Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Zombie News, other adware [Closed]


  • This topic is locked This topic is locked

#1
mergie21

mergie21

    New Member

  • Member
  • Pip
  • 2 posts

I am having issues with adware, specifically Zombie News, but I am sure there are others on my computer.  I have Norton 360 for anti-virus, and iolo System Mechanic.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Meredith (administrator) on MEREDITH-PC on 29-03-2015 10:48:22
Running from C:\Users\Meredith\Desktop
Loaded Profiles: UpdatusUser & Meredith (Available profiles: UpdatusUser & Meredith & Sandy & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\Umbrella229.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TorchMedia Inc.) C:\Users\Meredith\AppData\Local\Torch\Update\TorchCrashHandler.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Time Lapse Solutions) C:\ProgramData\tOtcIUpZT\hZPTqsGMf.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.7\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.7\GoogleCrashHandler64.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Premium\LiveBoost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Premium\ioloGovernor64.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\Umbrella229.exe
() C:\Users\Meredith\AppData\Local\fst_us_205\upfst_us_205.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
() C:\Program Files (x86)\ProductUI\Startup.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Torch Media Inc.) C:\Users\Meredith\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Meredith\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Meredith\AppData\Local\Torch\Update\39.0.0.9037\TorchUpdate.exe
(Torch Media Inc.) C:\Users\Meredith\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Meredith\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Meredith\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Meredith\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Meredith\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Meredith\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Meredith\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Meredith\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Meredith\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Meredith\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Meredith\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Meredith\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Meredith\AppData\Local\Torch\Application\torch.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Torch Media Inc.) C:\Users\Meredith\AppData\Local\Torch\Application\39.0.0.9037\nacl64.exe
(Torch Media Inc.) C:\Users\Meredith\AppData\Local\Torch\Application\39.0.0.9037\nacl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\conathst.exe
(Torch Media Inc.) C:\Users\Meredith\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Meredith\AppData\Local\Torch\Application\torch.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2011-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [smrt] => C:\Program Files (x86)\ProductUI\Startup.exe [169472 2015-01-21] ()
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [upfst_us_205.exe] => C:\Users\Meredith\AppData\Local\fst_us_205\upfst_us_205.exe [3356152 2014-08-12] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3527659904-4164715890-1468609793-1000\...\Run: [] => [X]
HKU\S-1-5-21-3527659904-4164715890-1468609793-1000\...\RunOnce: [SysOff] => C:\Windows\SysWOW64\SYSPREP\ClosespV.exe
HKU\S-1-5-21-3527659904-4164715890-1468609793-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3527659904-4164715890-1468609793-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3527659904-4164715890-1468609793-1001\...\MountPoints2: {4a650060-3f3b-11e3-8e70-b870f4d13fff} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3527659904-4164715890-1468609793-1001\...\MountPoints2: {bbdc299f-ce66-11e3-8c91-b870f4d13fff} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3527659904-4164715890-1468609793-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234288 2011-12-12] (Eastman Kodak Company)
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
BootExecute: ጧ꠨ଢ଼ᦐʈፌ艈୛ᦐʈټጧ
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123...J2380053CPTMWDX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.6.0.32
HKU\S-1-5-21-3527659904-4164715890-1468609793-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.6.0.32
HKU\S-1-5-21-3527659904-4164715890-1468609793-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
HKU\S-1-5-21-3527659904-4164715890-1468609793-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.sonic-se...q={searchTerms}
HKU\S-1-5-21-3527659904-4164715890-1468609793-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.sonic-se...q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://groovorio.com...=1374205325&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://groovorio.com...=1374205325&ir=
SearchScopes: HKLM -> {743DA976-88EE-4E9F-B6AA-933C8B2E5004} URL = http://www.google.co...ng}&rlz=1I7TSNF
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://www.istart123...q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.sonic-se...q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.sonic-se...q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {24F24726-C640-4E89-8A36-EA2DC5E29732} URL = http://www.google.co...ng}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM-x32 -> {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = http://start.iminent...q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {e4a1ece8-ed94-4f93-80ea-75f978ceaf24} URL = 
SearchScopes: HKU\S-1-5-19 -> {e4a1ece8-ed94-4f93-80ea-75f978ceaf24} URL = 
SearchScopes: HKU\S-1-5-20 -> {e4a1ece8-ed94-4f93-80ea-75f978ceaf24} URL = 
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1000 -> {e4a1ece8-ed94-4f93-80ea-75f978ceaf24} URL = 
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.sonic-se...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.sonic-se...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> {1DF47549-669C-47B7-AD65-D24EC761FEDB} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> {24F24726-C640-4E89-8A36-EA2DC5E29732} URL = http://www.google.co...ng}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> {668E21D6-D683-4AC7-AA5B-C8BEDF6A1F88} URL = http://www.google.co...1I7TSNF_enUS453
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> {6859BDFF-EC94-4CE6-8017-6B56DEA21660} URL = http://delicious.com...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> {7422E332-7768-478F-90EB-63CA79A033DD} URL = http://www.flickr.co...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> {743DA976-88EE-4E9F-B6AA-933C8B2E5004} URL = 
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> {AC840D34-F1D2-48F3-98D9-A0E2ED7A7849} URL = http://search.yahoo....f-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = http://start.iminent...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://www.istart123...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> {CDD03F9D-D7E6-4C30-8855-9D83492FFAEE} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> {e4a1ece8-ed94-4f93-80ea-75f978ceaf24} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: No Name -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} ->  No File
BHO: No Name -> {6FE9C928-9470-5648-CDD8-F3A11B1209D8} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: No Name -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} ->  No File
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coIEPlg.dll [2014-06-26] (Symantec Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: InternetExplorerExtension.WordHighlighterBHO -> {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} -> C:\windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn9\yt.dll [2014-02-11] (Yahoo! Inc.)
BHO-x32: No Name -> {06197747-A47F-41FB-83D1-A00E9E00E276} ->  No File
BHO-x32: No Name -> {1CE539FF-E48C-2E76-05AD-1CAAAAC5152B} ->  No File
BHO-x32: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} ->  No File
BHO-x32: No Name -> {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} ->  No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: No Name -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} ->  No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: No Name -> {6FE9C928-9470-5648-CDD8-F3A11B1209D8} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-09] (Oracle Corporation)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} ->  No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: No Name -> {99079a25-328f-4bd4-be04-00955acaa0a7} ->  No File
BHO-x32: No Name -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} ->  No File
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: InternetExplorerExtension.WordHighlighterBHO -> {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} -> C:\windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - !{06197747-A47F-41FB-83D1-A00E9E00E276} -  No File
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - No Name - !{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
Toolbar: HKLM - No Name - !{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -  No File
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {6c97a91e-4524-4019-86af-2aa2d567bf5c} -  No File
Toolbar: HKLM - No Name - {06197747-A47F-41FB-83D1-A00E9E00E276} -  No File
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coIEPlg.dll [2014-06-26] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM - SimpleBar - {9eb324ca-1466-4907-8392-92c9f653a229} - C:\windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn9\yt.dll [2014-02-11] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} -  No File
Toolbar: HKLM-x32 - No Name - {99079a25-328f-4bd4-be04-00955acaa0a7} -  No File
Toolbar: HKLM-x32 - No Name - !{06197747-A47F-41FB-83D1-A00E9E00E276} -  No File
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - No Name - !{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
Toolbar: HKLM-x32 - No Name - !{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -  No File
Toolbar: HKLM-x32 - No Name - {6c97a91e-4524-4019-86af-2aa2d567bf5c} -  No File
Toolbar: HKLM-x32 - No Name - {06197747-A47F-41FB-83D1-A00E9E00E276} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - SimpleBar - {9eb324ca-1466-4907-8392-92c9f653a229} - C:\windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coIEPlg.dll [2014-06-26] (Symantec Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: HKLM-x32 {1241F20B-0688-45A5-ADB2-208AFE4A5DDC} http://elliscounty.i.../gg-activex.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
Tcpip\Parameters: [DhcpNameServer] 10.214.231.80
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @safarimontage.com/smmp -> C:\Program Files\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontagePlayer.dll No File
FF Plugin-x32: @safarimontage.com/smmp64 -> C:\Program Files (x86)\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontagePlayer.dll [2013-07-02] (Library Video Company)
FF Plugin-x32: @safarimontage.com/smmpinfo -> C:\Program Files\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontageInfo.dll No File
