0346CAFC181C91C6E2330332EB332ED6
C:\Windows\system32\drivers\ws2ifsl.sys BC8B5CB336E63BB25EAD1CE8EDD34B81
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\drivers\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\drivers\XHCIPort.sys 24E57041608ED6A9D7FDAD0D9EC214E2

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 21:17 - 2015-01-17 21:18 - 00000000 ____D () C:\FRST
2015-01-17 21:15 - 2015-01-17 21:15 - 02126336 _____ (Farbar) C:\Users\Maria\Downloads\FRST64.exe
2015-01-17 21:01 - 2015-01-17 21:01 - 00004278 _____ () C:\Windows\System32\Tasks\ReimageUpdater
2015-01-17 21:01 - 2015-01-17 21:01 - 00003438 _____ () C:\Windows\System32\Tasks\Reimage Reminder
2015-01-17 21:01 - 2015-01-17 21:01 - 00001903 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2015-01-17 21:01 - 2015-01-17 21:01 - 00000000 ____D () C:\ProgramData\Reimage Protector
2015-01-17 21:01 - 2015-01-17 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2015-01-17 21:01 - 2015-01-17 21:01 - 00000000 ____D () C:\Program Files\Reimage
2015-01-17 21:00 - 2015-01-17 21:02 - 00000000 ____D () C:\rei
2015-01-17 20:59 - 2015-01-17 21:02 - 00000156 _____ () C:\Windows\Reimage.ini
2015-01-17 20:59 - 2015-01-17 20:59 - 00775968 _____ (Reimage®) C:\Users\Maria\Downloads\ReimageRepair.exe
2015-01-17 20:52 - 2015-01-17 20:52 - 00002529 _____ () C:\Users\Public\Desktop\Norton Identity Safe.LNK
2015-01-17 20:52 - 2015-01-17 20:52 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2015-01-17 20:52 - 2015-01-17 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2015-01-17 20:52 - 2015-01-17 20:52 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
2015-01-16 20:47 - 2015-01-16 20:47 - 00000000 ____D () C:\NPE
2015-01-16 20:46 - 2015-01-16 20:46 - 00000000 ____D () C:\ProgramData\SMR430
2015-01-16 20:41 - 2015-01-16 20:50 - 00000000 ____D () C:\Users\Maria\AppData\Local\NPE
2015-01-16 19:50 - 2014-12-31 06:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-14 20:44 - 2015-01-14 20:44 - 00000085 _____ () C:\Windows\wininit.ini
2015-01-14 19:13 - 2015-01-14 20:45 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-14 19:13 - 2015-01-14 20:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-14 19:13 - 2015-01-14 19:13 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-01-14 08:04 - 2014-11-15 01:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-14 08:04 - 2014-11-15 00:13 - 03286016 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-14 08:04 - 2014-11-15 00:13 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-14 08:04 - 2014-11-15 00:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-14 08:04 - 2014-11-15 00:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-01-14 08:04 - 2014-11-15 00:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-14 08:04 - 2014-11-15 00:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-14 08:04 - 2014-11-15 00:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-14 08:04 - 2014-11-15 00:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-01-14 08:04 - 2014-11-14 22:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-14 08:04 - 2014-11-14 22:53 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-14 08:04 - 2014-11-14 22:53 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-14 08:04 - 2014-11-14 22:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-14 08:04 - 2014-11-05 01:40 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-01-14 08:04 - 2014-11-05 01:39 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-01-14 08:04 - 2014-11-01 01:28 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-01-14 08:04 - 2014-10-29 09:21 - 00499008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-01-14 08:04 - 2014-10-27 17:10 - 00390841 _____ () C:\Windows\system32\ApnDatabase.xml
2015-01-14 07:57 - 2014-12-19 01:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:57 - 2014-12-18 23:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:57 - 2014-12-11 02:35 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 07:57 - 2014-12-11 01:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:57 - 2014-12-06 02:53 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 07:57 - 2014-12-06 02:53 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 07:57 - 2014-12-06 02:52 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 07:57 - 2014-12-06 02:52 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 07:57 - 2014-12-06 02:52 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 07:57 - 2014-12-06 02:51 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 07:57 - 2014-12-06 02:51 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 07:57 - 2014-12-06 02:50 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 07:57 - 2014-12-06 01:10 - 00355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 07:57 - 2014-12-06 01:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 07:57 - 2014-12-06 01:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 07:57 - 2014-12-06 01:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 07:57 - 2014-11-26 21:40 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-14 07:57 - 2014-11-26 20:28 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-11 11:19 - 2015-01-11 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-11 11:13 - 2015-01-11 11:13 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Pogo Games
