We keep getting a security alert message saying that a large amount of outgoing information is detected and suggesting to run the Norton Power Eraser. We have run it multiple times and keep getting the message, so much so that we started to just ignore it. Yesterday we got a message from our internet provider, "Cox has identified that one or more computers/ devices behind your cable modem maybe infected with the FakeSecSen or "Spy Sheriff" Virus. A device behind your cable modem appears to have connected to a command and control server affiliated with this malware." We ran the Microsoft Safety Scanner, the Norton Power Eraser again and did a full scan by the Norton program on our computer, but everything shows we are clean. Even doing all that though, we still get the power eraser pop-up though so we're afraid we're still infected. Thank you in advance for your help!
FRST's notes from the scan are:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by LeeAnn (administrator) on FIARSGIRL on 16-07-2015 15:24:45
Running from C:\Users\LeeAnn\Desktop
Loaded Profiles: LeeAnn (Available Profiles: LeeAnn)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\N360.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\N360.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Users\LeeAnn\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\nacl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\coNatHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [LGODDFU] => blrun
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [Updater] => C:\ProgramData\Updater\Updater.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-03-08] (Google Inc.)
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\LeeAnn\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-05-02] ()
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [Updater] => C:\ProgramData\Updater\updater.exe
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [DW7] => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [Amazon Music] => C:\Users\LeeAnn\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-05-07] ()
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [GoogleChromeAutoLaunch_13B6F06E97F6F81E2CFD9F5D3C09F313] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-19] (Google Inc.)
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [19918656 2015-03-04] (NTeWORKS)
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [OneDrive] => C:\Users\LeeAnn\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-06-20] (Microsoft Corporation)
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [Dropbox Update] => C:\Users\LeeAnn\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Run: [Open Download Manager] => C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorun
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [322048 2013-02-05] (Microsoft Corporation)
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...A8F59079A8D5}\localserver32: <==== ATTENTION!
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [394624 2014-06-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk [2013-10-24]
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
Startup: C:\Users\LeeAnn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\LeeAnn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\LeeAnn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-02-26]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\LeeAnn\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-06-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\LeeAnn\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-06-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\LeeAnn\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-06-20] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3267664469-1772823897-2773109325-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
BHO: No Name -> {9F68C126-025C-4826-860B-3EE8087C04CA} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: No Name -> {DD8479FC-99FE-417D-91A0-2E2CF019D60E} -> No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-16] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-16] (Oracle Corporation)
BHO-x32: TBSB07898 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-3267664469-1772823897-2773109325-1001 -> No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No File
Toolbar: HKU\S-1-5-21-3267664469-1772823897-2773109325-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{B7C73190-F3F5-44F1-BFBC-3C197E7F9063}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{D39EF1C2-05EA-45C5-BCA3-DAB70A81F453}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
FireFox:
========
FF ProfilePath: C:\Users\LeeAnn\AppData\Roaming\Mozilla\Firefox\Profiles\8pui9obu.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-17] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3267664469-1772823897-2773109325-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\LeeAnn\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-02] (Amazon.com, Inc.)