FF Plugin-x32: @safarimontage.com/smmpinfo64 -> C:\Program Files (x86)\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontageInfo.dll [2013-06-13] (Library Video Company)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2011-10-16] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3527659904-4164715890-1468609793-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-3527659904-4164715890-1468609793-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll [2012-08-06] (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2012-10-22]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.5.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.5.0.19\coFFPlgn [2015-03-29]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR Profile: C:\Users\Meredith\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Meredith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-20]
CHR Extension: (Norton Identity Safe) - C:\Users\Meredith\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-21]
CHR Extension: (Torch Share) - C:\Users\Meredith\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof [2014-05-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Meredith\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-29]
CHR Extension: (Norton Security Toolbar) - C:\Users\Meredith\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-09-21]
CHR Extension: (Google Wallet) - C:\Users\Meredith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
CHR HKLM\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-23]
CHR HKU\S-1-5-21-3527659904-4164715890-1468609793-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Meredith\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-09-20]
CHR HKU\S-1-5-21-3527659904-4164715890-1468609793-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Meredith\AppData\Local\Torch\Plugins\TorchPlugin.crx [2013-09-20]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-23]
CHR HKLM-x32\...\Chrome\Extension: [nbljechdpodpbchbmjcoamidppmpnmlc] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Meredith\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-08-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 hZPTqsGMf; C:\ProgramData\tOtcIUpZT\hZPTqsGMf.exe [2733032 2015-02-06] (Time Lapse Solutions)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-13] (iolo technologies, LLC)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe [265000 2015-03-07] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe [130104 2014-06-26] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [135608 2011-12-15] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation)
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\Umbrella229.exe [5382304 2014-12-30] (Iminent)
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [526848 2010-12-24] (TOSHIBA Corporation) [File not signed]
R2 TorchCrashHandler; C:\Users\Meredith\AppData\Local\Torch\Update\TorchCrashHandler.exe [1207648 2013-07-30] (TorchMedia Inc.) [File not signed] <==== ATTENTION
S4 USTSScheduler; C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe [737600 2013-01-17] (US Tech Support LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07030.00C\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-14] (Symantec Corporation)
R1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-03-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\IPSDefs\20150324.005\IDSvia64.sys [671448 2015-03-27] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\VirusDefs\20150328.002\ENG64.SYS [129752 2015-03-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\VirusDefs\20150328.002\EX64.SYS [2137304 2015-03-11] (Symantec Corporation)
R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-07-28] (EldoS Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2014-07-23] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-09-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
R2 webinstr; C:\windows\system32\Drivers\webinstr.sys [57528 2014-07-16] (Corsica)
S3 gzflt; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [X]
S1 SymIM; system32\DRIVERS\SymIMv.sys [X]
S3 Trufos; system32\DRIVERS\Trufos.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-29 10:48 - 2015-03-29 10:48 - 00039975 _____ () C:\Users\Meredith\Desktop\FRST.txt
2015-03-29 10:48 - 2015-03-29 10:48 - 00000000 ____D () C:\FRST
2015-03-29 10:46 - 2015-03-29 10:46 - 02095616 _____ (Farbar) C:\Users\Meredith\Desktop\FRST64.exe
2015-03-29 10:03 - 2015-03-29 10:46 - 00000000 ____D () C:\Users\Meredith\AppData\Local\ZombieNews
2015-03-29 03:01 - 2015-03-29 03:01 - 00000000 ____D () C:\Users\Meredith\AppData\Local\{18F9C210-F0EA-4705-B69F-B8A432EE9285}
2015-03-29 02:59 - 2015-03-29 02:59 - 04840574 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “I’m falling in love with you. No.. no Ana you...[via torchbrowser.com].aac
2015-03-29 02:58 - 2015-03-29 02:58 - 03694349 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “Because I’m fifty shades of [bleep]ed up.” The long...[via torchbrowser.com].aac
2015-03-29 02:56 - 2015-03-29 02:56 - 02929298 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — fiftythebest2-“I’m gonna hit you six times, and...[via torchbrowser.com].aac
2015-03-29 02:55 - 2015-03-29 02:59 - 116315336 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “I’m falling in love with you. No.. no Ana you...[via torchbrowser.com].mp4
2015-03-29 02:55 - 2015-03-29 02:56 - 21693039 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — fiftythebest2-“I’m gonna hit you six times, and...[via torchbrowser.com].mp4
2015-03-29 02:55 - 2015-03-29 02:55 - 02124323 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — fiftythebest2- Ana’s 2nd time in the playroom… in...[via torchbrowser.com].aac
2015-03-29 02:54 - 2015-03-29 02:58 - 92199960 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “Because I’m fifty shades of [bleep]ed up.” The long...[via torchbrowser.com].mp4
2015-03-29 02:54 - 2015-03-29 02:55 - 15827753 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — fiftythebest2- Ana’s 2nd time in the playroom… in...[via torchbrowser.com].mp4
2015-03-29 02:04 - 2015-03-29 02:12 - 00005685 _____ () C:\Users\Meredith\Downloads\software_removal_tool.log
2015-03-29 01:46 - 2015-03-29 01:46 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
2015-03-27 06:37 - 2015-03-27 06:37 - 04646767 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — fiftythebest2-“Is this more-” “OMG, so much...[via torchbrowser.com].aac
2015-03-27 06:36 - 2015-03-27 06:36 - 01321800 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — -How does he seem today, Taylor- -Preoccupied, I’m...[via torchbrowser.com].aac
2015-03-27 06:35 - 2015-03-27 06:36 - 33122235 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — -How does he seem today, Taylor- -Preoccupied, I’m...[via torchbrowser.com].mp4
2015-03-27 06:35 - 2015-03-27 06:35 - 19090387 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Leaving Georgia Reblogged from my other blog for...[via torchbrowser.com].mp4
2015-03-27 06:35 - 2015-03-27 06:35 - 01305926 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Emails Part 3Look at his smile after the “Missing...[via torchbrowser.com].aac
2015-03-27 06:35 - 2015-03-27 06:35 - 00732057 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Leaving Georgia Reblogged from my other blog for...[via torchbrowser.com].aac
2015-03-27 06:34 - 2015-03-27 06:37 - 115951883 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — fiftythebest2-“Is this more-” “OMG, so much...[via torchbrowser.com].mp4
2015-03-27 06:34 - 2015-03-27 06:35 - 33390204 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Emails Part 3Look at his smile after the “Missing...[via torchbrowser.com].mp4
2015-03-27 06:34 - 2015-03-27 06:34 - 03493774 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — fiftythebest2-“You’re mine. All mine. You...[via torchbrowser.com].aac
2015-03-27 06:33 - 2015-03-27 06:33 - 01408471 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Christian’s past Reblogged from my other blog[via torchbrowser.com].aac
2015-03-27 06:32 - 2015-03-27 06:32 - 22559551 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Ana and Bob and Carla[via torchbrowser.com].mp4
2015-03-27 06:32 - 2015-03-27 06:32 - 00940621 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Ana and Bob and Carla[via torchbrowser.com].aac
2015-03-27 06:31 - 2015-03-27 06:34 - 87473942 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — fiftythebest2-“You’re mine. All mine. You...[via torchbrowser.com].mp4
2015-03-27 06:31 - 2015-03-27 06:33 - 37009597 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Christian’s past Reblogged from my other blog[via torchbrowser.com].mp4
2015-03-27 06:28 - 2015-03-27 06:28 - 42567894 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Christian- “You got everything you need-”...[via torchbrowser.com].mp4
2015-03-27 06:28 - 2015-03-27 06:28 - 03066033 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “How you feel-”  “Good.” The playroom scene part...[via torchbrowser.com].aac
2015-03-27 06:28 - 2015-03-27 06:28 - 01642783 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Christian- “You got everything you need-”...[via torchbrowser.com].aac
2015-03-27 06:26 - 2015-03-27 06:28 - 77847792 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “How you feel-”  “Good.” The playroom scene part...[via torchbrowser.com].mp4
2015-03-27 06:26 - 2015-03-27 06:26 - 03337421 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “You’re biting your lip. You know what that does...[via torchbrowser.com].aac
2015-03-27 06:25 - 2015-03-27 06:26 - 85002222 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “You’re biting your lip. You know what that does...[via torchbrowser.com].mp4
2015-03-27 06:25 - 2015-03-27 06:25 - 01286588 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Ana and Christian kissing on the couch -)...[via torchbrowser.com].aac
2015-03-27 06:24 - 2015-03-27 06:25 - 31766363 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Ana and Christian kissing on the couch -)...[via torchbrowser.com].mp4
2015-03-27 06:24 - 2015-03-27 06:24 - 14532697 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — fiftythebest2- Kate doesn’t like Grey very much…...[via torchbrowser.com].mp4
2015-03-27 06:24 - 2015-03-27 06:24 - 00579157 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — fiftythebest2- Kate doesn’t like Grey very much…...[via torchbrowser.com].aac
2015-03-27 06:23 - 2015-03-27 06:23 - 04561929 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “Welcome to my world.” Ana’s first spanking + a...[via torchbrowser.com].aac
2015-03-27 06:21 - 2015-03-27 06:21 - 04008180 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “That’s a [bleep] of a sack, miss Steele.” The...[via torchbrowser.com].aac
2015-03-27 06:21 - 2015-03-27 06:21 - 02803330 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “By myself I know what is like to be profoundly...[via torchbrowser.com].aac
2015-03-27 06:20 - 2015-03-27 06:23 - 113470011 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “Welcome to my world.” Ana’s first spanking + a...[via torchbrowser.com].mp4