2015-01-11 11:13 - 2015-01-11 11:13 - 00000000 ____D () C:\ProgramData\Word Riot™ Deluxe
2015-01-11 11:11 - 2015-01-11 11:11 - 00000000 ____D () C:\Games
2015-01-11 11:10 - 2015-01-11 11:19 - 00003360 _____ () C:\Windows\System32\Tasks\RunAsStdUser Task
2015-01-11 11:10 - 2015-01-11 11:19 - 00000000 ____D () C:\ProgramData\PogoDGC
2015-01-01 09:09 - 2015-01-01 09:09 - 00001147 _____ () C:\Users\Maria\Desktop\Continue Adobe Flash Player Installation.lnk
2014-12-23 18:01 - 2014-12-23 18:01 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 21:16 - 2013-08-18 11:51 - 00004980 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for BEDROOM-PC-Maria Bedroom-pc
2015-01-17 21:03 - 2013-07-31 04:24 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-01-17 21:02 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2015-01-17 21:00 - 2013-08-14 21:28 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1695502234-2404808496-3934146252-1002
2015-01-17 20:57 - 2014-03-27 17:21 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-17 20:55 - 2014-03-27 17:20 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-17 20:55 - 2013-08-15 19:09 - 00000000 ___RD () C:\Users\Maria\SkyDrive
2015-01-17 20:55 - 2013-08-15 07:48 - 00000000 ____D () C:\Users\Maria\AppData\Local\Deployment
2015-01-17 20:54 - 2013-09-02 08:09 - 00000000 ____D () C:\ProgramData\Norton
2015-01-17 20:54 - 2013-07-31 03:34 - 01908044 _____ () C:\Windows\PFRO.log
2015-01-17 20:54 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-17 20:53 - 2012-07-26 03:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-01-17 20:53 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-17 20:49 - 2014-06-21 17:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-17 20:48 - 2013-07-31 03:36 - 01140007 _____ () C:\Windows\WindowsUpdate.log
2015-01-17 18:17 - 2012-07-26 02:28 - 00850046 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-17 18:10 - 2012-07-26 00:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-01-17 15:39 - 2013-08-25 10:06 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F406FBFC-928B-4398-8103-A769FF54C78B}
2015-01-16 18:57 - 2014-03-27 17:21 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-14 20:57 - 2013-11-10 20:47 - 00000000 ____D () C:\Users\Maria\AppData\Local\CrashDumps
2015-01-14 20:09 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2015-01-14 18:58 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-14 08:29 - 2013-08-17 20:45 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 08:17 - 2013-08-17 20:45 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 08:05 - 2013-11-13 08:04 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\CyberLink
2015-01-13 15:58 - 2013-11-10 07:44 - 00072192 ___SH () C:\Users\Maria\Desktop\Thumbs.db
2015-01-13 15:49 - 2014-06-21 17:50 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-05 18:28 - 2014-10-16 19:09 - 00714176 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-05 18:28 - 2014-10-16 19:09 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-26 15:00 - 2013-07-31 04:15 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-26 09:15 - 2014-07-23 08:19 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-25 10:11 - 2013-07-31 04:14 - 00000000 ____D () C:\ProgramData\PCDr
2014-12-23 17:59 - 2013-08-15 18:57 - 00000000 ____D () C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======
2013-07-31 04:20 - 2013-07-31 04:21 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-07-31 04:16 - 2013-07-31 04:17 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-07-31 04:17 - 2013-07-31 04:19 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-07-31 04:16 - 2013-07-31 04:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-07-31 04:19 - 2013-07-31 04:20 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.7512.dll


Some content of TEMP:
====================
C:\Users\Maria\AppData\Local\Temp\ReimagePackage.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-16 19:53

==================== End Of Log ============================