FF Extension: ADB Helper - C:\Users\LeeAnn\AppData\Roaming\Mozilla\Firefox\Profiles\8pui9obu.default\Extensions\
[email protected] [2015-07-07]
FF Extension: bestadblocker - C:\Users\LeeAnn\AppData\Roaming\Mozilla\Firefox\Profiles\8pui9obu.default\Extensions\
[email protected] [2015-07-07]
FF Extension: bestadblocker - C:\Users\LeeAnn\AppData\Roaming\Mozilla\Firefox\Profiles\8pui9obu.default\Extensions\
[email protected] [2015-07-07]
FF Extension: CutiTohePrice - C:\Users\LeeAnn\AppData\Roaming\Mozilla\Firefox\Profiles\8pui9obu.default\Extensions\
[email protected] [2015-07-07]
FF Extension: FireFTP - C:\Users\LeeAnn\AppData\Roaming\Mozilla\Firefox\Profiles\8pui9obu.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-06-01]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-07-16]
FF HKLM-x32\...\Thunderbird\Extensions: [
[email protected]] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\LeeAnn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Security Toolbar) - C:\Users\LeeAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-07-02]
CHR Extension: (Profile Visitors for ) - C:\Users\LeeAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk [2015-07-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\LeeAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-03]
CHR Extension: (Skype Click to Call) - C:\Users\LeeAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-21]
CHR Extension: (Boomerang for Gmail) - C:\Users\LeeAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2015-03-04]
CHR Extension: (Google Wallet) - C:\Users\LeeAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\Exts\Chrome.crx [2015-07-02]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\Exts\Chrome.crx [2015-07-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R3 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R3 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
S3 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [36224 2012-07-30] ()
R3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\N360.exe [282016 2015-06-17] (Symantec Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R3 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-09-14] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
R3 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-29] (ASUS Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-22] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605000.07C\ccSetx64.sys [165080 2015-06-03] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-06-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-06-16] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150716.001\IDSvia64.sys [692984 2015-07-02] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150716.002\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150716.002\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1605000.07C\SRTSP64.SYS [917720 2015-06-03] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605000.07C\SRTSPX64.SYS [42200 2015-06-03] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605000.07C\SYMEFASI64.SYS [1611992 2015-06-03] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605000.07C\SymELAM.sys [23568 2015-06-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-07-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605000.07C\Ironx64.SYS [288984 2015-06-03] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605000.07C\SYMNETS.SYS [567512 2015-06-03] (Symantec Corporation)
U0 msahci; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-16 15:24 - 2015-07-16 15:25 - 00027752 _____ C:\Users\LeeAnn\Desktop\FRST.txt
2015-07-16 15:24 - 2015-07-16 15:24 - 00000000 ____D C:\FRST
2015-07-16 15:23 - 2015-07-16 15:23 - 02133504 _____ (Farbar) C:\Users\LeeAnn\Desktop\frst64.exe
2015-07-16 13:58 - 2015-07-16 13:59 - 189383448 _____ (Microsoft Corporation) C:\Users\LeeAnn\Downloads\msert(1).exe
2015-07-16 13:57 - 2015-07-16 13:59 - 189383448 _____ (Microsoft Corporation) C:\Users\LeeAnn\Downloads\msert.exe
2015-07-16 08:45 - 2015-07-16 08:45 - 00284768 _____ C:\Windows\Minidump\071615-72828-01.dmp