2015-03-27 06:20 - 2015-03-27 06:20 - 02530023 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — fiftythebest2-“You’re not fighting fair.” “I never...[via torchbrowser.com].aac
2015-03-27 06:19 - 2015-03-27 06:21 - 71884964 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “By myself I know what is like to be profoundly...[via torchbrowser.com].mp4
2015-03-27 06:18 - 2015-03-27 06:21 - 100804695 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “That’s a [bleep] of a sack, miss Steele.” The...[via torchbrowser.com].mp4
2015-03-27 06:18 - 2015-03-27 06:20 - 68560232 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — fiftythebest2-“You’re not fighting fair.” “I never...[via torchbrowser.com].mp4
2015-03-27 06:18 - 2015-03-27 06:18 - 03022477 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — -It’s been nice knowing me, has it-” -Let me...[via torchbrowser.com].aac
2015-03-27 06:17 - 2015-03-27 06:17 - 15666357 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Emails Part 2-I’ll be wearing a burlap sack.-[via torchbrowser.com].mp4
2015-03-27 06:17 - 2015-03-27 06:17 - 10313099 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “What are you doing to me-” I already posted this...[via torchbrowser.com].mp4
2015-03-27 06:17 - 2015-03-27 06:17 - 02934660 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Emails Part 1 (+ the contract)-It was nice knowing...[via torchbrowser.com].aac
2015-03-27 06:17 - 2015-03-27 06:17 - 01373937 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “What are you doing to me-” I already posted this...[via torchbrowser.com].aac
2015-03-27 06:17 - 2015-03-27 06:17 - 00650297 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Emails Part 2-I’ll be wearing a burlap sack.-[via torchbrowser.com].aac
2015-03-27 06:16 - 2015-03-27 06:18 - 76941478 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — -It’s been nice knowing me, has it-” -Let me...[via torchbrowser.com].mp4
2015-03-27 06:16 - 2015-03-27 06:16 - 03432792 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “I never took anyone in an helicopter, never had...[via torchbrowser.com].aac
2015-03-27 06:15 - 2015-03-27 06:17 - 73908650 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Emails Part 1 (+ the contract)-It was nice knowing...[via torchbrowser.com].mp4
2015-03-27 06:15 - 2015-03-27 06:15 - 02311996 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “If you agree to be my submissive, I will be...[via torchbrowser.com].aac
2015-03-27 06:15 - 2015-03-27 06:15 - 01157149 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — -I feel different.- Reblogged from my other...[via torchbrowser.com].aac
2015-03-27 06:14 - 2015-03-27 06:14 - 01389166 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “Mother, Anastasia Steele.  Ana, meet my mother,...[via torchbrowser.com].aac
2015-03-27 06:13 - 2015-03-27 06:16 - 84135301 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “I never took anyone in an helicopter, never had...[via torchbrowser.com].mp4
2015-03-27 06:13 - 2015-03-27 06:15 - 58762066 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “If you agree to be my submissive, I will be...[via torchbrowser.com].mp4
2015-03-27 06:13 - 2015-03-27 06:15 - 29266668 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — -I feel different.- Reblogged from my other...[via torchbrowser.com].mp4
2015-03-27 06:13 - 2015-03-27 06:14 - 34864705 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “Mother, Anastasia Steele.  Ana, meet my mother,...[via torchbrowser.com].mp4
2015-03-27 06:13 - 2015-03-27 06:13 - 18331608 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “Say yes… to being mine.” The bath scene and more…...[via torchbrowser.com].mp4
2015-03-27 06:13 - 2015-03-27 06:13 - 02449859 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “Say yes… to being mine.” The bath scene and more…...[via torchbrowser.com].aac
2015-03-27 06:13 - 2015-03-27 06:13 - 01275610 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — -Let’s get you cleaned up-[via torchbrowser.com].aac
2015-03-27 06:12 - 2015-03-27 06:13 - 32615716 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — -Let’s get you cleaned up-[via torchbrowser.com].mp4
2015-03-27 06:12 - 2015-03-27 06:12 - 28617714 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Ana in bed sheet with Christian beside the piano...[via torchbrowser.com] (1).mp4
2015-03-27 06:12 - 2015-03-27 06:12 - 01162110 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Ana in bed sheet with Christian beside the piano...[via torchbrowser.com] (1).aac
2015-03-27 06:11 - 2015-03-27 06:11 - 04886684 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Christian introduces Ana to his lifestyle… the...[via torchbrowser.com].aac
2015-03-27 06:10 - 2015-03-27 06:10 - 01700317 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Christian learns Ana’s still a virgin et goes...[via torchbrowser.com].aac
2015-03-27 06:10 - 2015-03-27 06:10 - 01162110 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Ana in bed sheet with Christian beside the piano...[via torchbrowser.com].aac
2015-03-27 06:09 - 2015-03-27 06:10 - 28617714 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Ana in bed sheet with Christian beside the piano...[via torchbrowser.com].mp4
2015-03-27 06:08 - 2015-03-27 06:11 - 125442727 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Christian introduces Ana to his lifestyle… the...[via torchbrowser.com].mp4
2015-03-27 06:08 - 2015-03-27 06:10 - 43198178 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Christian learns Ana’s still a virgin et goes...[via torchbrowser.com].mp4
2015-03-27 06:07 - 2015-03-27 06:07 - 02905136 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — fiftythebest2- ♪ Love me like you do ♫ Charlie...[via torchbrowser.com].aac
2015-03-27 06:06 - 2015-03-27 06:07 - 73886912 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — fiftythebest2- ♪ Love me like you do ♫ Charlie...[via torchbrowser.com].mp4
2015-03-27 06:06 - 2015-03-27 06:06 - 01305135 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — fiftythebest2- Elliot- “You must be Ana.” Ana-...[via torchbrowser.com].aac
2015-03-27 06:05 - 2015-03-27 06:06 - 32796639 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — fiftythebest2- Elliot- “You must be Ana.” Ana-...[via torchbrowser.com].mp4
2015-03-27 06:04 - 2015-03-27 06:04 - 04504393 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — fiftythebest2-“If you were mine, you wouldn’t be...[via torchbrowser.com].aac
2015-03-27 06:04 - 2015-03-27 06:04 - 04163742 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — The full bar scene in HD![via torchbrowser.com].aac
2015-03-27 06:02 - 2015-03-27 06:02 - 00678307 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “[bleep] the paperwork” The elevator scene in HD![via torchbrowser.com].aac
2015-03-27 06:01 - 2015-03-27 06:04 - 113876779 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — fiftythebest2-“If you were mine, you wouldn’t be...[via torchbrowser.com].mp4
2015-03-27 06:01 - 2015-03-27 06:04 - 107305458 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — The full bar scene in HD![via torchbrowser.com].mp4
2015-03-27 06:01 - 2015-03-27 06:02 - 17018869 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — “[bleep] the paperwork” The elevator scene in HD![via torchbrowser.com].mp4
2015-03-27 05:54 - 2015-03-27 05:54 - 01992920 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — fiftythebest2-“Am I romantic-… I kind of have to...[via torchbrowser.com].aac
2015-03-27 05:53 - 2015-03-27 05:53 - 32270818 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — -We are so partying tonight- + Ana receiving Tess...[via torchbrowser.com].mp4
2015-03-27 05:53 - 2015-03-27 05:53 - 01281304 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — -We are so partying tonight- + Ana receiving Tess...[via torchbrowser.com].aac
2015-03-27 05:53 - 2015-03-27 05:53 - 00818014 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — A request from nana924 -The photo shoot scene Just...[via torchbrowser.com].aac
2015-03-27 05:52 - 2015-03-27 05:54 - 51308453 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — fiftythebest2-“Am I romantic-… I kind of have to...[via torchbrowser.com].mp4
2015-03-27 05:52 - 2015-03-27 05:53 - 21496545 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — A request from nana924 -The photo shoot scene Just...[via torchbrowser.com].mp4
2015-03-27 05:52 - 2015-03-27 05:52 - 02969137 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — At Clayton’s- full scene Reblogged from my other...[via torchbrowser.com].aac
2015-03-27 05:51 - 2015-03-27 05:52 - 75307946 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — At Clayton’s- full scene Reblogged from my other...[via torchbrowser.com].mp4
2015-03-27 05:50 - 2015-03-27 05:50 - 01439888 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Ana and the other boys (José and Paul)[via torchbrowser.com].aac
2015-03-27 05:49 - 2015-03-27 05:50 - 36714506 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Ana and the other boys (José and Paul)[via torchbrowser.com].mp4
2015-03-27 05:47 - 2015-03-27 05:47 - 02569424 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Ana and Kate are talking about the interview and...[via torchbrowser.com].aac
2015-03-27 05:44 - 2015-03-27 05:47 - 67045179 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Ana and Kate are talking about the interview and...[via torchbrowser.com].mp4
2015-03-27 05:44 - 2015-03-27 05:44 - 02016782 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — The interview scene (part 2) Part 1...[via torchbrowser.com].aac
2015-03-27 05:43 - 2015-03-27 05:44 - 15970401 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — The interview scene (part 2) Part 1...[via torchbrowser.com].mp4
2015-03-27 05:43 - 2015-03-27 05:43 - 04094457 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — YEAHHHHH!!!!! The interview scene (part 1)[via torchbrowser.com].aac
2015-03-27 05:42 - 2015-03-27 05:42 - 03523693 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Introduction♫ I put a spell on you ♫ Welcome to...[via torchbrowser.com].aac
2015-03-27 05:39 - 2015-03-27 05:43 - 105623114 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — YEAHHHHH!!!!! The interview scene (part 1)[via torchbrowser.com].mp4
2015-03-27 05:38 - 2015-03-27 05:42 - 88524011 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — Introduction♫ I put a spell on you ♫ Welcome to...[via torchbrowser.com].mp4
2015-03-27 05:38 - 2015-03-27 05:40 - 70133269 _____ () C:\Users\Meredith\Downloads\FiftyTheBest — fiftythebest2- Their first time together 😍😍 in...[via torchbrowser.com].mp4
2015-03-26 23:40 - 2015-03-26 23:40 - 00000000 ____D () C:\ProgramData\NetEngine
2015-03-20 22:52 - 2015-03-20 22:52 - 03310529 _____ () C:\Users\Meredith\Desktop\Photos and videos by Damie ❤ (@m_fraaan1)   Twitter.html
2015-03-20 22:52 - 2015-03-20 22:52 - 00000000 ____D () C:\Users\Meredith\Desktop\Photos and videos by Damie ❤ (@m_fraaan1)   Twitter_files
2015-03-18 04:49 - 2015-03-18 21:39 - 00000000 ____D () C:\Users\Meredith\Desktop\5 Steps to a 5 APUSH
2015-03-16 20:42 - 2015-03-16 20:43 - 00000000 ____D () C:\Users\Meredith\AppData\Local\{76ADEBAD-D4A0-422C-AE50-7190BE85F38A}
2015-03-16 04:54 - 2015-03-17 06:17 - 00000000 ____D () C:\Users\Meredith\Desktop\5 Steps to a 5 AP Macroeconomics
2015-03-15 12:24 - 2015-03-15 12:24 - 114078696 _____ () C:\Users\Meredith\Downloads\Shadows in the Sun - Jamie Dornan 2009 - Subtitulada - YouTube[via torchbrowser.com].aac
2015-03-15 11:40 - 2015-03-15 12:24 - 714638136 _____ () C:\Users\Meredith\Downloads\Shadows in the Sun - Jamie Dornan 2009 - Subtitulada - YouTube[via torchbrowser.com].mp4
2015-03-15 11:09 - 2015-03-16 04:54 - 00000000 ____D () C:\Users\Meredith\Desktop\United States Government and Politics Preparing for the Advanced Placement Examination
2015-03-15 00:22 - 2015-03-15 00:22 - 00012347 _____ () C:\Users\Meredith\Downloads\AP Students (1) (1).xlsx
2015-03-14 23:38 - 2015-03-14 23:39 - 00000000 ____D () C:\Users\Meredith\AppData\Local\{24F97A35-91FD-482C-8401-222EB7C04BE6}
2015-03-14 22:18 - 2015-03-14 22:18 - 00012347 _____ () C:\Users\Meredith\Downloads\AP Students (1).xlsx
2015-03-13 18:02 - 2015-03-13 18:02 - 12073311 _____ () C:\Users\Meredith\Downloads\Fifty Shades of Grey Slideshow   Part 1 - YouTube[via torchbrowser.com].aac
2015-03-13 18:01 - 2015-03-13 18:01 - 13722134 _____ () C:\Users\Meredith\Downloads\Fifty Shades of Grey Slideshow   Part 3   The End - YouTube[via torchbrowser.com].aac
2015-03-13 18:01 - 2015-03-13 18:01 - 07939404 _____ () C:\Users\Meredith\Downloads\Fifty Shades of Grey Slideshow Part 2 by Talita Ferreira - YouTube[via torchbrowser.com].aac
2015-03-13 17:57 - 2015-03-13 18:02 - 94154632 _____ () C:\Users\Meredith\Downloads\Fifty Shades of Grey Slideshow   Part 1 - YouTube[via torchbrowser.com].mp4
2015-03-13 17:57 - 2015-03-13 18:01 - 62105950 _____ () C:\Users\Meredith\Downloads\Fifty Shades of Grey Slideshow Part 2 by Talita Ferreira - YouTube[via torchbrowser.com].mp4
2015-03-13 17:57 - 2015-03-13 18:01 - 103254959 _____ () C:\Users\Meredith\Downloads\Fifty Shades of Grey Slideshow   Part 3   The End - YouTube[via torchbrowser.com].mp4
2015-03-13 12:16 - 2015-03-13 20:33 - 00000000 ____D () C:\Users\Meredith\Desktop\5 Steps to a 5 AP US Government 2014-2015
2015-03-13 10:56 - 2015-03-13 10:56 - 00000000 ____D () C:\Users\Meredith\AppData\Local\{506CF986-12A7-4AAA-8EF8-1FCB307D446A}
2015-03-12 13:21 - 2015-03-12 13:21 - 00000000 ____D () C:\Users\Meredith\AppData\Local\{956ED6E7-4976-4E28-AB7D-7A04564EE7DF}
2015-03-12 00:26 - 2015-03-12 00:26 - 00000000 ____D () C:\Users\Meredith\AppData\Local\{D1C3A4F2-8B94-4FB4-9C91-B9670FB7FADE}
2015-03-12 00:24 - 2015-02-02 22:34 - 05554104 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-12 00:24 - 2015-02-02 22:31 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-12 00:24 - 2015-02-02 22:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-12 00:24 - 2015-02-02 22:30 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-12 00:24 - 2015-02-02 22:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-12 00:24 - 2015-02-02 22:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-12 00:24 - 2015-02-02 22:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-12 00:24 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-12 00:24 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-12 00:24 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-12 00:24 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-12 00:24 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-12 00:23 - 2015-02-02 22:34 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-12 00:23 - 2015-02-02 22:34 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-12 00:23 - 2015-02-02 22:33 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-12 00:23 - 2015-02-02 22:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-12 00:23 - 2015-02-02 22:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-12 00:23 - 2015-02-02 22:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-12 00:23 - 2015-02-02 22:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-12 00:23 - 2015-02-02 22:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-12 00:23 - 2015-02-02 22:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-12 00:23 - 2015-02-02 22:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-12 00:23 - 2015-02-02 22:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-12 00:23 - 2015-02-02 22:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-12 00:23 - 2015-02-02 22:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-12 00:23 - 2015-02-02 22:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-12 00:23 - 2015-02-02 22:31 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-12 00:23 - 2015-02-02 22:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-12 00:23 - 2015-02-02 22:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-12 00:23 - 2015-02-02 22:31 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-12 00:23 - 2015-02-02 22:31 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-12 00:23 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-12 00:23 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-12 00:23 - 2015-02-02 22:30 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-12 00:23 - 2015-02-02 22:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-12 00:23 - 2015-02-02 22:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-12 00:23 - 2015-02-02 22:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-12 00:23 - 2015-02-02 22:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-12 00:23 - 2015-02-02 22:30 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-12 00:23 - 2015-02-02 22:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-12 00:23 - 2015-02-02 22:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-12 00:23 - 2015-02-02 22:30 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-12 00:23 - 2015-02-02 22:30 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-12 00:23 - 2015-02-02 22:30 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-12 00:23 - 2015-02-02 22:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-12 00:23 - 2015-02-02 22:30 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-12 00:23 - 2015-02-02 22:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-12 00:23 - 2015-02-02 22:30 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-12 00:23 - 2015-02-02 22:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-12 00:23 - 2015-02-02 22:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-12 00:23 - 2015-02-02 22:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-12 00:23 - 2015-02-02 22:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-12 00:23 - 2015-02-02 22:30 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-12 00:23 - 2015-02-02 22:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-12 00:23 - 2015-02-02 22:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-12 00:23 - 2015-02-02 22:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-12 00:23 - 2015-02-02 22:28 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-12 00:23 - 2015-02-02 22:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-12 00:23 - 2015-02-02 22:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-12 00:23 - 2015-02-02 22:16 - 03973048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-03-12 00:23 - 2015-02-02 22:16 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-03-12 00:23 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-12 00:23 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-12 00:23 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-12 00:23 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-12 00:23 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-12 00:23 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-12 00:23 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-12 00:23 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-12 00:23 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-12 00:23 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-12 00:23 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-12 00:23 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-12 00:23 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-12 00:23 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-12 00:23 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-12 00:23 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-12 00:23 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-12 00:23 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-12 00:23 - 2015-02-02 22:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-03-12 00:23 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-12 00:23 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-12 00:23 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-12 00:23 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-12 00:23 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-12 00:23 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-12 00:23 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-12 00:23 - 2015-02-02 22:08 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-03-12 00:23 - 2015-02-02 21:32 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-12 00:23 - 2014-10-31 17:24 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-12 00:23 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-03-12 00:23 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-03-11 22:55 - 2015-02-19 23:41 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-11 22:55 - 2015-02-19 23:40 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-11 22:55 - 2015-02-19 23:40 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-11 22:55 - 2015-02-19 23:40 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-11 22:55 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-11 22:55 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-11 22:55 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-11 22:55 - 2015-02-19 23:12 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-11 22:55 - 2015-02-19 22:29 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-11 22:55 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-11 22:53 - 2015-03-06 00:56 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-11 22:53 - 2015-03-06 00:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-11 22:53 - 2015-03-06 00:42 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-11 22:53 - 2015-03-06 00:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-11 22:53 - 2015-03-06 00:42 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-11 22:53 - 2015-03-06 00:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-11 22:53 - 2015-03-06 00:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-11 22:53 - 2015-03-06 00:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-11 22:53 - 2015-03-06 00:42 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-11 22:53 - 2015-03-06 00:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-11 22:53 - 2015-03-06 00:42 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-11 22:53 - 2015-03-06 00:42 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-11 22:53 - 2015-03-06 00:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-11 22:53 - 2015-03-06 00:41 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-11 22:53 - 2015-03-06 00:41 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-11 22:53 - 2015-03-06 00:36 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-11 22:53 - 2015-03-06 00:10 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-03-11 22:53 - 2015-03-06 00:10 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-03-11 22:53 - 2015-03-06 00:10 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-11 22:53 - 2015-03-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-03-11 22:53 - 2015-03-06 00:10 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-03-11 22:53 - 2015-03-06 00:10 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-03-11 22:53 - 2015-03-06 00:10 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-03-11 22:53 - 2015-03-06 00:10 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-03-11 22:53 - 2015-03-06 00:09 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-03-11 22:53 - 2015-03-06 00:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-03-11 22:53 - 2015-03-06 00:06 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-11 22:53 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-11 22:53 - 2015-02-13 00:22 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-11 22:53 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-11 22:53 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-11 22:53 - 2015-01-30 18:56 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-11 22:52 - 2015-03-06 00:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-11 22:52 - 2015-03-06 00:38 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-11 22:52 - 2015-03-06 00:07 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-11 22:52 - 2015-03-06 00:07 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-03-11 22:51 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-11 22:51 - 2015-02-23 22:15 - 00389800 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-11 22:51 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-03-11 22:51 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-11 22:51 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-11 22:51 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-11 22:51 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-11 22:51 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-11 22:51 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-11 22:51 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-11 22:51 - 2015-02-19 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-11 22:51 - 2015-02-19 22:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-11 22:51 - 2015-02-19 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-11 22:51 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-11 22:51 - 2015-02-19 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-11 22:51 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-11 22:51 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-11 22:51 - 2015-02-19 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-11 22:51 - 2015-02-19 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-11 22:51 - 2015-02-19 21:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-11 22:51 - 2015-02-19 21:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-11 22:51 - 2015-02-19 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-11 22:51 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-11 22:51 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-11 22:51 - 2015-02-19 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-11 22:51 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-11 22:51 - 2015-02-19 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-11 22:51 - 2015-02-19 21:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 22:51 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-11 22:51 - 2015-02-19 21:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-11 22:51 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-03-11 22:51 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-03-11 22:51 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-03-11 22:51 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-11 22:51 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-11 22:51 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-11 22:51 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-03-11 22:51 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-03-11 22:51 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-03-11 22:51 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-03-11 22:51 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-11 22:51 - 2015-02-19 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-11 22:51 - 2015-02-19 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-11 22:51 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-11 22:51 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-11 22:51 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 22:51 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-03-11 22:51 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-11 22:51 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-11 22:51 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-11 22:51 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-11 22:51 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-03-11 22:51 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-11 22:51 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-11 22:51 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-11 22:51 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-11 22:51 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-03-11 22:51 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-11 22:51 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-11 22:51 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-11 22:51 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-11 22:48 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-11 22:48 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-11 00:03 - 2015-03-11 00:03 - 00000000 ____D () C:\Users\Meredith\AppData\Local\{C5C3D377-31D1-476D-B489-C2F64E23561D}
2015-03-08 21:23 - 2015-03-10 10:50 - 00000000 ____D () C:\Users\Meredith\AppData\Local\{FF5748E0-0878-4944-A2F8-879BBC57D88F}
2015-03-08 18:17 - 2015-03-29 01:50 - 00000000 _____ () C:\END
2015-03-08 13:34 - 2015-03-08 13:34 - 10914194 _____ () C:\Users\Meredith\Downloads\3S2563DL.zip
2015-03-08 13:34 - 2015-03-08 13:34 - 10551047 _____ () C:\Users\Meredith\Downloads\3S2610DL.zip
2015-03-08 13:34 - 2015-03-08 13:34 - 08411378 _____ () C:\Users\Meredith\Downloads\3S2654DL.zip
2015-03-08 12:28 - 2015-03-08 12:28 - 00000235 _____ () C:\Users\Meredith\Downloads\Official50_Newsletter.vcf
2015-03-05 14:53 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-03-05 14:53 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-03-05 14:53 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-03-05 14:53 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-28 19:02 - 2015-01-08 18:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-28 19:02 - 2015-01-08 18:43 - 00419936 _____ () C:\windows\system32\locale.nls
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-29 10:41 - 2012-04-22 12:04 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-29 10:23 - 2014-08-16 11:07 - 00000000 ____D () C:\Users\Meredith\AppData\Local\fst_us_205
2015-03-29 10:16 - 2011-10-06 18:28 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-29 10:01 - 2014-08-16 23:01 - 00000304 _____ () C:\windows\Tasks\Groovorio Updater.job
2015-03-29 09:57 - 2011-10-06 18:02 - 01152219 _____ () C:\windows\WindowsUpdate.log
2015-03-29 09:56 - 2013-09-20 22:38 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
2015-03-29 02:32 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-29 02:32 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-29 02:31 - 2015-01-09 06:28 - 00003808 _____ () C:\windows\setupact.log
2015-03-29 02:28 - 2014-08-16 11:07 - 00000430 _____ () C:\windows\Tasks\click-n-mark Update.job
2015-03-29 02:28 - 2014-08-16 11:07 - 00000410 _____ () C:\windows\Tasks\click-n-mark_wd.job
2015-03-29 02:28 - 2011-10-06 18:28 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-29 02:24 - 2010-11-20 22:47 - 02048438 _____ () C:\windows\PFRO.log
2015-03-29 02:24 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-29 02:19 - 2014-05-20 21:13 - 00002171 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-29 02:15 - 2014-09-20 13:51 - 00001972 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-03-29 02:15 - 2014-09-20 13:51 - 00001970 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-03-29 02:15 - 2014-09-20 13:51 - 00001960 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-03-29 02:15 - 2014-09-20 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-29 02:11 - 2011-10-06 18:28 - 00003898 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-29 02:11 - 2011-10-06 18:28 - 00003646 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-29 01:44 - 2011-10-15 01:06 - 00000000 ____D () C:\Users\Meredith
2015-03-29 01:40 - 2014-09-21 13:21 - 00003206 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2015-03-29 01:40 - 2014-09-21 13:20 - 00002249 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2015-03-29 01:40 - 2014-09-21 13:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-03-29 01:40 - 2014-09-21 13:19 - 00000000 ____D () C:\windows\system32\Drivers\N360x64
2015-03-29 01:29 - 2014-08-17 06:20 - 00000160 _____ () C:\Users\Meredith\AppData\Roaming\WB.CFG
2015-03-22 18:04 - 2015-02-06 07:08 - 00000000 ____D () C:\Program Files (x86)\ProductUI
2015-03-22 18:04 - 2015-02-06 07:07 - 00000000 ____D () C:\ProgramData\tOtcIUpZT
2015-03-21 01:42 - 2011-11-23 09:55 - 00000000 ____D () C:\Users\Meredith\AppData\Local\CrashDumps
2015-03-16 00:11 - 2009-07-14 00:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-03-13 17:56 - 2013-09-21 04:10 - 00001425 _____ () C:\Users\Meredith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2015-03-13 15:37 - 2013-09-20 22:36 - 00000000 ____D () C:\Users\Meredith\AppData\Local\Torch
2015-03-12 22:10 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2015-03-12 12:49 - 2009-07-13 23:45 - 00411736 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-12 12:45 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-03-12 12:45 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\Dism
2015-03-12 12:27 - 2011-10-15 02:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 12:27 - 2009-07-13 21:34 - 00000580 _____ () C:\windows\win.ini
2015-03-12 12:03 - 2013-08-11 18:27 - 00000000 ____D () C:\windows\system32\MRT
2015-03-12 11:55 - 2011-10-17 17:53 - 122905848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-10 15:32 - 2011-11-03 23:49 - 00000000 ____D () C:\Users\Meredith\AppData\Local\Windows Live
2015-03-08 22:27 - 2015-02-24 15:33 - 00000000 ____D () C:\Users\Meredith\Desktop\New folder
2015-03-08 14:05 - 2009-07-14 00:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-08 11:07 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\tracing
 