2015-07-16 08:09 - 2015-07-16 08:07 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-16 08:07 - 2015-07-16 08:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-16 08:07 - 2015-07-16 08:07 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-16 02:47 - 2015-07-16 02:47 - 00284768 _____ C:\Windows\Minidump\071615-59437-01.dmp
2015-07-16 01:39 - 2015-07-16 01:39 - 00284768 _____ C:\Windows\Minidump\071615-141718-01.dmp
2015-07-16 01:37 - 2015-07-16 01:37 - 00000000 __SHD C:\found.002
2015-07-15 21:34 - 2015-07-15 21:34 - 00000000 ___HD C:\OneDriveTemp
2015-07-15 21:33 - 2015-07-15 21:33 - 00000000 ____D C:\NPE
2015-07-15 21:30 - 2015-07-15 21:30 - 03088296 _____ (Symantec Corporation) C:\Users\LeeAnn\Downloads\NPE.exe
2015-07-12 21:05 - 2015-07-12 21:05 - 00044570 _____ C:\Users\LeeAnn\Downloads\1841D4-E-V-0649 (1).tif
2015-07-12 21:04 - 2015-07-12 21:05 - 00044570 _____ C:\Users\LeeAnn\Downloads\1841D4-E-V-0649.tif
2015-07-11 16:32 - 2015-07-11 16:32 - 00000000 ____D C:\Users\LeeAnn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-11 16:13 - 2015-07-11 16:13 - 00000000 __SHD C:\found.001
2015-07-09 12:14 - 2015-07-09 12:14 - 00000000 __SHD C:\found.000
2015-07-08 19:35 - 2015-07-08 19:35 - 12210176 _____ C:\Users\LeeAnn\Desktop\Leeann's Quicken Data Jan 3, 2014 correct.QDF-backup
2015-07-03 14:06 - 2015-07-07 14:59 - 00000000 ____D C:\Users\LeeAnn\Desktop\New folder
2015-07-03 14:05 - 2015-07-03 14:05 - 00000000 ____D C:\Users\LeeAnn\New folder
2015-07-02 15:41 - 2015-07-16 13:31 - 00000000 ____D C:\Users\LeeAnn\AppData\Local\NPE
2015-07-02 15:40 - 2015-07-02 15:40 - 00000000 ____D C:\Windows\SysWOW64\X86
2015-07-02 15:40 - 2015-07-02 15:40 - 00000000 ____D C:\Windows\SysWOW64\AMD64
2015-07-02 15:40 - 2015-07-02 15:40 - 00000000 ____D C:\Program Files (x86)\Profile Visitors for
2015-07-02 15:37 - 2015-07-15 22:34 - 00000000 ____D C:\Program Files (x86)\CutiTohePrice
2015-07-02 15:37 - 2015-07-02 15:40 - 00000000 ____D C:\ProgramData\12670974670503140408
2015-07-02 15:35 - 2015-07-02 15:35 - 00000000 ____D C:\ProgramData\nmodnnbhlabcjogacfacacdmlmabpchi
2015-07-02 15:34 - 2015-07-02 15:34 - 00000000 ____D C:\ProgramData\{e30aebb7-9b31-38f8-e30a-aebb79b3aede}
2015-07-02 12:06 - 2015-07-02 12:06 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2015-07-02 11:55 - 2015-07-02 11:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-07-02 11:48 - 2015-07-02 11:49 - 00284712 _____ C:\Windows\Minidump\070215-121203-01.dmp
2015-07-02 11:23 - 2015-07-02 11:55 - 00002266 _____ C:\Users\Public\Desktop\Norton 360 Premier.LNK
2015-07-02 09:31 - 2015-07-02 09:31 - 00000000 ____D C:\Users\LeeAnn\AppData\Roaming\Open Download Manager
2015-07-02 09:31 - 2015-07-02 09:31 - 00000000 ____D C:\Users\LeeAnn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2015-07-02 09:31 - 2015-07-02 09:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2015-06-24 15:17 - 2015-06-24 15:17 - 00014246 _____ C:\Users\LeeAnn\Documents\Items in trailer packing.xlsx
2015-06-23 13:42 - 2015-06-23 18:20 - 00000000 ____D C:\Users\LeeAnn\Desktop\Rachel's pics
2015-06-22 13:36 - 2015-07-16 14:41 - 00000942 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3267664469-1772823897-2773109325-1001UA.job
2015-06-22 13:36 - 2015-07-16 13:41 - 00000890 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3267664469-1772823897-2773109325-1001Core.job
2015-06-22 13:36 - 2015-06-22 13:36 - 00003890 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3267664469-1772823897-2773109325-1001UA
2015-06-22 13:36 - 2015-06-22 13:36 - 00003510 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3267664469-1772823897-2773109325-1001Core
2015-06-22 13:36 - 2015-06-22 13:36 - 00000000 ____D C:\Users\LeeAnn\AppData\Local\Dropbox
2015-06-22 13:36 - 2015-06-22 13:36 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-20 10:29 - 2015-07-16 14:40 - 00000000 ___RD C:\Users\LeeAnn\OneDrive
2015-06-20 10:29 - 2015-06-20 10:29 - 00002269 _____ C:\Users\LeeAnn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-06-20 10:28 - 2015-06-20 10:28 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-06-17 01:01 - 2015-06-17 01:01 - 01202856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