==================== Files in the root of some directories =======
 
2014-12-04 06:15 - 2014-12-04 06:15 - 1526240 _____ (Cinema ProV04.12) C:\Users\Meredith\AppData\Roaming\RMPCCK.exe
2014-09-01 03:18 - 2014-09-01 03:18 - 0001248 _____ () C:\Users\Meredith\AppData\Roaming\RRLRCR
2014-08-17 06:20 - 2015-03-29 01:29 - 0000160 _____ () C:\Users\Meredith\AppData\Roaming\WB.CFG
2012-12-12 05:57 - 2013-03-06 20:48 - 0009216 _____ () C:\Users\Meredith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-04 07:01 - 2014-12-16 23:01 - 0000010 _____ () C:\Users\Meredith\AppData\Local\DSI.DAT
2014-12-16 23:01 - 2014-12-16 23:01 - 0022528 _____ () C:\Users\Meredith\AppData\Local\dsisetup2262275482.exe
2014-12-04 07:01 - 2014-12-04 07:01 - 0022528 _____ () C:\Users\Meredith\AppData\Local\dsisetup35910962.exe
2014-09-17 21:40 - 2014-09-20 13:53 - 0000003 _____ () C:\Users\Meredith\AppData\Local\proxy.log
2012-04-22 19:27 - 2014-04-13 20:45 - 0007606 _____ () C:\Users\Meredith\AppData\Local\resmon.resmoncfg
2013-08-26 22:33 - 2013-08-26 22:33 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-27 06:58
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Meredith at 2015-03-29 10:49:16
Running from C:\Users\Meredith\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AdAwareInstaller (Version: 11.1.5354.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.1.5354.0 - Lavasoft) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 6.2.3.10 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.3.4.0 - Your Company Name) Hidden
Amazon Kindle (HKU\S-1-5-21-3527659904-4164715890-1468609793-1001\...\Amazon Kindle) (Version:  - Amazon)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-3527659904-4164715890-1468609793-1001\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.0.1 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.0.1 - Amazon Services LLC) Hidden
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
AntimalwareEngine (Version: 2.6.0.0 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.0004 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.06(T) - TOSHIBA CORPORATION)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
center (x32 Version: 6.2.5.0 - Eastman Kodak Company) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ENE CIR Receiver Driver (HKLM\...\2C293EC1A06665BB961CBA4EC7AFF4BF2BEAD042) (Version: 2.7.4.1 - ENE)
essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden
FLV Toolbar v9.2 (HKLM-x32\...\{41CE52BD-8A2A-4117-BE66-8A30E41AAD12}) (Version: 9.2 - Spigot, Inc.) <==== ATTENTION
FLV.com FLV Converter 4.7 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-997AF4905D9C}) (Version: 4.7 - GreenTree Applications SRL)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.26.7 - Google Inc.) Hidden
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iolo technologies' System Mechanic Premium (HKLM-x32\...\{9C67F7FB-5E42-42CF-98FD-2D42514F127B}_is1) (Version: 14.0.1 - iolo technologies, LLC)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.3.4.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.3.8.20 - Eastman Kodak Company)
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.3.12 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 267.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 267.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 267.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PC Safe PRO (HKLM-x32\...\{20F8E0BC-A7E9-4742-9285-AEADB84705A0}) (Version: 2.5.4 - Fusion Tech Software, LLC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
PreReq (x32 Version: 6.2.3.0 - Eastman Kodak Company) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6305 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
SAFARI Montage Media Player (HKLM-x32\...\{964E6BE3-F213-44C5-93C9-AE1586A89323}) (Version: 5.8.19 - Library Video Company)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Torch (HKU\S-1-5-21-3527659904-4164715890-1468609793-1001\...\Torch) (Version: 39.0.0.9037 - Torch Media, Inc) <==== ATTENTION
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}) (Version: 2.2.6775 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.7 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.24.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.9.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.34C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.1.12 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.8 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.10.26 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.5.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.6.08-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
US Tech Support Framework (HKLM-x32\...\{4734A746-A503-4B8E-A4FA-7B7C84A18D79}) (Version: 2.1.0.4741 - US Tech Support LLC)
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)
 