2015-06-16 13:14 - 2015-06-16 13:14 - 00000000 ____D C:\Users\LeeAnn\awstats-7.3
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-16 15:13 - 2013-01-04 21:12 - 00000344 _____ C:\Windows\lgfwup.ini
2015-07-16 15:13 - 2013-01-04 21:12 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2015-07-16 15:11 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\sru
2015-07-16 14:38 - 2014-02-19 13:21 - 00003542 _____ C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64)
2015-07-16 14:38 - 2014-01-06 21:46 - 00003114 _____ C:\Windows\System32\Tasks\ASUS Live Update
2015-07-16 14:38 - 2012-12-11 22:00 - 00003056 _____ C:\Windows\System32\Tasks\ASUS P4G
2015-07-16 14:38 - 2012-11-10 10:27 - 00003028 _____ C:\Windows\System32\Tasks\ASUS USB Charger Plus
2015-07-16 14:37 - 2012-12-11 19:40 - 00000500 _____ C:\Users\LeeAnn\AppData\Roaming\sp_data.sys
2015-07-16 14:32 - 2012-07-26 00:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-16 14:30 - 2012-11-10 10:31 - 01745834 _____ C:\Windows\WindowsUpdate.log
2015-07-16 08:49 - 2015-03-02 15:15 - 00000000 ___RD C:\Users\LeeAnn\Dropbox
2015-07-16 08:49 - 2015-03-02 15:08 - 00000000 ____D C:\Users\LeeAnn\AppData\Roaming\Dropbox
2015-07-16 08:45 - 2013-01-24 13:56 - 00000000 ____D C:\Windows\Minidump
2015-07-16 08:37 - 2015-03-20 10:26 - 00000000 ____D C:\Program Files (x86)\PicPick
2015-07-16 08:37 - 2012-11-10 10:21 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2015-07-16 08:13 - 2015-03-04 12:04 - 00000000 ____D C:\ProgramData\Oracle
2015-07-16 08:05 - 2012-12-28 19:19 - 00988672 ___SH C:\Users\LeeAnn\Downloads\Thumbs.db
2015-07-16 07:55 - 2012-12-23 12:32 - 00573952 ___SH C:\Users\LeeAnn\Documents\Thumbs.db
2015-07-16 04:48 - 2012-07-26 00:59 - 00000000 ____D C:\Windows\CbsTemp
2015-07-16 04:08 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\rescache
2015-07-16 03:41 - 2015-03-24 15:31 - 00462024 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-16 03:40 - 2014-12-12 18:09 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 03:40 - 2014-07-22 15:47 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-16 03:39 - 2012-07-26 01:12 - 00000000 ___RD C:\Windows\ToastData
2015-07-16 03:10 - 2013-01-05 22:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 21:34 - 2012-12-11 21:24 - 00398336 ___SH C:\Users\LeeAnn\Desktop\Thumbs.db
2015-07-15 21:32 - 2012-08-01 18:20 - 00908422 _____ C:\Windows\PFRO.log
2015-07-15 21:31 - 2012-07-25 22:26 - 00786432 ___SH C:\Windows\system32\config\BBI
2015-07-15 15:53 - 2013-03-04 16:50 - 00000000 ____D C:\Users\LeeAnn\AppData\Roaming\.minecraft
2015-07-15 14:51 - 2013-08-19 13:22 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 14:50 - 2013-01-08 12:42 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-07-15 14:50 - 2012-08-04 18:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-07-15 14:48 - 2015-03-04 10:30 - 00000000 ____D C:\Users\LeeAnn\Documents\Dental work
2015-07-15 14:48 - 2015-01-02 20:53 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-13 16:34 - 2012-12-11 19:44 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3267664469-1772823897-2773109325-1001
2015-07-13 09:00 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-07-11 16:17 - 2012-07-25 22:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-07-06 14:34 - 2014-12-12 18:13 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-06 14:34 - 2014-12-12 18:13 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-04 17:45 - 2012-12-11 20:06 - 00000000 ____D C:\Users\LeeAnn\AppData\Local\CrashDumps
2015-07-03 14:05 - 2012-12-11 19:36 - 00000000 ____D C:\Users\LeeAnn
2015-07-03 08:43 - 2012-12-12 15:50 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-02 15:52 - 2012-07-26 01:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-07-02 15:43 - 2012-12-11 21:23 - 00000000 ____D C:\ProgramData\Norton
2015-07-02 11:55 - 2014-11-16 12:45 - 00003208 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-07-02 11:55 - 2014-11-16 12:37 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2015-07-02 11:26 - 2014-11-16 12:45 - 00102616 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-07-02 11:26 - 2014-11-16 12:45 - 00008166 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-07-02 11:26 - 2014-11-16 12:45 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-02 11:04 - 2012-12-11 21:23 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-06-24 16:31 - 2012-12-17 10:06 - 00000000 ____D C:\Users\LeeAnn\AppData\Roaming\Apple Computer
2015-06-23 13:44 - 2012-07-26 00:28 - 00005388 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-22 15:59 - 2014-02-19 14:54 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
==================== Files in the root of some directories =======
2013-05-20 15:35 - 2013-05-20 15:35 - 0000021 _____ () C:\Users\LeeAnn\AppData\Roaming\my_intel.sys
2012-12-11 19:40 - 2015-07-16 14:37 - 0000500 _____ () C:\Users\LeeAnn\AppData\Roaming\sp_data.sys
2014-04-13 12:32 - 2014-04-13 12:32 - 0009216 _____ () C:\Users\LeeAnn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-08 11:24 - 2013-01-08 12:40 - 0002096 _____ () C:\ProgramData\hpzinstall.log
2012-10-12 15:57 - 2012-10-12 15:57 - 4067328 _____ () C:\ProgramData\ReadOnlyInstaller.msi
2012-08-04 18:42 - 2012-07-29 23:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 18:42 - 2009-07-22 03:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-12-11 21:06 - 2012-12-11 21:06 - 0033958 _____ () C:\ProgramData\uninstaller.exe
Files to move or delete:
====================
C:\ProgramData\uninstaller.exe
C:\Users\LeeAnn\jobq.dat
Some files in TEMP:
====================
C:\Users\LeeAnn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6vvgxb.dll
C:\Users\LeeAnn\AppData\Local\Temp\ose00000.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-15 17:14
==================== End of log ============================
The Addition notes are :
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by LeeAnn at 2015-07-16 15:25:54
Running from C:\Users\LeeAnn\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3267664469-1772823897-2773109325-500 - Administrator - Disabled)
Guest (S-1-5-21-3267664469-1772823897-2773109325-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3267664469-1772823897-2773109325-1003 - Limited - Enabled)
LeeAnn (S-1-5-21-3267664469-1772823897-2773109325-1001 - Administrator - Enabled) => C:\Users\LeeAnn
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 Premier (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Amazon Amazon Music) (Version: 3.9.5.820 - Amazon Services LLC)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.7 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS Product Demo Movie (HKLM-x32\...\{DC06C90B-C5BE-42F6-B74D-A9503170998C}) (Version: 1.0.3 - ASUS )
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.1.4 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.8 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.0.0 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
FamilySearch Indexing 3.18.3 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.18.3 - FamilySearch)
Flixster (HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\cde6baecc037497b) (Version: 2.2.0.304 - Flixster)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP Imaging Device Functions 14.5 (HKLM\...\HP Imaging Device Functions) (Version: 14.5 - HP)
HP Scanjet G4050 (HKLM\...\{0A9FC1DA-46F7-4305-A4EF-FDCA8D9B1A5A}) (Version: 14.5 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpg4050 (x32 Version: 140.000.000.000 - Hewlett-Packard) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Internet Updater (HKLM-x32\...\InternetUpdater) (Version: 2.6.52 - Parallel Lines Development, LLC) <==== ATTENTION
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.5218a - CyberLink Corp.)
LG Burning Tool (x32 Version: 6.2.5218a - CyberLink Corp.) Hidden
LG CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
LG CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
LG CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2808 - CyberLink Corp.)
LG CyberLink Media Suite (x32 Version: 8.0.2808 - CyberLink Corp.) Hidden
LG CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.6023 - CyberLink Corp.)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LightningDownloader (HKLM-x32\...\{0F44DC3H-6E62-4961-A14B-95323C512F9B}_is1) (Version: 1.0 - LightningDownloader)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MPC-HC 1.6.7.7114 (9eb64ec) (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.7.7114 - MPC-HC Team)
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.5.0.124 - Symantec Corporation)
OCR Software by I.R.I.S. 14.5 (HKLM\...\HPOCR) (Version: 14.5 - HP)
Open Downloader Manager (HKLM-x32\...\OpenDownloaderManager) (Version: - Installer Technology Co)
PicPick (HKLM-x32\...\PicPick) (Version: 4.0.4 - NTeWORKS)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.8.8 - Intuit)
RootsMagic 6.3.0.2 (HKLM-x32\...\{94433E0D-764C-4964-AD0B-EC46BCA7E68E}_is1) (Version: RootsMagic 6.3.0.2 - RootsMagic, Inc.)
Scan (x32 Version: 14.0.1.0 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.49 - WebAppTech Coding, LLC) <==== ATTENTION
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VideoBuzz (HKLM-x32\...\{B25D67C4-E885-43F8-8085-B532F6261529}) (Version: 1.0.0 - InstallX, LLC) <==== ATTENTION
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - ASUS (ATP) Mouse (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
Yontoo 1.10.03 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.03 - Yontoo LLC)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3267664469-1772823897-2773109325-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\LeeAnn\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {21173257-FC88-4CE4-83BE-24BD7DEDAA8B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {29BEBD1F-6DE1-4415-B227-406FCE482D77} - System32\Tasks\{DC5FE85D-45A7-46E9-8B18-2DF769577ADE} => pcalua.exe -a "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe"
Task: {4F42EBEE-E33F-4DB8-92A7-1C6A212CD701} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3267664469-1772823897-2773109325-1001UA => C:\Users\LeeAnn\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {53772076-B365-410E-A0EC-B359EAA334F5} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {674E22A8-71A3-4FEB-B843-90D4F62455EC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3267664469-1772823897-2773109325-1001Core => C:\Users\LeeAnn\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {A46AE993-CD4C-47D3-BB6C-73F918666384} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {B0BEF4B7-86F6-4275-84C9-E0CE30F73427} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {C191D8EF-BFD6-48EE-B81A-4429DB340AFD} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-04-29] (AsusTek)
Task: {CC1ED32A-0108-4FCF-9219-701DE0852CEE} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {DE9DBB09-4491-48B7-8706-994CD8188104} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {E40D5F68-AAC0-46C1-BD82-51098086ECB8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E696FDE9-CA97-4290-9423-398E00BF95DE} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {EECBFE77-8079-4A01-847A-E2AC04D26EA5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {F8EA2B1D-11E4-426A-8B9B-43F41DC1AB08} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\WSCStub.exe [2015-06-17] (Symantec Corporation)
Task: {FF8585CD-23F1-4E9B-994E-B74798E9DF20} - System32\Tasks\{F71B94B0-13E1-462C-9D35-A1BC9F7D3176} => pcalua.exe -a E:\Setup.exe -d E:\
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3267664469-1772823897-2773109325-1001Core.job => C:\Users\LeeAnn\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3267664469-1772823897-2773109325-1001UA.job => C:\Users\LeeAnn\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2013-06-02 21:34 - 2013-06-02 21:35 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-10-22 04:17 - 2012-07-30 04:26 - 00029056 _____ () C:\Windows\system32\DptfParticipantProcessorService.exe
2012-08-10 19:28 - 2012-08-10 19:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-11-10 10:17 - 2012-09-17 19:47 - 00078480 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-11-10 10:17 - 2012-09-17 19:47 - 00386192 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-23 21:21 - 2011-11-23 21:21 - 00105576 ____R () C:\Program Files (x86)\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
2012-08-24 18:17 - 2012-08-24 18:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2012-11-10 10:16 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2009-12-15 13:46 - 2009-12-15 13:46 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-12-15 13:49 - 2009-12-15 13:49 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-06-22 15:59 - 2015-06-19 22:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-22 15:59 - 2015-06-19 22:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\LeeAnn\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzsetup.lnk => C:\Windows\pss\hpzsetup.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^LeeAnn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup
MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUSQuickGesture(x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
MSCONFIG\startupreg: ASUSQuickGesture(x86) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
MSCONFIG\startupreg: ASUSTPLoader(x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
MSCONFIG\startupreg: BtTray => "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
MSCONFIG\startupreg: BtvStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
MSCONFIG\startupreg: DptfPolicyLpmServiceHelper => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LGODDFU => "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: PowerSkin => c:\windows\temp\PowerSkin\PowerSkin.exe
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: VIAAUD => C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe
HKLM\...\StartupApproved\StartupFolder: => "Amazon Unbox.lnk"
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\StartupApproved\Run: => "AmazonMP3DownloaderHelper"
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\StartupApproved\Run: => "swg"
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\StartupApproved\Run: => "PicPick Start"
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3267664469-1772823897-2773109325-1001\...\StartupApproved\Run: => "Dropbox Update"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{EF5E1F7C-86E5-4597-849D-BC3849D3943A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{D42FCDAC-CD18-4D37-93D4-DDDEACDC2BE2}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{DAF54B4C-C5FD-4BB0-A267-DD27DB0C1FA5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A5A9A173-8CA4-4D01-96BC-CFAFBBA5B035}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F47A11E5-E5BD-48F5-9D5A-D56DBF35112F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{127229DA-59F4-4DB9-A473-183C016E597B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{358CCE61-2E9C-4968-95A3-0DD99FA38153}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{75EC5517-58A5-4570-8CD0-349EBE75538E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{F20D3325-2CE3-44AE-A27C-5241646F1CA3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{59D1695C-4361-4BF1-A6C9-1E44C5B0CD92}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{389F102A-C489-48BC-918F-CD6F3988BDD4}] => (Allow) C:\Users\LeeAnn\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{B8047CC7-B3D3-4995-8E32-9843844CA6DC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FA6331CF-D13E-40B5-9EE7-D0C026C04577}] => (Allow) LPort=2869
FirewallRules: [{EB0B0BC5-F1BC-4D95-AAFB-89B786B02675}] => (Allow) LPort=1900
FirewallRules: [{F5A9774D-B93A-4FA3-851D-61F6EE141222}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7DB3D02C-0266-462F-B71E-26F55D1D0B25}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{92F52334-C7C2-4206-AB29-548BB9B5A041}] => (Allow) C:\Users\LeeAnn\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6E3EF6EA-0D00-4B02-AB87-1928F0F6B83C}] => (Allow) C:\Users\LeeAnn\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D61DC4A1-9489-4EE0-BD4B-A2ADA6EE6520}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E681272B-A41C-40A3-BAEF-FFB0C8B81F91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C29D532A-A484-45F0-93C2-320409E5FB9E}C:\users\leeann\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\leeann\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{B70EFAF8-E8DA-4BB0-8CA3-34CAADE83466}C:\users\leeann\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\leeann\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{A509839D-DF40-4847-97F3-45537DB6202F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C705D965-1EB0-4419-A777-07F26E8EC31C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{080C1D0F-2DAF-4953-B5FC-4A7BF575D0B5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8092354E-4291-4EF1-A05A-FE8E86677331}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{2BFA38C8-E95B-4878-8E91-D9B4BBFF3893}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{FBE65968-1A3E-44DD-B477-417D57A95A3E}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{58BC9206-9639-4E2D-8D0E-A4077BA06D51}] => (Allow) C:\Users\LeeAnn\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{9BD78F5E-FB01-495F-972C-02988EDDB0B4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/16/2015 02:38:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BtvStack.exe, version: 8.0.0.206, time stamp: 0x5024e144
Faulting module name: audio.dll, version: 8.0.0.206, time stamp: 0x5024e1aa
Exception code: 0xc0000005
Fault offset: 0x000000000001ae08
Faulting process id: 0x1714
Faulting application start time: 0xBtvStack.exe0
Faulting application path: BtvStack.exe1
Faulting module path: BtvStack.exe2
Report Id: BtvStack.exe3
Faulting package full name: BtvStack.exe4
Faulting package-relative application ID: BtvStack.exe5
Error: (07/16/2015 02:38:07 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.
Error: (07/16/2015 02:38:07 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]
Error: (07/16/2015 08:49:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BtvStack.exe, version: 8.0.0.206, time stamp: 0x5024e144
Faulting module name: audio.dll, version: 8.0.0.206, time stamp: 0x5024e1aa
Exception code: 0xc0000005
Fault offset: 0x000000000001ae08
Faulting process id: 0x1864
Faulting application start time: 0xBtvStack.exe0
Faulting application path: BtvStack.exe1
Faulting module path: BtvStack.exe2
Report Id: BtvStack.exe3
Faulting package full name: BtvStack.exe4
Faulting package-relative application ID: BtvStack.exe5
Error: (07/16/2015 08:48:52 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.
Error: (07/16/2015 08:48:52 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]
Error: (07/16/2015 08:39:45 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9a66c9a4-1aaf-4b22-a8c4-764c83987491}
Error: (07/16/2015 07:46:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BtvStack.exe, version: 8.0.0.206, time stamp: 0x5024e144
Faulting module name: audio.dll, version: 8.0.0.206, time stamp: 0x5024e1aa
Exception code: 0xc0000005
Fault offset: 0x000000000001ae08
Faulting process id: 0x1a6c
Faulting application start time: 0xBtvStack.exe0
Faulting application path: BtvStack.exe1
Faulting module path: BtvStack.exe2
Report Id: BtvStack.exe3
Faulting package full name: BtvStack.exe4
Faulting package-relative application ID: BtvStack.exe5
Error: (07/16/2015 07:46:47 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.
Error: (07/16/2015 07:46:47 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]
System errors:
=============
Error: (07/16/2015 02:37:16 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
A corruption was found in a file system index structure. The file reference number is 0x2000000044a5c. The name of the file is "\Windows\System32\wbem\Performance". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
Error: (07/16/2015 02:36:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2
Error: (07/16/2015 02:32:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:22:21 PM on 7/16/2015 was unexpected.
Error: (07/16/2015 08:49:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2
Error: (07/16/2015 08:45:34 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007a (0x0000000000000004, 0x0000000000000000, 0xfffffa800b0783a0, 0x000000006695a000)C:\Windows\MEMORY.DMP071615-72828-01
Error: (07/16/2015 08:45:04 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:18:14 AM on 7/16/2015 was unexpected.
Error: (07/16/2015 04:46:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Security Update for Windows 8 for x64-based Systems (KB3070102).
Error: (07/16/2015 04:46:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Update for Windows 8 for x64-based Systems (KB3061421).
Error: (07/16/2015 04:46:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Update for Windows 8 for x64-based Systems (KB2976978).
Error: (07/16/2015 04:46:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Security Update for Windows 8 for x64-based Systems (KB3069392).
Microsoft Office:
=========================
Error: (03/12/2015 03:36:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 259213 seconds with 2820 seconds of active time. This session ended with a crash.
Error: (11/11/2014 10:20:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6705.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 165806 seconds with 1560 seconds of active time. This session ended with a crash.
Error: (04/27/2014 01:31:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 46 seconds with 0 seconds of active time. This session ended with a crash.
Error: (04/27/2014 01:30:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash.
Error: (06/26/2013 03:38:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 19 seconds with 0 seconds of active time. This session ended with a crash.
Error: (06/26/2013 03:37:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (06/26/2013 03:37:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 84261 seconds with 1800 seconds of active time. This session ended with a crash.
Error: (06/25/2013 03:48:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 388 seconds with 60 seconds of active time. This session ended with a crash.
Error: (06/25/2013 03:41:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4056 seconds with 780 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel® Core i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 54%
Total physical RAM: 3981.59 MB
Available physical RAM: 1801.73 MB
Total Virtual: 8077.59 MB
Available Virtual: 5567.14 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:24.24 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.44 GB) (Free:107.4 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CDFAD22C)
Partition: GPT Partition Type.
==================== End of log ============================