==================== Restore Points  =========================
 
29-03-2015 02:07:22 Software Removal Tool
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-09-20 13:04 - 00001221 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02B6090C-B0A2-438C-9991-71A680695961} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {061EB6E3-234B-486D-B2BF-697453F1C32C} - System32\Tasks\click-n-mark Update => C:\Program Files (x86)\ver2click-n-mark\B8click-n-marke91.exe
Task: {07AE9624-E61C-4C34-A2AC-D87CC4D4507D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08] (Adobe Systems Incorporated)
Task: {10B1B1FC-DF07-4358-A44E-CE4B10588BD6} - System32\Tasks\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-6 => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-6.exe <==== ATTENTION
Task: {26D99CB8-0C04-4B1E-A80E-8FDD7099C178} - System32\Tasks\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-5 => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-5.exe <==== ATTENTION
Task: {350248E4-263B-46C0-A4CE-ACB6960BF66F} - System32\Tasks\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-2 => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-2.exe <==== ATTENTION
Task: {3562FAE4-F3B4-433C-843F-6ED10A948B94} - System32\Tasks\PCSafePRO_Popup => C:\Program Files (x86)\PC Safe PRO\Splash.exe
Task: {39C0C038-81B7-4F3E-B70B-674FD500D8C4} - System32\Tasks\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-4 => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-4.exe <==== ATTENTION
Task: {4F1368CA-B160-4AB5-AEF6-1D99F69823AD} - System32\Tasks\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-5_user => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-5.exe <==== ATTENTION
Task: {53B09728-246C-4151-BAB9-F99479C32F94} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-19] (Google Inc.)
Task: {56915F1D-5CEC-4333-BF61-88D5DE13EC43} - System32\Tasks\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-1 => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\Cinema Go Pro 2.3cV04.12-codedownloader.exe <==== ATTENTION
Task: {5B90DF44-ACF0-4154-89E3-FB4BE24BDC29} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5FA4DB7B-3CE7-4D12-9D4F-25E82433A2E8} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {64F68A73-3B4C-46F9-B5F7-BFFFEF78C580} - System32\Tasks\Groovorio Updater => C:\Users\Meredith\AppData\Roaming\GroovorioUpdater\UpdateProc\UpdateTask.exe [2013-04-09] () <==== ATTENTION
Task: {75BC1993-F792-48CE-A587-794F67CCF948} - System32\Tasks\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-7 => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-7.exe <==== ATTENTION
Task: {7DC651EE-8B1B-416C-887F-95E6D9413E24} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe <==== ATTENTION
Task: {835E0A60-ECF9-4706-962E-9409D5AF5D8A} - System32\Tasks\click-n-mark_wd => C:\Program Files (x86)\ver2click-n-mark\N7click-n-markQ.exe
Task: {92136A10-3FF0-4963-AF05-21EC9086A07C} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A3E404DD-5D04-4E4B-B52B-B0B2B980BBE9} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {C816DB58-FF88-4ED9-8E24-C8323F90E77F} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic Premium\iologovernor64.exe [2014-08-13] (iolo technologies, LLC)
Task: {CB0D2DEE-84B4-4AFA-8DBA-67C285C87B02} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {CCC0F072-2831-4763-8D3B-1276411FF046} - System32\Tasks\461b5b71-0217-4656-9237-e73f693f5d9c => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\461b5b71-0217-4656-9237-e73f693f5d9c.exe <==== ATTENTION
Task: {CFB69A51-6F6D-4D4D-A2E5-276CE6737F83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-19] (Google Inc.)
Task: {D9DB318B-EBB5-4F49-A37B-5AB5554B316E} - System32\Tasks\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-11 => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-11.exe <==== ATTENTION
Task: {E2777681-D87D-4116-9D38-83F8FADB6866} - System32\Tasks\Microsoft\Windows\Maintenance\I.C. Update Procedure => %LOCALAPPDATA%\I. d. l. e . C. r. a. w. l. e. r\I. C. Runner.exe
Task: {E37006A5-D364-4135-AD00-7749F4BBB221} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EBA6ADCF-C189-4A01-B6E8-BFFBB305F8A0} - System32\Tasks\PCSafePRO_Start => C:\Program Files (x86)\PC Safe PRO\PCSafePRO.exe
Task: {F371039E-5326-481C-9C17-E9C780E91700} - System32\Tasks\{7A1786BC-2992-42D4-BC7C-0ECD029F75C0} => pcalua.exe -a C:\ProgramData\ZombieNews\uninstall.exe -c /kb=y /ic=1
Task: {F4BFE497-F71D-4B53-B51B-DDC14D399A6B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F706839B-F6A9-4B75-9DA6-D8F10DB1D263} - System32\Tasks\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-3 => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-3.exe <==== ATTENTION
Task: {FB056AFD-60D5-43E2-9F1D-757CD80A187C} - System32\Tasks\8743f4d1-242e-49db-9dc5-404f55477099 => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\8743f4d1-242e-49db-9dc5-404f55477099.exe <==== ATTENTION
Task: {FDD83840-F953-4C39-8683-364636C4C70B} - System32\Tasks\I.C. Runner Procedure => %LOCALAPPDATA%\I. d. l. e . C. r. a. w. l. e. r\I. C. Runner.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\click-n-mark Update.job => C:\Program Files (x86)\ver2click-n-mark\B8click-n-marke91.exe
Task: C:\windows\Tasks\click-n-mark_wd.job => C:\Program Files (x86)\ver2click-n-mark\N7click-n-markQ.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Groovorio Updater.job => C:\Users\Meredith\AppData\Roaming\GROOVO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2015-02-06 07:09 - 2015-02-06 07:09 - 00008704 _____ () C:\windows\assembly\GAC_MSIL\IEExtension\1.0.0.0__64637c62d0471340\IEExtension.dll
2015-02-06 07:09 - 2015-02-06 07:09 - 00028672 _____ () C:\windows\assembly\GAC_MSIL\BandObjectLib\1.0.0.0__706605cd3088d56a\BandObjectLib.dll
2014-08-16 11:07 - 2014-08-12 13:00 - 03356152 _____ () C:\Users\Meredith\AppData\Local\fst_us_205\upfst_us_205.exe
2011-04-04 21:18 - 2011-04-04 21:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-11-30 12:37 - 2010-11-30 12:37 - 00048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2011-02-22 21:22 - 2011-02-22 21:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2010-12-15 17:19 - 2010-12-15 17:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2015-01-21 08:27 - 2015-01-21 08:27 - 00169472 _____ () C:\Program Files (x86)\ProductUI\Startup.exe
2010-12-08 17:42 - 2010-12-08 17:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-09-16 08:35 - 2014-09-16 08:35 - 00211456 _____ () C:\Program Files (x86)\ProductUI\Agent.Communication.EventsRelayProxy.dll
2015-03-13 15:27 - 2015-02-23 23:01 - 01358344 _____ () C:\Users\Meredith\AppData\Local\Torch\Application\39.0.0.9037\libglesv2.dll
2015-03-13 15:27 - 2015-02-23 23:01 - 00218632 _____ () C:\Users\Meredith\AppData\Local\Torch\Application\39.0.0.9037\libegl.dll
2015-03-13 15:27 - 2015-02-23 23:01 - 09309192 _____ () C:\Users\Meredith\AppData\Local\Torch\Application\39.0.0.9037\pdf.dll
2015-03-13 15:27 - 2015-02-23 23:01 - 01929736 _____ () C:\Users\Meredith\AppData\Local\Torch\Application\39.0.0.9037\ffmpegsumo.dll
2015-03-13 15:27 - 2015-02-23 23:01 - 14910280 _____ () C:\Users\Meredith\AppData\Local\Torch\Application\39.0.0.9037\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3527659904-4164715890-1468609793-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Meredith\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.214.231.80
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3527659904-4164715890-1468609793-500 - Administrator - Disabled)
Guest (S-1-5-21-3527659904-4164715890-1468609793-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3527659904-4164715890-1468609793-1003 - Limited - Enabled)
Meredith (S-1-5-21-3527659904-4164715890-1468609793-1001 - Administrator - Enabled) => C:\Users\Meredith
Sandy (S-1-5-21-3527659904-4164715890-1468609793-1005 - Limited - Enabled) => C:\Users\Sandy
UpdatusUser (S-1-5-21-3527659904-4164715890-1468609793-1000 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: Symantec Network Security Intermediate Filter Driver
Description: Symantec Network Security Intermediate Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SymIM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Bluetooth USB Controller-10 from TOSHIBA
Description: Bluetooth USB Controller-10 from TOSHIBA
Class Guid: {7240100f-6512-4548-8418-9ebb5c6a1a94}
Manufacturer: Toshiba
Service: tosrfusb
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/29/2015 02:27:04 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (03/29/2015 02:25:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/29/2015 01:42:35 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (03/29/2015 01:41:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/26/2015 06:41:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 14.0.7145.5001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1ed4
 
Start Time: 01d0661fcbdb3eff
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
 
Report Id: 114dcb77-d3ad-11e4-9066-b870f4d13fff
 
Error: (03/22/2015 06:24:51 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (03/22/2015 06:24:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/21/2015 05:10:04 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (03/21/2015 05:09:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/18/2015 05:13:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xed4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
 
System errors:
=============
Error: (03/29/2015 02:25:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SymIM
 
Error: (03/29/2015 02:24:46 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:23:02 AM on ‎3/‎29/‎2015 was unexpected.
 
Error: (03/29/2015 01:57:59 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (03/29/2015 01:57:35 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (03/29/2015 01:40:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SymIM
 
Error: (03/29/2015 01:40:11 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:38:11 AM on ‎3/‎29/‎2015 was unexpected.
 
Error: (03/27/2015 10:56:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
 
Error: (03/27/2015 04:23:06 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (03/27/2015 04:22:42 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (03/27/2015 04:18:46 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
 
Microsoft Office Sessions:
=========================
Error: (03/29/2015 02:27:04 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (03/29/2015 02:25:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/29/2015 01:42:35 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (03/29/2015 01:41:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/26/2015 06:41:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WINWORD.EXE14.0.7145.50011ed401d0661fcbdb3eff0C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE114dcb77-d3ad-11e4-9066-b870f4d13fff
 
Error: (03/22/2015 06:24:51 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (03/22/2015 06:24:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/21/2015 05:10:04 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (03/21/2015 05:09:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/18/2015 05:13:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102ed401d0615f6e00634dC:\windows\Explorer.EXEC:\windows\SYSTEM32\ntdll.dll5c3ff3f5-cd57-11e4-920e-b870f4d13fff
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 55%
Total physical RAM: 6050.69 MB
Available physical RAM: 2667.78 MB
Total Pagefile: 12099.57 MB
Available Pagefile: 8104.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (TI106151W0F) (Fixed) (Total:580.59 GB) (Free:448.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 637CA5D8)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=580.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.1 GB) - (Type=17)
 
==================== End Of Log ============================

 


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi you are correct, there is a tad more than Zombie :)

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\...\Run: [smrt] => C:\Program Files (x86)\ProductUI\Startup.exe [169472 2015-01-21] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [upfst_us_205.exe] => C:\Users\Meredith\AppData\Local\fst_us_205\upfst_us_205.exe [3356152 2014-08-12] ()
BootExecute: ?????????????
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123...J2380053CPTMWDX
HKU\S-1-5-21-3527659904-4164715890-1468609793-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.sonic-se...q={searchTerms}
HKU\S-1-5-21-3527659904-4164715890-1468609793-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.sonic-se...q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://groovorio.com...=1374205325&ir=
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://groovorio.com...=1374205325&ir=
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://www.istart123...q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.sonic-se...q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.sonic-se...q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM-x32 -> {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = http://start.iminent...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.sonic-se...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.sonic-se...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = http://start.iminent...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://www.istart123...q={searchTerms}
BHO: No Name -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> No File
BHO: No Name -> {6FE9C928-9470-5648-CDD8-F3A11B1209D8} -> No File
BHO: No Name -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> No File
BHO-x32: No Name -> {06197747-A47F-41FB-83D1-A00E9E00E276} -> No File
BHO-x32: No Name -> {1CE539FF-E48C-2E76-05AD-1CAAAAC5152B} -> No File
BHO-x32: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> No File
BHO-x32: No Name -> {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} -> No File
BHO-x32: No Name -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> No File
BHO-x32: No Name -> {6FE9C928-9470-5648-CDD8-F3A11B1209D8} -> No File
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO-x32: No Name -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> No File
BHO-x32: No Name -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> No File
Toolbar: HKLM - No Name - !{06197747-A47F-41FB-83D1-A00E9E00E276} - No File
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM - No Name - !{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
Toolbar: HKLM - No Name - !{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
Toolbar: HKLM - No Name - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No File
Toolbar: HKLM - No Name - {06197747-A47F-41FB-83D1-A00E9E00E276} - No File
Toolbar: HKLM - SimpleBar - {9eb324ca-1466-4907-8392-92c9f653a229} - C:\windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - No File
Toolbar: HKLM-x32 - No Name - {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
Toolbar: HKLM-x32 - No Name - !{06197747-A47F-41FB-83D1-A00E9E00E276} - No File
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM-x32 - No Name - !{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
Toolbar: HKLM-x32 - No Name - !{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
Toolbar: HKLM-x32 - No Name - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No File
Toolbar: HKLM-x32 - No Name - {06197747-A47F-41FB-83D1-A00E9E00E276} - No File
Toolbar: HKLM-x32 - SimpleBar - {9eb324ca-1466-4907-8392-92c9f653a229} - C:\windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3527659904-4164715890-1468609793-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR Extension: (Torch Share) - C:\Users\Meredith\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof [2014-05-04]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Meredith\AppData\Local\Torch\Plugins\TorchPlugin.crx [2013-09-20]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - [Not Found]
R2 hZPTqsGMf; C:\ProgramData\tOtcIUpZT\hZPTqsGMf.exe [2733032 2015-02-06] (Time Lapse Solutions)
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\Umbrella229.exe [5382304 2014-12-30] (Iminent)
2015-03-29 10:03 - 2015-03-29 10:46 - 00000000 ____D () C:\Users\Meredith\AppData\Local\ZombieNews
2015-03-14 23:38 - 2015-03-14 23:39 - 00000000 ____D () C:\Users\Meredith\AppData\Local\{24F97A35-91FD-482C-8401-222EB7C04BE6}
2015-03-13 10:56 - 2015-03-13 10:56 - 00000000 ____D () C:\Users\Meredith\AppData\Local\{506CF986-12A7-4AAA-8EF8-1FCB307D446A}
2015-03-12 13:21 - 2015-03-12 13:21 - 00000000 ____D () C:\Users\Meredith\AppData\Local\{956ED6E7-4976-4E28-AB7D-7A04564EE7DF}
2015-03-12 00:26 - 2015-03-12 00:26 - 00000000 ____D () C:\Users\Meredith\AppData\Local\{D1C3A4F2-8B94-4FB4-9C91-B9670FB7FADE}
2015-03-11 00:03 - 2015-03-11 00:03 - 00000000 ____D () C:\Users\Meredith\AppData\Local\{C5C3D377-31D1-476D-B489-C2F64E23561D}
2015-03-08 21:23 - 2015-03-10 10:50 - 00000000 ____D () C:\Users\Meredith\AppData\Local\{FF5748E0-0878-4944-A2F8-879BBC57D88F}
2015-03-08 18:17 - 2015-03-29 01:50 - 00000000 _____ () C:\END
2015-03-29 09:56 - 2013-09-20 22:38 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
2015-03-29 02:28 - 2014-08-16 11:07 - 00000430 _____ () C:\windows\Tasks\click-n-mark Update.job
2015-03-29 02:28 - 2014-08-16 11:07 - 00000410 _____ () C:\windows\Tasks\click-n-mark_wd.job
2015-03-22 18:04 - 2015-02-06 07:08 - 00000000 ____D () C:\Program Files (x86)\ProductUI
2015-03-22 18:04 - 2015-02-06 07:07 - 00000000 ____D () C:\ProgramData\tOtcIUpZT
2015-03-13 17:56 - 2013-09-21 04:10 - 00001425 _____ () C:\Users\Meredith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2015-03-13 15:37 - 2013-09-20 22:36 - 00000000 ____D () C:\Users\Meredith\AppData\Local\Torch
Task: {061EB6E3-234B-486D-B2BF-697453F1C32C} - System32\Tasks\click-n-mark Update => C:\Program Files (x86)\ver2click-n-mark\B8click-n-marke91.exe
Task: {10B1B1FC-DF07-4358-A44E-CE4B10588BD6} - System32\Tasks\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-6 => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-6.exe <==== ATTENTION
Task: {26D99CB8-0C04-4B1E-A80E-8FDD7099C178} - System32\Tasks\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-5 => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-5.exe <==== ATTENTION
Task: {350248E4-263B-46C0-A4CE-ACB6960BF66F} - System32\Tasks\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-2 => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-2.exe <==== ATTENTION
Task: {3562FAE4-F3B4-433C-843F-6ED10A948B94} - System32\Tasks\PCSafePRO_Popup => C:\Program Files (x86)\PC Safe PRO\Splash.exe
Task: {39C0C038-81B7-4F3E-B70B-674FD500D8C4} - System32\Tasks\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-4 => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-4.exe <==== ATTENTION
Task: {4F1368CA-B160-4AB5-AEF6-1D99F69823AD} - System32\Tasks\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-5_user => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-5.exe <==== ATTENTION
Task: {56915F1D-5CEC-4333-BF61-88D5DE13EC43} - System32\Tasks\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-1 => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\Cinema Go Pro 2.3cV04.12-codedownloader.exe <==== ATTENTION
Task: {64F68A73-3B4C-46F9-B5F7-BFFFEF78C580} - System32\Tasks\Groovorio Updater => C:\Users\Meredith\AppData\Roaming\GroovorioUpdater\UpdateProc\UpdateTask.exe [2013-04-09] () <==== ATTENTION
Task: {75BC1993-F792-48CE-A587-794F67CCF948} - System32\Tasks\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-7 => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-7.exe <==== ATTENTION
Task: {7DC651EE-8B1B-416C-887F-95E6D9413E24} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe <==== ATTENTION
Task: {835E0A60-ECF9-4706-962E-9409D5AF5D8A} - System32\Tasks\click-n-mark_wd => C:\Program Files (x86)\ver2click-n-mark\N7click-n-markQ.exe
Task: {CCC0F072-2831-4763-8D3B-1276411FF046} - System32\Tasks\461b5b71-0217-4656-9237-e73f693f5d9c => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\461b5b71-0217-4656-9237-e73f693f5d9c.exe <==== ATTENTION
Task: {D9DB318B-EBB5-4F49-A37B-5AB5554B316E} - System32\Tasks\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-11 => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-11.exe <==== ATTENTION
Task: {E2777681-D87D-4116-9D38-83F8FADB6866} - System32\Tasks\Microsoft\Windows\Maintenance\I.C. Update Procedure => %LOCALAPPDATA%\I. d. l. e . C. r. a. w. l. e. r\I. C. Runner.exe
Task: {EBA6ADCF-C189-4A01-B6E8-BFFBB305F8A0} - System32\Tasks\PCSafePRO_Start => C:\Program Files (x86)\PC Safe PRO\PCSafePRO.exe
Task: {F371039E-5326-481C-9C17-E9C780E91700} - System32\Tasks\{7A1786BC-2992-42D4-BC7C-0ECD029F75C0} => pcalua.exe -a C:\ProgramData\ZombieNews\uninstall.exe -c /kb=y /ic=1
Task: {F706839B-F6A9-4B75-9DA6-D8F10DB1D263} - System32\Tasks\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-3 => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\f0f8eee1-4f5e-42bb-94d2-0cc622c990e8-3.exe <==== ATTENTION
Task: {FB056AFD-60D5-43E2-9F1D-757CD80A187C} - System32\Tasks\8743f4d1-242e-49db-9dc5-404f55477099 => C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12\8743f4d1-242e-49db-9dc5-404f55477099.exe <==== ATTENTION
Task: {FDD83840-F953-4C39-8683-364636C4C70B} - System32\Tasks\I.C. Runner Procedure => %LOCALAPPDATA%\I. d. l. e . C. r. a. w. l. e. r\I. C. Runner.exe
Task: C:\windows\Tasks\click-n-mark Update.job => C:\Program Files (x86)\ver2click-n-mark\B8click-n-marke91.exe
Task: C:\windows\Tasks\click-n-mark_wd.job => C:\Program Files (x86)\ver2click-n-mark\N7click-n-markQ.exe
Task: C:\windows\Tasks\Groovorio Updater.job => C:\Users\Meredith\AppData\Roaming\GROOVO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Program Files (x86)\Cinema Go Pro 2.3cV04.12
C:\Program Files (x86)\ver2click-n-mark
C:\Program Files (x86)\Super Optimizer
%LOCALAPPDATA%\I. d. l. e . C. r. a. w. l. e. r
C:\ProgramData\ZombieNews
C:\Users\Meredith\AppData\Roaming\GROOVO~1
C:\Program Files (x86)\ProductUI
C:\Users\Meredith\AppData\Local\fst_us_205
C:\ProgramData\tOtcIUpZT
C:\Users\Meredith\AppData\Local\Torch
C:\Program Files (x86)\Common Files\Umbrella
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
mergie21

mergie21

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

How do I open Notepad?  I still have the two notepad files FRST and Addition open.  Do I paste it in there?


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Better idea :)

Download this fixlist.txt to your desktop
[attachment=76290:fixlist.txt]
Start FRST and then press fix
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP