Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Removal [Solved]

Started by dendrum , Jul 24 2015 03:09 PM

  • This topic is locked This topic is locked

#1
dendrum
Posted 24 July 2015 - 03:09 PM

dendrum

    New Member

  • Member
  • Pip
  • 8 posts

There is various software loading on my computer without my permission.  I am running Norton 360.  I am also getting "Outbound Traffic Detected"  messages every few seconds from Norton Power Eraser.  If I run Power Eraser sometimes it finds things sometimes it doesn't.  It continues to pop up even when I click the "Don't show this message about outbound traffic" button.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Phil (administrator) on EDEEN on 24-07-2015 14:02:22
Running from C:\Users\Phil\Downloads
Loaded Profiles: Phil (Available Profiles: Phil & camac_000 & water_000 & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe
() C:\Program Files (x86)\MaxComputerCleaner_v17.337\MaxComputerCleaner_Maintenance.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [757888 2012-07-02] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127104 2012-07-02] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Shwicon9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe [262144 2012-06-28] ()
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1518664 2014-09-17] (Seagate Technology LLC)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\RunOnce: [MaxComputerCleaner_v17.337] => C:\Program Files (x86)\MaxComputerCleaner_v17.337\MaxComputerCleaner_Maintenance.exe [29160 2015-04-29] ()
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-03-23] (Google Inc.)
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127080 2014-09-17] (Seagate Technology LLC)
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [Bubble Dock] => "C:\Users\Phil\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [WindApp] => "C:\Users\Phil\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [Selection Tools] => "C:\Users\Phil\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-05-03] (Electronic Arts)
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [DesktopSearch] => C:\ProgramData\DesktopSearch\DesktopSearch.exe -ros -tray
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [21864 2012-07-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~3\{83A36~1\1170~1.1\rasi.dll => "C:\PROGRA~3\{83A36~1\1170~1.1\rasi.dll" File not found
Startup: C:\Users\water_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-04-19]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
GroupPolicyUsers\S-1-5-21-429698863-2004191768-778224894-1005\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-429698863-2004191768-778224894-1004\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-429698863-2004191768-778224894-1001\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-429698863-2004191768-778224894-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-429698863-2004191768-778224894-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = 
SearchScopes: HKU\S-1-5-21-429698863-2004191768-778224894-1001 -> {8B168543-94E9-4380-88EF-DC062271DA93} URL = 
BHO: No Name -> {51BF1FA0-6E1E-438F-BC36-ED018407761E} ->  No File
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-429698863-2004191768-778224894-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{16078284-AF7D-4371-A7B8-1DE237A4EB1B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1AB6A9FA-2417-44A9-BBF7-BD35B19ADEA9}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-07-24]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WhITeCooupOn) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecigmildlphgmpcdblpbbgcecgibjbb [2015-07-16]
CHR Extension: (Norton Security Toolbar) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-07-16]
CHR Extension: (AntiPorn Pro  The best AntiPorn addon) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp [2015-07-16]
CHR Extension: (Norton Identity Safe) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-11]
CHR Extension: (Taplika New Tab) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn [2015-07-16]
CHR Extension: (Google Wallet) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-11]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-22]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-429698863-2004191768-778224894-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-22]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.goo...ice/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [128640 2012-07-02] (Qualcomm Atheros Commnucations) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [145288 2015-04-09] (Dell Inc.)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-06-09] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-05-03] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-22] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
S3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-04] (OSR Open Systems Resources, Inc.)
R1 DNE; C:\Windows\system32\DRIVERS\dnelwf64.sys [119120 2013-02-20] (Citrix Systems, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-06-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-06-16] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150723.001\IDSvia64.sys [692984 2015-07-15] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150723.033\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150723.033\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2014-04-20] ()
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605020.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-24 14:02 - 2015-07-24 14:02 - 00024225 _____ C:\Users\Phil\Downloads\FRST.txt
2015-07-24 14:01 - 2015-07-24 14:02 - 00000000 ____D C:\FRST
2015-07-24 14:01 - 2015-07-24 14:01 - 02135552 _____ (Farbar) C:\Users\Phil\Downloads\FRST64.exe
2015-07-24 12:18 - 2015-07-24 12:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2015-07-24 12:17 - 2015-07-24 12:17 - 00000000 ___RD C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-07-24 12:06 - 2015-07-24 12:06 - 00003460 _____ C:\WINDOWS\System32\Tasks\Hejixurnoeina
2015-07-24 12:06 - 2015-07-24 12:06 - 00000000 ____D C:\ProgramData\Hejixurnoeina
2015-07-24 12:01 - 2015-07-24 12:17 - 00000000 ____D C:\ProgramData\YOAaBpD
2015-07-21 09:23 - 2015-07-21 09:23 - 00003458 _____ C:\WINDOWS\System32\Tasks\Emxloweeuhop
2015-07-21 09:23 - 2015-07-21 09:23 - 00000000 ____D C:\ProgramData\Emxloweeuhop
2015-07-21 09:16 - 2015-07-21 09:16 - 00000000 ____D C:\WINDOWS\SysWOW64\Emxloweeuhop
2015-07-21 09:02 - 2015-07-14 07:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-21 09:02 - 2015-07-14 07:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-21 09:02 - 2015-07-14 07:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-21 09:02 - 2015-07-14 07:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-20 08:52 - 2015-07-20 08:52 - 00000000 _____ C:\places.sqlite
2015-07-19 09:19 - 2015-07-19 09:19 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-19 09:19 - 2015-07-19 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-19 09:19 - 2015-07-19 09:19 - 00000000 ____D C:\Program Files\iTunes
2015-07-19 09:19 - 2015-07-19 09:19 - 00000000 ____D C:\Program Files\iPod
2015-07-19 09:19 - 2015-07-19 09:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-19 09:13 - 2015-07-19 09:13 - 00001859 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-19 09:13 - 2015-07-19 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-19 09:13 - 2015-07-19 09:13 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-17 09:50 - 2015-07-17 09:50 - 00001978 _____ C:\Users\Public\Desktop\installconverter.lnk
2015-07-17 09:50 - 2015-07-17 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\installconverter
2015-07-17 09:50 - 2015-07-17 09:50 - 00000000 ____D C:\Program Files (x86)\installconverter
2015-07-16 17:32 - 2015-07-17 14:56 - 00000000 ____D C:\ProgramData\{735cba4e-c13f-4ff6-735c-cba4ec13e93b}
2015-07-16 11:12 - 2015-07-24 12:26 - 00000024 _____ C:\Users\Phil\AppData\Roaming\appdataFr25.bin
2015-07-16 10:23 - 2015-07-16 10:23 - 00000000 ____D C:\ProgramData\16052110461454905088
2015-07-16 10:23 - 2015-07-16 10:23 - 00000000 ____D C:\Program Files (x86)\AntiPorn Pro  The best AntiPorn addon
2015-07-16 09:37 - 2015-07-24 12:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-07-15 06:53 - 2015-07-09 12:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-15 06:53 - 2015-07-09 11:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-15 06:53 - 2015-07-09 09:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-15 06:53 - 2015-07-09 08:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-15 06:53 - 2015-07-09 08:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-15 06:53 - 2015-07-09 08:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-15 06:53 - 2015-07-09 08:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-15 06:53 - 2015-07-09 08:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-15 06:53 - 2015-07-09 08:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-15 06:53 - 2015-07-09 08:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-15 06:53 - 2015-07-09 08:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-15 06:53 - 2015-07-09 08:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-15 06:53 - 2015-07-09 08:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-15 06:53 - 2015-06-26 20:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-15 06:53 - 2015-06-26 20:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-15 06:53 - 2015-06-26 19:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-15 06:52 - 2015-06-27 22:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 06:52 - 2015-06-27 22:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 06:52 - 2015-06-27 22:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 06:52 - 2015-06-27 22:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-15 06:52 - 2015-06-27 09:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-15 06:52 - 2015-06-26 20:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 06:52 - 2015-06-26 20:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-15 06:52 - 2015-06-26 20:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 06:52 - 2015-06-26 19:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-15 06:52 - 2015-06-26 19:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-15 06:52 - 2015-06-26 19:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 06:52 - 2015-06-26 18:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-15 06:52 - 2015-06-26 18:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-15 06:52 - 2015-06-24 19:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-15 06:52 - 2015-06-15 15:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 06:52 - 2015-06-15 15:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 06:52 - 2015-06-15 15:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-15 06:52 - 2015-06-15 15:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-15 06:52 - 2015-06-15 15:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 06:52 - 2015-06-15 15:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 06:52 - 2015-06-15 15:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-15 06:52 - 2015-06-15 14:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-15 06:52 - 2015-06-15 14:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 06:52 - 2015-06-15 14:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-15 06:52 - 2015-06-15 14:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 06:52 - 2015-06-15 14:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 06:52 - 2015-06-15 14:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-15 06:52 - 2015-06-15 14:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 06:52 - 2015-06-15 14:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-15 06:52 - 2015-06-15 14:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-15 06:52 - 2015-06-15 14:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 06:52 - 2015-06-15 14:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-15 06:52 - 2015-06-15 14:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-15 06:52 - 2015-06-15 14:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-15 06:52 - 2015-06-15 14:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-15 06:52 - 2015-06-15 14:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-15 06:52 - 2015-06-15 14:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-15 06:52 - 2015-06-15 13:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-15 06:52 - 2015-06-15 13:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 06:52 - 2015-06-15 13:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-15 06:52 - 2015-06-15 13:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-15 06:52 - 2015-06-15 13:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-15 06:52 - 2015-06-15 13:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-15 06:52 - 2015-06-15 13:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-15 06:52 - 2015-06-15 13:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-15 06:52 - 2015-06-15 13:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-15 06:52 - 2015-06-15 13:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-15 06:52 - 2015-06-15 13:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-15 06:52 - 2015-06-15 13:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-15 06:52 - 2015-06-15 13:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-15 06:52 - 2015-06-15 13:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-15 06:52 - 2015-06-15 13:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-15 06:52 - 2015-06-15 12:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-15 06:52 - 2015-05-30 14:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-15 06:52 - 2015-05-30 12:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-15 06:52 - 2015-05-30 12:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-15 06:52 - 2015-05-11 11:17 - 01201664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-07-15 06:52 - 2015-05-07 10:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-15 06:52 - 2015-05-07 10:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-15 06:52 - 2015-05-07 09:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-15 06:52 - 2015-05-07 09:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-15 06:52 - 2015-05-07 08:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-15 06:52 - 2015-05-07 08:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-15 06:52 - 2015-05-02 17:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-15 06:52 - 2015-04-29 16:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-15 06:50 - 2015-06-29 15:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-15 06:50 - 2015-06-29 08:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-15 06:50 - 2015-06-29 08:07 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-15 06:50 - 2015-06-29 08:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-15 06:50 - 2015-06-29 08:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-15 06:50 - 2015-06-29 08:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-15 06:50 - 2015-06-26 16:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-15 06:50 - 2015-06-26 16:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-15 06:50 - 2015-06-15 22:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 06:50 - 2015-06-15 22:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-15 06:50 - 2015-06-10 20:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 06:50 - 2015-06-10 09:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-15 06:50 - 2015-05-12 06:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-15 06:50 - 2015-05-11 09:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-15 06:50 - 2015-05-07 09:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-15 06:50 - 2015-05-03 08:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 06:50 - 2015-05-03 08:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-15 06:50 - 2015-05-03 07:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 06:50 - 2015-05-03 07:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-15 06:50 - 2015-05-03 07:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-15 06:50 - 2015-05-03 07:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-15 06:50 - 2015-05-01 16:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-15 06:50 - 2015-04-28 06:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-15 06:50 - 2015-04-28 06:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-15 06:50 - 2015-04-24 19:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-15 06:50 - 2015-04-23 08:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-15 06:50 - 2015-04-23 08:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-15 06:50 - 2014-11-04 12:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-07-15 06:50 - 2014-11-04 12:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-07-15 06:50 - 2014-11-03 23:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-07-15 06:50 - 2014-11-03 23:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-07-15 06:50 - 2014-11-03 23:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-07-15 06:50 - 2014-11-03 23:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-07-15 06:49 - 2015-07-02 14:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-15 06:49 - 2015-07-02 13:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-15 06:49 - 2015-07-02 13:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 06:49 - 2015-07-02 13:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 06:49 - 2015-07-02 13:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-15 06:49 - 2015-07-02 12:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-15 06:49 - 2015-07-02 12:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 06:49 - 2015-07-02 11:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 06:49 - 2015-07-01 15:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 06:49 - 2015-07-01 14:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-13 10:24 - 2015-07-13 10:24 - 00000000 ____D C:\ProgramData\{0ed2f2fd-7b33-a08a-0ed2-2f2fd7b3cbf5}
2015-07-11 15:46 - 2015-07-11 15:46 - 00000000 _____ C:\Users\water_000\Downloads\Sony vaio pcg 7a2l manual_10924_i31600654_il345.exe
2015-07-08 22:23 - 2015-07-13 10:23 - 00000000 ____D C:\ProgramData\{00bdd403-bc7e-86ba-00bd-dd403bc7500e}
2015-07-08 17:03 - 2015-07-22 03:56 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-07-07 10:23 - 2015-07-13 10:23 - 00000000 ____D C:\ProgramData\{f7337fc4-49c7-f688-f733-37fc449cff11}
2015-06-26 06:13 - 2015-06-26 06:13 - 00004020 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-06-26 06:13 - 2015-06-26 06:13 - 00003484 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2015-06-26 06:13 - 2015-06-26 06:13 - 00003210 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2015-06-26 06:13 - 2015-06-26 06:13 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-06-26 06:12 - 2015-06-26 06:12 - 00000000 ____D C:\Program Files\Dell Support Center
2015-06-24 01:29 - 2015-06-24 01:29 - 01217192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FM20.DLL
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-24 14:00 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-24 13:47 - 2013-03-23 17:03 - 00000000 ____D C:\Users\Phil\Documents\Phil's Stuff
2015-07-24 13:45 - 2013-11-05 22:21 - 01598832 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-24 12:41 - 2014-04-12 17:08 - 00000000 ____D C:\Users\Phil\AppData\Local\NPE
2015-07-24 12:21 - 2012-11-21 15:41 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-07-24 12:19 - 2013-02-22 23:05 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-429698863-2004191768-778224894-1001
2015-07-24 12:13 - 2013-02-24 21:03 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2015-07-24 12:12 - 2013-11-05 22:22 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-24 12:12 - 2013-08-22 07:46 - 00439180 _____ C:\WINDOWS\setupact.log
2015-07-24 12:12 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-24 12:12 - 2013-02-24 21:03 - 00003206 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-07-24 12:12 - 2013-02-24 21:03 - 00002259 _____ C:\Users\Public\Desktop\Norton 360.LNK
2015-07-24 12:12 - 2012-07-26 01:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-07-24 12:11 - 2013-11-05 22:23 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2015-07-24 12:10 - 2013-08-22 06:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-07-24 12:02 - 2013-02-23 13:15 - 00000000 ____D C:\Users\Phil\AppData\Local\CrashDumps
2015-07-24 11:52 - 2013-11-06 18:31 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9FA1F623-F220-4B1D-897D-93A445E4F3F1}
2015-07-22 05:58 - 2013-02-24 21:03 - 00111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2015-07-22 05:58 - 2013-02-24 21:03 - 00008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2015-07-22 03:56 - 2015-05-05 17:55 - 00000000 ____D C:\Program Files (x86)\MaxComputerCleaner_v17.337
2015-07-22 03:56 - 2012-11-21 15:34 - 00000000 ____D C:\Program Files (x86)\Dell Wireless
2015-07-21 16:54 - 2013-11-05 22:23 - 00101819 _____ C:\WINDOWS\system32\lvcoinst.log
2015-07-21 09:40 - 2013-08-22 07:44 - 00419192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-21 09:29 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-21 09:18 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-20 09:04 - 2013-09-29 20:55 - 00262110 _____ C:\WINDOWS\PFRO.log
2015-07-20 08:57 - 2015-05-31 15:36 - 00003456 _____ C:\WINDOWS\System32\Tasks\Anivlossoul
2015-07-20 08:57 - 2015-05-31 15:35 - 00000000 ____D C:\ProgramData\Anivlossoul
2015-07-19 09:28 - 2013-03-09 16:37 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-429698863-2004191768-778224894-1005
2015-07-19 09:23 - 2012-11-21 15:33 - 00000000 ____D C:\Program Files (x86)\Multimedia Card Reader(9106)
2015-07-19 09:19 - 2015-04-25 18:07 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-19 09:19 - 2014-06-11 19:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-19 09:01 - 2013-11-06 17:48 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C9C3D454-47CB-4DFC-8E73-AB94D5B74065}
2015-07-18 04:21 - 2013-02-26 21:59 - 00000157 _____ C:\WINDOWS\SysWOW64\SystemPreferences.xml
2015-07-16 19:57 - 2013-11-06 16:45 - 00000000 ___DO C:\Users\water_000\SkyDrive
2015-07-16 09:51 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-16 09:27 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-16 09:27 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-16 09:19 - 2013-03-23 18:39 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 04:09 - 2013-02-23 11:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-16 04:08 - 2014-12-09 17:25 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-16 04:08 - 2014-07-09 07:54 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-16 04:07 - 2013-08-20 14:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-15 06:53 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-15 03:36 - 2015-04-04 11:25 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-15 03:36 - 2015-04-04 11:25 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-14 10:40 - 2013-02-24 20:58 - 00000000 ____D C:\ProgramData\Norton
2015-07-14 09:58 - 2013-03-23 18:39 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-13 14:47 - 2015-05-04 07:59 - 00000000 ____D C:\Users\Phil\AppData\Roaming\4C4C4544-1430751556-5110-8058-B2C04F595631
2015-07-13 14:10 - 2013-08-22 08:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 14:10 - 2013-08-22 08:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 12:15 - 2013-02-24 21:03 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-13 12:03 - 2013-02-24 20:58 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-13 10:02 - 2014-06-12 15:02 - 00000000 ____D C:\Users\Phil\AppData\Local\Apps\2.0
2015-07-11 15:54 - 2015-04-26 20:55 - 00003554 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 5bf23fee4b0a4a41abf49ffa45402cee7d1a0c34bd924226b30ed41b08347264
2015-07-08 17:03 - 2013-05-21 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-07-05 13:58 - 2013-02-24 09:56 - 00000000 ____D C:\Users\Phil\AppData\Local\softthinks
2015-07-03 08:43 - 2013-02-23 23:53 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-26 06:12 - 2012-11-21 15:37 - 00000000 ____D C:\ProgramData\PCDr
2015-06-24 12:45 - 2015-06-04 14:40 - 00000000 ____D C:\ProgramData\Browser
2015-06-24 11:31 - 2015-02-11 18:16 - 00003818 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-06-24 11:28 - 2015-02-11 18:16 - 00000000 ____D C:\ProgramData\SupportAssistAgent
 
==================== Files in the root of some directories =======
 
2015-07-16 11:12 - 2015-07-24 12:26 - 0000024 _____ () C:\Users\Phil\AppData\Roaming\appdataFr25.bin
2015-05-02 19:24 - 2015-05-02 19:24 - 0000078 _____ () C:\Users\Phil\AppData\Roaming\Selection Tools.installation.log
2015-05-02 20:13 - 2015-05-05 16:13 - 0000122 _____ () C:\Users\Phil\AppData\Roaming\WB.CFG
2015-05-02 19:24 - 2015-05-02 19:24 - 0000078 _____ () C:\Users\Phil\AppData\Roaming\WindApp.installation.log
2015-05-04 09:13 - 2015-05-04 09:13 - 0000001 _____ () C:\Users\Phil\AppData\Local\DSI.DAT
2014-05-30 16:33 - 2014-05-30 16:33 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-04-12 12:17 - 2014-05-29 16:49 - 0005424 _____ () C:\ProgramData\hpzinstall.log
2012-11-21 15:40 - 2012-11-21 15:40 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-21 15:38 - 2012-11-21 15:38 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-21 15:39 - 2012-11-21 15:39 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-21 15:38 - 2012-11-21 15:38 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-21 15:39 - 2012-11-21 15:40 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-21 09:51
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Phil at 2015-07-24 14:02:49
Running from C:\Users\Phil\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-429698863-2004191768-778224894-500 - Administrator - Disabled)
camac_000 (S-1-5-21-429698863-2004191768-778224894-1004 - Limited - Enabled) => C:\Users\camac_000
Guest (S-1-5-21-429698863-2004191768-778224894-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-429698863-2004191768-778224894-1008 - Limited - Enabled)
Phil (S-1-5-21-429698863-2004191768-778224894-1001 - Administrator - Enabled) => C:\Users\Phil
UpdatusUser (S-1-5-21-429698863-2004191768-778224894-1006 - Limited - Enabled)
water_000 (S-1-5-21-429698863-2004191768-778224894-1005 - Limited - Enabled) => C:\Users\water_000
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Amazon Kindle) (Version:  - Amazon)
Any DVD Cloner Platinum 1.3.1 (HKLM-x32\...\Any DVD Cloner Platinum_is1) (Version:  - dvdsmith.com)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Big Brainz Launcher (HKLM-x32\...\Big Brainz Launcher O) (Version: O - Big Brainz)
Bigasoft iTunes Video Converter 4.2.2.5206 (HKLM-x32\...\{83340D90-BB65-4969-8C4E7FABC6319CDA}_is1) (Version:  - Bigasoft Corporation)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Center 2 (HKLM-x32\...\Data Center 2) (Version:  - Sigma Elektro GmbH)
DataCenter2 (HKLM-x32\...\DataCenter2.6A52D17A1C86211F195F60E94C15876515EBE62C.1) (Version: 2.0.1 - Sigma Elektro GmbH)
DataCenter2 (x32 Version: 2.0.1 - Sigma Elektro GmbH) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Flixster (HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\57554551bac4f5b1) (Version: 2.1.0.282 - Flixster)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
InstallConverter (x32 Version: 1.0 - InstallConverter) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.600 - Oracle)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Multimedia Card Reader (HKLM-x32\...\InstallShield_{4B3D9AA4-B47A-4349-A64F-04D5A9226D7C}) (Version: 2.2.915.108 - Fitipower)
Multimedia Card Reader (x32 Version: 2.2.915.108 - Fitipower) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
NVIDIA 3D Vision Driver 326.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 326.60 - NVIDIA Corporation)
NVIDIA Graphics Driver 326.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 326.60 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.200 - Qualcomm Atheros Communications)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
SAM Animation 1.5.4 (HKLM-x32\...\SAM Animation 1.5.4 1.5.4.0) (Version: 1.5.4.0 - iCreate to Educate, Inc.)
SAM Animation 1.5.4 (x32 Version: 1.5.4.0 - iCreate to Educate, Inc.) Hidden
Seagate Dashboard (HKLM-x32\...\{F1D8690F-06B3-4100-9949-398EA253AC61}) (Version: 3.2.1802.2 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sigma Data Center 3.0 (HKLM-x32\...\Sigma Data Center3.0) (Version: 3.0 - Sigma Elektro GmbH)
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
SonicWALL Global VPN Client (HKLM\...\{4A6C8E4B-A2A1-44E3-8AEF-8D7A471D07BA}) (Version: 4.8.6 - SonicWALL)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.05.0001 - Electronic Arts)
Windows Driver Package - SIGMA Elektro GmbH (usbser) Ports  (04/27/2012 5.1.2600.5512) (HKLM\...\72BE00E857D6F4F2018C51300C130B652C40D203) (Version: 04/27/2012 5.1.2600.5512 - SIGMA Elektro GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WizTree v1.07 (HKLM-x32\...\WizTree_is1) (Version:  - Antibody Software)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
02-07-2015 11:54:07 Scheduled Checkpoint
08-07-2015 17:25:15 Windows Update
15-07-2015 03:34:37 Windows Update
16-07-2015 10:36:02 Norton_Power_Eraser_20150716103602039
20-07-2015 08:57:38 Norton_Power_Eraser_20150720085735810
21-07-2015 09:15:06 Norton_Power_Eraser_20150721091506626
24-07-2015 12:08:15 Norton_Power_Eraser_20150724120814477
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05690358-307C-4C1D-8545-FA9608911355} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {123FF570-53CF-421B-91A6-B766D04971FD} - System32\Tasks\HP AR Program Upload - 87f5a309db7144bf9c476c44d63c319eeb574d8bc3274707b43c0507fe8c0ca4 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {169FDB5D-5A02-493B-88DE-1DD5418DD1F6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {16C7DD9C-B332-4980-8295-D8646F69DE8B} - System32\Tasks\WindApp Update => C:\Users\Phil\AppData\Roaming\Store\WindApp\WindApp Update.exe <==== ATTENTION
Task: {2B8C2EEF-F270-4D90-B9D2-17A2339CAC5F} - System32\Tasks\Anivlossoul => C:\ProgramData\Anivlossoul\1.0.4.1\urerroci.exe
Task: {30EC4617-34FB-4F2D-97FB-86CC94EACEA7} - System32\Tasks\Hejixurnoeina => C:\ProgramData\Hejixurnoeina\1.0.4.1\lreikuup.exe
Task: {3EB4B9E5-6810-4B78-BC40-01EE5894A85A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3F114411-AD26-4F9E-BB9F-CAAFEA3223B2} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {4B487DEB-BCCD-4440-A181-91C1BBFCB535} - System32\Tasks\{BBDAAB4B-C781-4F31-8C57-7B64A2D9D5CE} => pcalua.exe -a "C:\Program Files\Unity\WebPlayer64\Uninstall.exe" -c /AllUsers
Task: {50B1E6FD-48B2-4EAE-ADF0-4FAE46E0EABB} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {513FEEC8-C62A-455A-87E5-4B9A29B94E24} - System32\Tasks\Phil Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
Task: {67702E21-198A-4F9C-8CD0-5652B7658E84} - System32\Tasks\Phil DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-09-17] (Seagate Technology LLC)
Task: {7C949D5E-1CC9-4571-844A-52F7D13F9DC8} - System32\Tasks\Emxloweeuhop => C:\ProgramData\Emxloweeuhop\1.0.4.1\llemiive.exe
Task: {7D052701-B2C5-4257-89FA-B912675A73F6} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {9BF29BF5-CEE6-49E2-A537-8D3148EFC767} - System32\Tasks\{55E25DCD-DBAA-4273-A91A-E5FCF43E4367} => pcalua.exe -a "C:\Users\Phil\AppData\Roaming\Store\WindApp\WindApp Uninstall.exe" -c /cpanel=1
Task: {9EBFCA5D-DC10-4E91-81E0-DD21E97D1479} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AFDC91DE-05E9-4EFF-A3A9-F017A3C175F1} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-09-17] (Seagate Technology LLC)
Task: {BB2D2891-06A2-40A9-99CC-D2C8F131B67D} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {C5B7001F-0910-4D85-AD22-EAA2B6805176} - System32\Tasks\MaxComputerCleaner_Start => C:\Program Files (x86)\Max Computer Cleaner\MaxComputerCleaner.exe <==== ATTENTION
Task: {CE9C6202-E9B8-4F5C-99B3-62BF4D6D8C03} - System32\Tasks\Phil => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
Task: {D3506AB5-43C3-458D-A155-A18DB7CE4A1A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {D3C487BB-76B5-457B-90B9-968E800D3AB8} - System32\Tasks\HP AR Program Upload - 5bf23fee4b0a4a41abf49ffa45402cee7d1a0c34bd924226b30ed41b08347264 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {DE99E14F-19F4-40B7-8010-1F5318D938C1} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {F578ACB6-7CDF-4A5F-8336-64CBB06351F2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {F8C1CEB9-70D7-4A7A-9399-9DB47142AB5D} - System32\Tasks\Selection Tools Update => C:\Users\Phil\AppData\Roaming\WTools\Selection Tools\Selection Tools Update.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-21 15:39 - 2012-04-24 19:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-04-29 08:24 - 2015-04-29 08:24 - 00029160 _____ () C:\Program Files (x86)\MaxComputerCleaner_v17.337\MaxComputerCleaner_Maintenance.exe
2012-07-02 18:28 - 2012-07-02 18:28 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2012-06-28 14:39 - 2012-06-28 14:39 - 00262144 _____ () C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
2015-07-06 15:34 - 2015-07-06 15:34 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2012-11-21 15:38 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-10-16 11:55 - 2014-10-16 11:55 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\80a14cd14e9579821dba2282b4349fef\PSIClient.ni.dll
2012-11-21 15:41 - 2012-09-12 20:18 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2012-11-21 15:41 - 2012-08-06 09:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2012-11-21 15:41 - 2012-08-06 09:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2012-11-21 15:33 - 2012-06-26 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-07-14 09:58 - 2015-07-13 14:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 09:58 - 2015-07-13 14:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
2015-07-14 09:58 - 2015-07-13 14:55 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\camac_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\water_000\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\dell.com -> dell.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-429698863-2004191768-778224894-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win7 CHROME 1920x1200.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{49090FEF-E3AC-4079-B241-EEEEFABB18B8}] => (Allow) LPort=1900
FirewallRules: [{89E7DB5A-F745-43C9-B300-EFE6A150EF50}] => (Allow) LPort=2869
FirewallRules: [{5667A035-F721-4114-8368-8BE579116B80}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{2E1A8FCB-1619-4FA6-AF88-222FB8AB20B9}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [TCP Query User{8ED13836-C6D4-4671-B22D-ECA97B9447AF}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [UDP Query User{D49056E1-B32B-45FC-977B-D40ED244858E}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [TCP Query User{5CE70431-EBDF-45F4-90A7-4BF9E71742E3}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [{30C53404-F2D2-4E65-BE0F-4515854ED382}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{8DD0699E-F59A-447A-B260-039076826CF6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{77119BA8-E586-4C0F-8F52-98647A916435}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{5F6AC280-75DE-47C5-B181-8C1EC3E5F0D0}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Win7Ui.exe
FirewallRules: [{21F0DFA3-2685-46E2-974B-1AD8F6CF20B8}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{88C2CC7B-4E75-4AFD-9F09-60355F6368E4}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{A2CD3756-5175-46ED-BFA9-741DA44AA61A}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Btvstack.exe
FirewallRules: [{10BE750A-D5EC-4622-B513-1C1EACF6C599}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS4ADB\HPDiagnosticCoreUI.exe
FirewallRules: [{FFD89609-F743-4149-A52D-FDC610BDD70C}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS4ADB\HPDiagnosticCoreUI.exe
FirewallRules: [{EA8937AD-0C9B-4B0E-BFDC-81B1F0F89512}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS3C6E\HPDiagnosticCoreUI.exe
FirewallRules: [{77FAC67C-8412-47F3-B995-0F817A34AAC0}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS3C6E\HPDiagnosticCoreUI.exe
FirewallRules: [{02A74756-4EEF-4744-8ADF-C6FB253498D2}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS3CD3\HPDiagnosticCoreUI.exe
FirewallRules: [{31C00AB5-A4DB-47AA-A3F3-ED027247DEC0}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS3CD3\HPDiagnosticCoreUI.exe
FirewallRules: [{4BF3DCB2-187E-492F-8244-3A4D06F4D1ED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{A872471A-E309-4AD6-A267-B2898FCE5373}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{693B3192-F9BA-4855-AB78-5D7D8FD28E94}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{350B9366-FAD2-4AC7-84C0-18C9D1D66045}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{97EDC2A7-57DD-482C-837D-140749644DCD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{9EF0576B-2BB9-4F02-9B1A-D5F590687623}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{05637EFB-1BBC-4276-B833-7D2F3D5DE8FD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{7A1DC40C-EABF-42E6-B6DC-48328A8FAF40}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{D64480F9-538B-4C64-AA61-6673112D1FB2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{E1D8143A-8148-44C9-AA72-876360421017}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{2E2201A8-90C2-48B8-9EE8-C603B4678F74}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{8560281A-F832-4504-927D-589A591811D7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{2495606D-FB0B-444D-BC21-110820ECD72B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{77B79F79-9A49-4800-A979-D2F4DA4C11AF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{AA655B55-D082-4D8E-A817-9BD7F737F5CF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{B2FDB950-0826-4513-8682-53218575210E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{BA01E3D1-1407-4EC6-8388-890A43C34DB5}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{BAA32C36-C3BA-4606-B35C-0ACE20A5A23E}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS4F17\HPDiagnosticCoreUI.exe
FirewallRules: [{30ABA945-3A32-4535-8579-D5DBAB00CB66}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS4F17\HPDiagnosticCoreUI.exe
FirewallRules: [{6401498D-B768-4324-BAFD-80BF3E088114}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS22BD\HPDiagnosticCoreUI.exe
FirewallRules: [{6F5E2A47-2AA7-4105-BA61-DDA1124D9D1A}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS22BD\HPDiagnosticCoreUI.exe
FirewallRules: [{AB082182-ABCB-4F59-A232-DF8AEE474716}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B66D9100-1674-43DE-9D58-D8CC3DD0FF49}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7B53ED6F-F98A-4633-9C06-C6E3A242E397}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E1730A72-A29D-4447-AA40-FE8BCBEAD72D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5B04DB31-41DB-4487-AC2B-FDBBF7AEE039}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS290E\HPDiagnosticCoreUI.exe
FirewallRules: [{531C35ED-8F73-4C1C-8768-AB8ED312E56F}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS290E\HPDiagnosticCoreUI.exe
FirewallRules: [{DBBA575D-9DE9-4F9B-AACC-3C7AE27ABA84}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS2D82\HPDiagnosticCoreUI.exe
FirewallRules: [{E7C63A32-0B6B-4163-B229-806EA5EB4A1F}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS2D82\HPDiagnosticCoreUI.exe
FirewallRules: [{ACECE9DE-A67A-4429-95FE-14D5090C5E73}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS2E2F\HPDiagnosticCoreUI.exe
FirewallRules: [{9181DE27-69AA-4448-8EAE-EF9080C2203C}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS2E2F\HPDiagnosticCoreUI.exe
FirewallRules: [{3A0D020F-F831-4C09-8F3F-454CB3BA7E11}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS302F\HPDiagnosticCoreUI.exe
FirewallRules: [{BB42286E-E21B-4D5F-AD8F-13521A5CAD0F}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS302F\HPDiagnosticCoreUI.exe
FirewallRules: [{508F782F-8E71-4717-A5A2-8077B0A7099A}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS4560\HPDiagnosticCoreUI.exe
FirewallRules: [{D2D251D1-2544-4A9F-B87A-1C2B78A4FED7}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS4560\HPDiagnosticCoreUI.exe
FirewallRules: [{4AC7374C-948B-4F18-BD39-3EBFCCC5A304}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS49D7\HPDiagnosticCoreUI.exe
FirewallRules: [{C0277A08-AED6-4121-A28A-6B0CC46178B2}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS49D7\HPDiagnosticCoreUI.exe
FirewallRules: [{2E455E2E-C2AE-4A95-931A-94BEA1430E7C}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS4E9C\HPDiagnosticCoreUI.exe
FirewallRules: [{85D2271C-84CC-4BC2-95D6-5791F1980769}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS4E9C\HPDiagnosticCoreUI.exe
FirewallRules: [{CC85730E-7D99-4D34-9FF8-ADDDE337FAFC}] => (Allow) LPort=8888
FirewallRules: [{6B3348A0-B25E-41E5-8F63-A5EAA12019B4}] => (Allow) LPort=8888
FirewallRules: [{AC627A43-CC58-404E-869E-52BC9973C2A6}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS3401\HPDiagnosticCoreUI.exe
FirewallRules: [{5119067E-24B4-4AE2-ACE9-8C5BD3ADC05C}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS3401\HPDiagnosticCoreUI.exe
FirewallRules: [{21E7E5EB-46BA-48A2-86D2-826D6125DA0B}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS3844\HPDiagnosticCoreUI.exe
FirewallRules: [{BC01D0A6-C4A8-438F-959F-699F3BFC0C88}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS3844\HPDiagnosticCoreUI.exe
FirewallRules: [{71ED855A-6053-4FFB-8769-806C69E891F2}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS72B7\HPDiagnosticCoreUI.exe
FirewallRules: [{66AFA6BE-6F66-4897-A745-7CD71C2B8BB3}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS72B7\HPDiagnosticCoreUI.exe
FirewallRules: [{8436071F-AAE5-44CC-883E-2E4081A919E6}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS7330\HPDiagnosticCoreUI.exe
FirewallRules: [{3DD01C2B-7590-4884-9F8B-2A08EC852E76}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS7330\HPDiagnosticCoreUI.exe
FirewallRules: [{70499D27-C3E5-43ED-A02D-17B2AC5FD784}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS1B5B\HPDiagnosticCoreUI.exe
FirewallRules: [{76F1FE90-CC87-4E5A-BA4C-C886566B5713}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS1B5B\HPDiagnosticCoreUI.exe
FirewallRules: [{6BF86859-337D-46B3-B474-0C7D75CD86F5}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS4776\HPDiagnosticCoreUI.exe
FirewallRules: [{912FEA87-4499-4FEC-BDC1-5FEC9FF7A4F2}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS4776\HPDiagnosticCoreUI.exe
FirewallRules: [{A2C7F5A6-F115-467D-8158-6E92BCF52D97}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS53FC\HPDiagnosticCoreUI.exe
FirewallRules: [{FD023486-A5E8-45A5-9424-AE0AF33E8783}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS53FC\HPDiagnosticCoreUI.exe
FirewallRules: [{4856C702-95DB-488D-AF23-B1AE807E5337}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS5B38\HPDiagnosticCoreUI.exe
FirewallRules: [{C6AC87F5-30F4-4F6D-A317-D12D6EAB060C}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS5B38\HPDiagnosticCoreUI.exe
FirewallRules: [{E8865B29-5DA3-47ED-8FF5-10166882F2BA}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS5E1A\HPDiagnosticCoreUI.exe
FirewallRules: [{4DCD819B-4D19-47A4-841A-42102346AE12}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS5E1A\HPDiagnosticCoreUI.exe
FirewallRules: [{D4F049AB-9126-4B5B-B5FA-24C2BF60B7E8}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\FaxApplications.exe
FirewallRules: [{7CC06FCA-E0FC-4FF7-8032-D9FE05AF8555}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\DigitalWizards.exe
FirewallRules: [{5A76782F-6767-4C63-B8A8-B43915D17E1B}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\SendAFax.exe
FirewallRules: [{EBB6CBB0-2D59-42F8-B956-B980824E2611}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\DeviceSetup.exe
FirewallRules: [{AC9828D3-D2FC-427E-A3AF-AF0F1D0C4A0D}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{52451267-11F9-4070-AAA6-D82A8CE0790C}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{D9637BD6-8710-4E41-B32B-583F97E1D158}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0496DDB3-1C8E-47A3-BAD4-F34B139952FA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Faulty Device Manager Devices =============
 
Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/24/2015 12:02:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TOASTER.EXE, version: 1.0.0.19, time stamp: 0x504a1338
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xe0434352
Fault offset: 0x00014598
Faulting process id: 0x24a0
Faulting application start time: 0xTOASTER.EXE0
Faulting application path: TOASTER.EXE1
Faulting module path: TOASTER.EXE2
Report Id: TOASTER.EXE3
Faulting package full name: TOASTER.EXE4
Faulting package-relative application ID: TOASTER.EXE5
 
Error: (07/24/2015 12:02:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TOASTER.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at Toaster.App.Main()
 
Error: (07/24/2015 12:02:30 PM) (Source: TOASTER.EXE) (EventID: 0) (User: )
Description: An Unhandled Exception occured.
Width and Height must be non-negative.
   at Toaster.Core.AppBarFunctions.ABSetPos(ABEdge edge, Window appbarWindow)
   at Toaster.Core.AppBarFunctions.RegisterInfo.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object o)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)
 
Error: (07/20/2015 03:31:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46719
 
Error: (07/20/2015 03:31:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46719
 
Error: (07/20/2015 03:31:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/20/2015 03:30:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31141
 
Error: (07/20/2015 03:30:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31141
 
Error: (07/20/2015 03:30:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/20/2015 03:30:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15562
 
 
System errors:
=============
Error: (07/24/2015 12:17:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The OHFvaSCk service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/24/2015 12:15:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/24/2015 12:15:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (07/24/2015 11:51:33 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
 
Error: (07/24/2015 11:51:03 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
 
Error: (07/24/2015 11:50:33 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
 
Error: (07/22/2015 05:27:15 AM) (Source: DCOM) (EventID: 10010) (User: Edeen)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (07/22/2015 05:26:45 AM) (Source: DCOM) (EventID: 10010) (User: Edeen)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (07/21/2015 04:46:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The OHFvaSCk service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/21/2015 09:43:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office:
=========================
Error: (07/24/2015 12:02:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TOASTER.EXE1.0.0.19504a1338KERNELBASE.dll6.3.9600.1741554504adee04343520001459824a001d0c641a16e71c9C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXEC:\WINDOWS\SYSTEM32\KERNELBASE.dll88c8ebf5-3236-11e5-bf2d-a4173169e13e
 
Error: (07/24/2015 12:02:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TOASTER.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at Toaster.App.Main()
 
Error: (07/24/2015 12:02:30 PM) (Source: TOASTER.EXE) (EventID: 0) (User: )
Description: An Unhandled Exception occured.
Width and Height must be non-negative.
   at Toaster.Core.AppBarFunctions.ABSetPos(ABEdge edge, Window appbarWindow)
   at Toaster.Core.AppBarFunctions.RegisterInfo.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object o)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)
 
Error: (07/20/2015 03:31:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46719
 
Error: (07/20/2015 03:31:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46719
 
Error: (07/20/2015 03:31:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/20/2015 03:30:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31141
 
Error: (07/20/2015 03:30:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31141
 
Error: (07/20/2015 03:30:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/20/2015 03:30:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15562
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-02 04:59:28.450
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:28.372
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:28.294
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:28.200
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:28.075
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:27.997
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:27.903
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:27.700
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:27.606
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:27.512
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 18%
Total physical RAM: 16344.98 MB
Available physical RAM: 13242.31 MB
Total Virtual: 19800.98 MB
Available Virtual: 16311.37 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:1854.42 GB) (Free:1530.3 GB) NTFS
Drive d: (Seagate Backup Plus Drive) (Fixed) (Total:1397.26 GB) (Free:1084.12 GB) NTFS
Drive j: () (Removable) (Total:7.45 GB) (Free:0.93 GB) FAT32
Drive x: (PBR Image) (Fixed) (Total:7.11 GB) (Free:0.26 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: F8549BE1)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 1397.3 GB) (Disk ID: 99EDCA75)
Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

Edited by dendrum, 24 July 2015 - 03:12 PM.

  • 0

Advertisements

#2
Pyxis
Posted 24 July 2015 - 11:35 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :) I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
  • Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.
I hope you keep in mind these reminders. Let's get to work! :thumbsup:
 

There is various software loading on my computer without my permission. I am running Norton 360. I am also getting "Outbound Traffic Detected" messages every few seconds from Norton Power Eraser. If I run Power Eraser sometimes it finds things sometimes it doesn't. It continues to pop up even when I click the "Don't show this message about outbound traffic" button.


Indeed, we have a case of uninvited adware in your system.
  • Step 1

    Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
    Task: {16C7DD9C-B332-4980-8295-D8646F69DE8B} - System32\Tasks\WindApp Update => C:\Users\Phil\AppData\Roaming\Store\WindApp\WindApp Update.exe <==== ATTENTION
Task: {2B8C2EEF-F270-4D90-B9D2-17A2339CAC5F} - System32\Tasks\Anivlossoul => C:\ProgramData\Anivlossoul\1.0.4.1\urerroci.exe
Task: {30EC4617-34FB-4F2D-97FB-86CC94EACEA7} - System32\Tasks\Hejixurnoeina => C:\ProgramData\Hejixurnoeina\1.0.4.1\lreikuup.exe
Task: {4B487DEB-BCCD-4440-A181-91C1BBFCB535} - System32\Tasks\{BBDAAB4B-C781-4F31-8C57-7B64A2D9D5CE} => pcalua.exe -a "C:\Program Files\Unity\WebPlayer64\Uninstall.exe" -c /AllUsers
Task: {7C949D5E-1CC9-4571-844A-52F7D13F9DC8} - System32\Tasks\Emxloweeuhop => C:\ProgramData\Emxloweeuhop\1.0.4.1\llemiive.exe
Task: {9BF29BF5-CEE6-49E2-A537-8D3148EFC767} - System32\Tasks\{55E25DCD-DBAA-4273-A91A-E5FCF43E4367} => pcalua.exe -a "C:\Users\Phil\AppData\Roaming\Store\WindApp\WindApp Uninstall.exe" -c /cpanel=1
Task: {C5B7001F-0910-4D85-AD22-EAA2B6805176} - System32\Tasks\MaxComputerCleaner_Start => C:\Program Files (x86)\Max Computer Cleaner\MaxComputerCleaner.exe <==== ATTENTION
Task: {F8C1CEB9-70D7-4A7A-9399-9DB47142AB5D} - System32\Tasks\Selection Tools Update => C:\Users\Phil\AppData\Roaming\WTools\Selection Tools\Selection Tools Update.exe
2012-11-21 15:40 - 2012-11-21 15:40 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-21 15:38 - 2012-11-21 15:38 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-21 15:39 - 2012-11-21 15:39 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-21 15:38 - 2012-11-21 15:38 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-21 15:39 - 2012-11-21 15:40 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2015-07-16 11:12 - 2015-07-24 12:26 - 0000024 _____ () C:\Users\Phil\AppData\Roaming\appdataFr25.bin
2015-05-02 19:24 - 2015-05-02 19:24 - 0000078 _____ () C:\Users\Phil\AppData\Roaming\Selection Tools.installation.log
2015-05-02 20:13 - 2015-05-05 16:13 - 0000122 _____ () C:\Users\Phil\AppData\Roaming\WB.CFG
2015-05-02 19:24 - 2015-05-02 19:24 - 0000078 _____ () C:\Users\Phil\AppData\Roaming\WindApp.installation.log
2015-05-04 09:13 - 2015-05-04 09:13 - 0000001 _____ () C:\Users\Phil\AppData\Local\DSI.DAT
2015-06-24 12:45 - 2015-06-04 14:40 - 00000000 ____D C:\ProgramData\Browser
2015-07-13 14:47 - 2015-05-04 07:59 - 00000000 ____D C:\Users\Phil\AppData\Roaming\4C4C4544-1430751556-5110-8058-B2C04F595631
2015-07-20 08:57 - 2015-05-31 15:36 - 00003456 _____ C:\WINDOWS\System32\Tasks\Anivlossoul
2015-07-20 08:57 - 2015-05-31 15:35 - 00000000 ____D C:\ProgramData\Anivlossoul
2015-07-22 03:56 - 2015-05-05 17:55 - 00000000 ____D C:\Program Files (x86)\MaxComputerCleaner_v17.337
2015-07-07 10:23 - 2015-07-13 10:23 - 00000000 ____D C:\ProgramData\{f7337fc4-49c7-f688-f733-37fc449cff11}
2015-07-08 22:23 - 2015-07-13 10:23 - 00000000 ____D C:\ProgramData\{00bdd403-bc7e-86ba-00bd-dd403bc7500e}2015-07-13 10:24 - 2015-07-13 10:24 - 00000000 ____D C:\ProgramData\{0ed2f2fd-7b33-a08a-0ed2-2f2fd7b3cbf5}
2015-07-11 15:46 - 2015-07-11 15:46 - 00000000 _____ C:\Users\water_000\Downloads\Sony vaio pcg 7a2l manual_10924_i31600654_il345.exe
2015-07-17 09:50 - 2015-07-17 09:50 - 00001978 _____ C:\Users\Public\Desktop\installconverter.lnk
2015-07-17 09:50 - 2015-07-17 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\installconverter
2015-07-17 09:50 - 2015-07-17 09:50 - 00000000 ____D C:\Program Files (x86)\installconverter
2015-07-16 17:32 - 2015-07-17 14:56 - 00000000 ____D C:\ProgramData\{735cba4e-c13f-4ff6-735c-cba4ec13e93b}
2015-07-16 11:12 - 2015-07-24 12:26 - 00000024 _____ C:\Users\Phil\AppData\Roaming\appdataFr25.bin
2015-07-16 10:23 - 2015-07-16 10:23 - 00000000 ____D C:\ProgramData\16052110461454905088
2015-07-24 12:06 - 2015-07-24 12:06 - 00003460 _____ C:\WINDOWS\System32\Tasks\Hejixurnoeina
2015-07-24 12:06 - 2015-07-24 12:06 - 00000000 ____D C:\ProgramData\Hejixurnoeina
2015-07-24 12:01 - 2015-07-24 12:17 - 00000000 ____D C:\ProgramData\YOAaBpD
2015-07-21 09:23 - 2015-07-21 09:23 - 00003458 _____ C:\WINDOWS\System32\Tasks\Emxloweeuhop
2015-07-21 09:23 - 2015-07-21 09:23 - 00000000 ____D C:\ProgramData\Emxloweeuhop
2015-07-21 09:16 - 2015-07-21 09:16 - 00000000 ____D C:\WINDOWS\SysWOW64\Emxloweeuhop
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
CHR Extension: (WhITeCooupOn) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecigmildlphgmpcdblpbbgcecgibjbb [2015-07-16]
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = 
SearchScopes: HKU\S-1-5-21-429698863-2004191768-778224894-1001 -> {8B168543-94E9-4380-88EF-DC062271DA93} URL = 
BHO: No Name -> {51BF1FA0-6E1E-438F-BC36-ED018407761E} ->  No File
GroupPolicyUsers\S-1-5-21-429698863-2004191768-778224894-1005\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-429698863-2004191768-778224894-1004\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-429698863-2004191768-778224894-1001\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
AppInit_DLLs-x32: C:\PROGRA~3\{83A36~1\1170~1.1\rasi.dll => "C:\PROGRA~3\{83A36~1\1170~1.1\rasi.dll" File not found
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [DesktopSearch] => C:\ProgramData\DesktopSearch\DesktopSearch.exe -ros -tray
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [Bubble Dock] => "C:\Users\Phil\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [WindApp] => "C:\Users\Phil\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [Selection Tools] => "C:\Users\Phil\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
HKLM-x32\...\RunOnce: [MaxComputerCleaner_v17.337] => C:\Program Files (x86)\MaxComputerCleaner_v17.337\MaxComputerCleaner_Maintenance.exe [29160 2015-04-29] ()
HKLM-x32\...\Run: [] => [X]
C:\Users\Phil\AppData\Roaming\Store\WindApp
C:\Users\Phil\AppData\Roaming\Nosibay
C:\Program Files (x86)\Max Computer Cleaner
C:\Program Files (x86)\MaxComputerCleaner_v17.337
C:\Users\Phil\AppData\Roaming\WTools

EmptyTemp:
    • Run your copy of FRST. It is important to ensure it is located in your desktop.
    • Press the Fix button.
    • It will produce a log (fixlog.txt) once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Download 'AdwCleaner by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Read the Terms of Use and click I Agree.
    • Click Scan and choose Clean after.
    • Wait for it to finish. It won't take long.
    • Click OK for the next prompts. Your system will automatically reboot.
    • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner\AdwCleaner[S*].txt.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • fixlog.txt (Farbar Recovery Scan Tool)
    • AdwCleaner[S*].txt (AdwCleaner)

  • 0

#3
dendrum
Posted 25 July 2015 - 09:21 AM

dendrum

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

HI Pyxis,

 

Thanks for your help with this!

 

Fix result of Farbar Recovery Scan Tool (x64) Version:25-07-2015
Ran by Phil at 2015-07-25 08:05:42 Run:2
Running from C:\Users\Phil\Desktop
Loaded Profiles: Phil (Available Profiles: Phil & camac_000 & water_000 & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Task: {16C7DD9C-B332-4980-8295-D8646F69DE8B} - System32\Tasks\WindApp Update => C:\Users\Phil\AppData\Roaming\Store\WindApp\WindApp Update.exe <==== ATTENTION
Task: {2B8C2EEF-F270-4D90-B9D2-17A2339CAC5F} - System32\Tasks\Anivlossoul => C:\ProgramData\Anivlossoul\1.0.4.1\urerroci.exe
Task: {30EC4617-34FB-4F2D-97FB-86CC94EACEA7} - System32\Tasks\Hejixurnoeina => C:\ProgramData\Hejixurnoeina\1.0.4.1\lreikuup.exe
Task: {4B487DEB-BCCD-4440-A181-91C1BBFCB535} - System32\Tasks\{BBDAAB4B-C781-4F31-8C57-7B64A2D9D5CE} => pcalua.exe -a "C:\Program
Files\Unity\WebPlayer64\Uninstall.exe" -c /AllUsers
Task: {7C949D5E-1CC9-4571-844A-52F7D13F9DC8} - System32\Tasks\Emxloweeuhop => C:\ProgramData\Emxloweeuhop\1.0.4.1\llemiive.exe
Task: {9BF29BF5-CEE6-49E2-A537-8D3148EFC767} - System32\Tasks\{55E25DCD-DBAA-4273-A91A-E5FCF43E4367} => pcalua.exe -a "C:\Users\Phil\AppData\Roaming\Store\WindApp\WindApp Uninstall.exe" -c /cpanel=1
Task: {C5B7001F-0910-4D85-AD22-EAA2B6805176} - System32\Tasks\MaxComputerCleaner_Start => C:\Program Files (x86)\Max Computer Cleaner\MaxComputerCleaner.exe <==== ATTENTION
Task: {F8C1CEB9-70D7-4A7A-9399-9DB47142AB5D} - System32\Tasks\Selection Tools Update => C:\Users\Phil\AppData\Roaming\WTools\Selection Tools\Selection Tools Update.exe
2012-11-21 15:40 - 2012-11-21 15:40 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-21 15:38 - 2012-11-21 15:38 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-21 15:39 - 2012-11-21
15:39 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-21 15:38 - 2012-11-21 15:38 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-21 15:39 - 2012-11-21 15:40 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2015-07-16 11:12 - 2015-07-24 12:26 - 0000024 _____ () C:\Users\Phil\AppData\Roaming\appdataFr25.bin
2015-05-02 19:24 - 2015-05-02 19:24 - 0000078 _____ () C:\Users\Phil\AppData\Roaming\Selection Tools.installation.log
2015-05-02 20:13 - 2015-05-05 16:13 - 0000122 _____ () C:\Users\Phil\AppData\Roaming\WB.CFG
2015-05-02 19:24 - 2015-05-02 19:24 - 0000078 _____ () C:\Users\Phil\AppData\Roaming\WindApp.installation.log
2015-05-04 09:13 - 2015-05-04 09:13 - 0000001 _____ () C:\Users\Phil\AppData\Local\DSI.DAT
2015-06-24 12:45 - 2015-06-04 14:40 - 00000000 ____D C:\ProgramData\Browser
2015-07-13 14:47 - 2015-05-04 07:59 - 00000000 ____D
C:\Users\Phil\AppData\Roaming\4C4C4544-1430751556-5110-8058-B2C04F595631
2015-07-20 08:57 - 2015-05-31 15:36 - 00003456 _____ C:\WINDOWS\System32\Tasks\Anivlossoul
2015-07-20 08:57 - 2015-05-31 15:35 - 00000000 ____D C:\ProgramData\Anivlossoul
2015-07-22 03:56 - 2015-05-05 17:55 - 00000000 ____D C:\Program Files (x86)\MaxComputerCleaner_v17.337
2015-07-07 10:23 - 2015-07-13 10:23 - 00000000 ____D C:\ProgramData\{f7337fc4-49c7-f688-f733-37fc449cff11}
2015-07-08 22:23 - 2015-07-13 10:23 - 00000000 ____D C:\ProgramData\{00bdd403-bc7e-86ba-00bd-dd403bc7500e}2015-07-13 10:24 - 2015-07-13 10:24 - 00000000 ____D C:\ProgramData\{0ed2f2fd-7b33-a08a-0ed2-2f2fd7b3cbf5}
2015-07-11 15:46 - 2015-07-11 15:46 - 00000000 _____ C:\Users\water_000\Downloads\Sony vaio pcg 7a2l manual_10924_i31600654_il345.exe
2015-07-17 09:50 - 2015-07-17 09:50 - 00001978 _____ C:\Users\Public\Desktop\installconverter.lnk
2015-07-17 09:50 - 2015-07-17 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\installconverter
2015-07-17 09:50 - 2015-07-17 09:50 - 00000000 ____D C:\Program Files (x86)\installconverter
2015-07-16 17:32 - 2015-07-17 14:56 - 00000000 ____D C:\ProgramData\{735cba4e-c13f-4ff6-735c-cba4ec13e93b}
2015-07-16 11:12 - 2015-07-24 12:26 - 00000024 _____ C:\Users\Phil\AppData\Roaming\appdataFr25.bin
2015-07-16 10:23 - 2015-07-16 10:23 - 00000000 ____D C:\ProgramData\16052110461454905088
2015-07-24 12:06 - 2015-07-24 12:06 - 00003460 _____ C:\WINDOWS\System32\Tasks\Hejixurnoeina
2015-07-24 12:06 - 2015-07-24 12:06 - 00000000 ____D C:\ProgramData\Hejixurnoeina
2015-07-24 12:01 - 2015-07-24 12:17 - 00000000 ____D C:\ProgramData\YOAaBpD
2015-07-21 09:23 - 2015-07-21 09:23 - 00003458 _____ C:\WINDOWS\System32\Tasks\Emxloweeuhop
2015-07-21 09:23 - 2015-07-21 09:23 - 00000000 ____D C:\ProgramData\Emxloweeuhop
2015-07-21 09:16 - 2015-07-21 09:16 - 00000000 ____D C:\WINDOWS\SysWOW64\Emxloweeuhop
S2 gupdate; "C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
CHR Extension: (WhITeCooupOn) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecigmildlphgmpcdblpbbgcecgibjbb [2015-07-16]
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = 
SearchScopes: HKU\S-1-5-21-429698863-2004191768-778224894-1001 -> {8B168543-94E9-4380-88EF-DC062271DA93} URL = 
BHO: No Name -> {51BF1FA0-6E1E-438F-BC36-ED018407761E} ->  No File
GroupPolicyUsers\S-1-5-21-429698863-2004191768-778224894-1005\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-429698863-2004191768-778224894-1004\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-429698863-2004191768-778224894-1001\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <=======
ATTENTION
AppInit_DLLs-x32: C:\PROGRA~3\{83A36~1\1170~1.1\rasi.dll => "C:\PROGRA~3\{83A36~1\1170~1.1\rasi.dll" File not found
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [DesktopSearch] => C:\ProgramData\DesktopSearch\DesktopSearch.exe -ros -tray
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [Bubble Dock] => "C:\Users\Phil\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [WindApp] => "C:\Users\Phil\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [Selection Tools] => "C:\Users\Phil\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
HKLM-x32\...\RunOnce: [MaxComputerCleaner_v17.337] => C:\Program Files (x86)\MaxComputerCleaner_v17.337\MaxComputerCleaner_Maintenance.exe [29160 2015-04-29] ()
HKLM-x32\...\Run: [] => [X]
*****************
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16C7DD9C-B332-4980-8295-D8646F69DE8B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16C7DD9C-B332-4980-8295-D8646F69DE8B}" => key removed successfully
C:\Windows\System32\Tasks\WindApp Update => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WindApp Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2B8C2EEF-F270-4D90-B9D2-17A2339CAC5F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B8C2EEF-F270-4D90-B9D2-17A2339CAC5F}" => key removed successfully
C:\Windows\System32\Tasks\Anivlossoul => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Anivlossoul" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{30EC4617-34FB-4F2D-97FB-86CC94EACEA7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30EC4617-34FB-4F2D-97FB-86CC94EACEA7}" => key removed successfully
C:\Windows\System32\Tasks\Hejixurnoeina => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hejixurnoeina" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B487DEB-BCCD-4440-A181-91C1BBFCB535}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B487DEB-BCCD-4440-A181-91C1BBFCB535}" => key removed successfully
C:\Windows\System32\Tasks\{BBDAAB4B-C781-4F31-8C57-7B64A2D9D5CE} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BBDAAB4B-C781-4F31-8C57-7B64A2D9D5CE}" => key removed successfully
Files\Unity\WebPlayer64\Uninstall.exe" -c /AllUsers => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7C949D5E-1CC9-4571-844A-52F7D13F9DC8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C949D5E-1CC9-4571-844A-52F7D13F9DC8}" => key removed successfully
C:\Windows\System32\Tasks\Emxloweeuhop => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Emxloweeuhop" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BF29BF5-CEE6-49E2-A537-8D3148EFC767}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BF29BF5-CEE6-49E2-A537-8D3148EFC767}" => key removed successfully
C:\Windows\System32\Tasks\{55E25DCD-DBAA-4273-A91A-E5FCF43E4367} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{55E25DCD-DBAA-4273-A91A-E5FCF43E4367}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5B7001F-0910-4D85-AD22-EAA2B6805176}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5B7001F-0910-4D85-AD22-EAA2B6805176}" => key removed successfully
C:\Windows\System32\Tasks\MaxComputerCleaner_Start => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MaxComputerCleaner_Start" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8C1CEB9-70D7-4A7A-9399-9DB47142AB5D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8C1CEB9-70D7-4A7A-9399-9DB47142AB5D}" => key removed successfully
C:\Windows\System32\Tasks\Selection Tools Update => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Selection Tools Update" => key removed successfully
C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log => moved successfully.
C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log => moved successfully.
"2012-11-21 15:39 - 2012-11-21" => File/Folder not found.
15:39 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log => Error: No automatic fix found for this entry.
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully.
C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log => moved successfully.
C:\Users\Phil\AppData\Roaming\appdataFr25.bin => moved successfully.
C:\Users\Phil\AppData\Roaming\Selection Tools.installation.log => moved successfully.
C:\Users\Phil\AppData\Roaming\WB.CFG => moved successfully.
C:\Users\Phil\AppData\Roaming\WindApp.installation.log => moved successfully.
C:\Users\Phil\AppData\Local\DSI.DAT => moved successfully.
C:\ProgramData\Browser => moved successfully.
"2015-07-13 14:47 - 2015-05-04 07:59 - 00000000 ____D" => File/Folder not found.
C:\Users\Phil\AppData\Roaming\4C4C4544-1430751556-5110-8058-B2C04F595631 => moved successfully.
"C:\WINDOWS\System32\Tasks\Anivlossoul" => File/Folder not found.
C:\ProgramData\Anivlossoul => moved successfully.
C:\Program Files (x86)\MaxComputerCleaner_v17.337 => moved successfully.
C:\ProgramData\{f7337fc4-49c7-f688-f733-37fc449cff11} => moved successfully.
C:\ProgramData\{0ed2f2fd-7b33-a08a-0ed2-2f2fd7b3cbf5} => moved successfully.
C:\Users\water_000\Downloads\Sony vaio pcg 7a2l manual_10924_i31600654_il345.exe => moved successfully.
C:\Users\Public\Desktop\installconverter.lnk => moved successfully.
"C:\ProgramData\Microsoft\Windows\Start" => File/Folder not found.
Menu\Programs\installconverter => Error: No automatic fix found for this entry.
C:\Program Files (x86)\installconverter => moved successfully.
C:\ProgramData\{735cba4e-c13f-4ff6-735c-cba4ec13e93b} => moved successfully.
"C:\Users\Phil\AppData\Roaming\appdataFr25.bin" => File/Folder not found.
C:\ProgramData\16052110461454905088 => moved successfully.
"C:\WINDOWS\System32\Tasks\Hejixurnoeina" => File/Folder not found.
C:\ProgramData\Hejixurnoeina => moved successfully.
C:\ProgramData\YOAaBpD => moved successfully.
"C:\WINDOWS\System32\Tasks\Emxloweeuhop" => File/Folder not found.
C:\ProgramData\Emxloweeuhop => moved successfully.
C:\WINDOWS\SysWOW64\Emxloweeuhop => moved successfully.
gupdate => service removed successfully
(x86)\Google\Update\GoogleUpdate.exe" /svc [X] => Error: No automatic fix found for this entry.
gupdatem => service removed successfully
C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecigmildlphgmpcdblpbbgcecgibjbb => moved successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}" => key removed successfully
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => key not found. 
"HKU\S-1-5-21-429698863-2004191768-778224894-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B168543-94E9-4380-88EF-DC062271DA93}" => key removed successfully
HKCR\CLSID\{8B168543-94E9-4380-88EF-DC062271DA93} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51BF1FA0-6E1E-438F-BC36-ED018407761E}" => key removed successfully
HKCR\CLSID\{51BF1FA0-6E1E-438F-BC36-ED018407761E} => key not found. 
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-429698863-2004191768-778224894-1005\User => moved successfully.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-429698863-2004191768-778224894-1004\User => moved successfully.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-429698863-2004191768-778224894-1001\User => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
ATTENTION => Error: No automatic fix found for this entry.
"C:\PROGRA~3\{83A36~1\1170~1.1\rasi.dll" => value data removed successfully.
HKU\S-1-5-21-429698863-2004191768-778224894-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DesktopSearch => value removed successfully
HKU\S-1-5-21-429698863-2004191768-778224894-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Bubble Dock => value removed successfully
HKU\S-1-5-21-429698863-2004191768-778224894-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WindApp => value removed successfully
HKU\S-1-5-21-429698863-2004191768-778224894-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Selection Tools => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\MaxComputerCleaner_v17.337 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
 
 
The system needed a reboot.. 
 
==== End of Fixlog 08:05:43 ====
 
# AdwCleaner v4.208 - Logfile created 25/07/2015 at 08:14:49
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Phil - EDEEN
# Running from : C:\Users\Phil\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\DesktopSearch
Folder Deleted : C:\ProgramData\radio
Folder Deleted : C:\ProgramData\{00bdd403-bc7e-86ba-00bd-dd403bc7500e}
Folder Deleted : C:\Program Files (x86)\PriCeeLLess
Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\PC Tech Hotline
Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\speed browser
Folder Deleted : C:\Users\camac_000\AppData\Local\SearchProtect
Folder Deleted : C:\Users\camac_000\AppData\Local\speed browser
Folder Deleted : C:\Users\camac_000\AppData\Local\WebBar
Folder Deleted : C:\Users\camac_000\AppData\Local\DesktopSearch
Folder Deleted : C:\Users\Guest\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Phil\AppData\Local\speed browser
Folder Deleted : C:\Users\Phil\AppData\Local\4C4C4544-1430726398-5110-8058-B2C04F595631
Folder Deleted : C:\Users\Phil\AppData\Local\4C4C4544-1430726536-5110-8058-B2C04F595631
Folder Deleted : C:\Users\Phil\AppData\Local\4C4C4544-1430726552-5110-8058-B2C04F595631
Folder Deleted : C:\Users\Phil\AppData\Roaming\Nosibay
Folder Deleted : C:\Users\Phil\AppData\Roaming\Store
Folder Deleted : C:\Users\Phil\AppData\Roaming\WTools
Folder Deleted : C:\Users\Phil\Documents\MaxComputerCleaner
Folder Deleted : C:\Users\water_000\AppData\Local\SearchProtect
Folder Deleted : C:\Users\water_000\AppData\Local\speed browser
Folder Deleted : C:\Users\water_000\AppData\Local\WebBar
Folder Deleted : C:\Users\water_000\AppData\Local\DesktopSearch
Folder Deleted : C:\Users\water_000\AppData\Roaming\ShopAtHome
Folder Deleted : C:\Users\camac_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Folder Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Folder Deleted : C:\Users\camac_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecigmildlphgmpcdblpbbgcecgibjbb
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecigmildlphgmpcdblpbbgcecgibjbb
Folder Deleted : C:\Users\water_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecigmildlphgmpcdblpbbgcecgibjbb
Folder Deleted : C:\Users\camac_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp
Folder Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp
Folder Deleted : C:\Users\water_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp
[/!\] Not Deleted ( Junction ) : C:\Users\camac_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecigmildlphgmpcdblpbbgcecgibjbb
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecigmildlphgmpcdblpbbgcecgibjbb
[/!\] Not Deleted ( Junction ) : C:\Users\water_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecigmildlphgmpcdblpbbgcecgibjbb
[/!\] Not Deleted ( Junction ) : C:\Users\camac_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp
[/!\] Not Deleted ( Junction ) : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp
[/!\] Not Deleted ( Junction ) : C:\Users\water_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp
[/!\] Not Deleted ( Junction ) : C:\Users\camac_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp
[/!\] Not Deleted ( Junction ) : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp
[/!\] Not Deleted ( Junction ) : C:\Users\water_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp
[/!\] Not Deleted ( Junction ) : C:\Users\camac_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecigmildlphgmpcdblpbbgcecgibjbb
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecigmildlphgmpcdblpbbgcecgibjbb
[/!\] Not Deleted ( Junction ) : C:\Users\water_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecigmildlphgmpcdblpbbgcecgibjbb
[/!\] Not Deleted ( Junction ) : C:\Users\camac_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp
[/!\] Not Deleted ( Junction ) : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp
[/!\] Not Deleted ( Junction ) : C:\Users\water_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp
Folder Deleted : C:\ProgramData\aipgeegemjepjchnkdepadfbhbnkmmce
File Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfkjojacgdjkninepeghaamnapdjmlfn_0.localstorage
File Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hbepadcdhpahlikldbochnhfleejiokp_0.localstorage
File Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hbepadcdhpahlikldbochnhfleejiokp_0.localstorage-journal
File Deleted : C:\Users\camac_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk
File Deleted : C:\Users\Phil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk
File Deleted : C:\Users\water_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk
File Deleted : C:\Users\camac_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_taplika.com_0.localstorage
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9A44AB5B-B488-42A3-8D2B-7A0DA772F3A4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CC6F4F54-6EF8-4E84-BDC6-ABC6F83100BE}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}
Key Deleted : HKCU\Software\Boost
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Nosibay
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Store
Key Deleted : HKCU\Software\WTools
Key Deleted : HKCU\Software\MaxComputerCleanerLanguage
Key Deleted : HKCU\Software\RapidMediaConverterApp
Key Deleted : HKLM\SOFTWARE\Boost
Key Deleted : HKLM\SOFTWARE\EZ Software Updater
Key Deleted : HKLM\SOFTWARE\SpeedBrowser
Key Deleted : HKU\.DEFAULT\Software\GeekBuddyRSP
Key Deleted : HKU\.DEFAULT\Software\PCTechHotline
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : [x64] HKLM\SOFTWARE\WebBar
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v43.0.2357.134
 
[C:\Users\camac_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3319613&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=58&CUI=&UM=5&UP=SP8F42E7FB-FDA8-49EA-8BA5-43DBAB2DC2E5&q={searchTerms}&SSPV=
[C:\Users\camac_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\camac_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\camac_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lfkjojacgdjkninepeghaamnapdjmlfn
[C:\Users\camac_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : aecigmildlphgmpcdblpbbgcecgibjbb
[C:\Users\camac_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : hbepadcdhpahlikldbochnhfleejiokp
[C:\Users\camac_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : aecigmildlphgmpcdblpbbgcecgibjbb
[C:\Users\camac_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : hbepadcdhpahlikldbochnhfleejiokp
[C:\Users\camac_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : hbepadcdhpahlikldbochnhfleejiokp
[C:\Users\camac_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : aecigmildlphgmpcdblpbbgcecgibjbb
[C:\Users\camac_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : hbepadcdhpahlikldbochnhfleejiokp
[C:\Users\camac_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3319613&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=55&CUI=&UM=5&UP=SP8F42E7FB-FDA8-49EA-8BA5-43DBAB2DC2E5&SSPV=
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : aecigmildlphgmpcdblpbbgcecgibjbb
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : hbepadcdhpahlikldbochnhfleejiokp
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : aecigmildlphgmpcdblpbbgcecgibjbb
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : hbepadcdhpahlikldbochnhfleejiokp
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : hbepadcdhpahlikldbochnhfleejiokp
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : aecigmildlphgmpcdblpbbgcecgibjbb
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : hbepadcdhpahlikldbochnhfleejiokp
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://taplika.com/?f=1&a=&cd=&cr=&ir=
[C:\Users\water_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\water_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\water_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3319613&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=58&CUI=&UM=5&UP=SP8F42E7FB-FDA8-49EA-8BA5-43DBAB2DC2E5&q={searchTerms}&SSPV=
[C:\Users\water_000\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : aecigmildlphgmpcdblpbbgcecgibjbb
[C:\Users\water_000\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : hbepadcdhpahlikldbochnhfleejiokp
[C:\Users\water_000\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : aecigmildlphgmpcdblpbbgcecgibjbb
[C:\Users\water_000\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : hbepadcdhpahlikldbochnhfleejiokp
[C:\Users\water_000\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : hbepadcdhpahlikldbochnhfleejiokp
[C:\Users\water_000\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : aecigmildlphgmpcdblpbbgcecgibjbb
[C:\Users\water_000\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : hbepadcdhpahlikldbochnhfleejiokp
[C:\Users\water_000\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3319613&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=55&CUI=&UM=5&UP=SP8F42E7FB-FDA8-49EA-8BA5-43DBAB2DC2E5&SSPV=
 
*************************
 
AdwCleaner[R0].txt - [14396 bytes] - [25/07/2015 08:13:21]
AdwCleaner[S0].txt - [13528 bytes] - [25/07/2015 08:14:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13588  bytes] ##########
 
 
Please let me know what else I need to do.
 
Thanks again!

  • 0

#4
Pyxis
Posted 25 July 2015 - 09:50 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

Thanks for your help with this! Please let me know what else I need to do.


You are welcome! :) How is your computer doing? As you can see, we have removed a lot of bad files so performance should be a bit better. A few more steps and you should be good to go.
  • Step 1

    Download 'Junkware Removal Tool by thisisu' and save it to your desktop.
    • Ensure all programs and windows are closed before proceeding.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.
    • Double-click mbam-setup-*.exe and proceed to installing the program.
      • Accept the License Agreement.
      • At the end, untick Enable free trial of Malwarebytes Anti-Malware Premium and ensure Launch Malwarebytes' Anti-Malware is checked.
      • Click Finish after.
    • Once the program has loaded, navigate to the Settings tab and select Detection and Protection.
      • Tick the Scan For Rootkits box.
    • Go back to the Dashboard and select Update Now. Click Scan Now after.
      • Updates can sometimes still be present. Be sure to select Update Now again if you are prompted.
      • Once the scan is complete, click Apply Actions.
      • If you are prompted to reboot, allow it by pressing Yes.
    • Navigate to the program's History tab to retrieve the log.
      • Click Application Logs and double-click on the most recent Scan Log.
      • Export the log to your desktop as a .TXT file.
      • You can also choose to directly copy the log by selecting Copy to Clipboard.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Download 'SecurityCheck by screen317' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up after once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
    Note: If you get an error about an unsupported operating system, please reboot your computer and try again.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • checkup.txt (SecurityCheck)
    • JRT.txt (Junkware Removal Tool)
    • mbam-log-YYYY-MM-DD (HH-MM-SS).xml (Malwarebytes Anti-Malware)

  • 0

#5
dendrum
Posted 25 July 2015 - 01:58 PM

dendrum

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi Pyxis,

 

I have done as you instructed.  The files are below.

 

Thanks again for your help!

 

 Results of screen317's Security Check version 1.005  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton 360    
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 60  
 Java version 32-bit out of Date! 
 Adobe Reader XI  
 Google Chrome (43.0.2357.132) 
 Google Chrome (43.0.2357.134) 
 Google Chrome (GoogleUpdateHelper.dll..) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 8.1 x64
Ran by Phil on Sat 07/25/2015 at 12:01:25.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDoctorBackgroundMonitorTask
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Phil\AppData\Roaming\appdataFr25.bin
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\Users\Phil\Appdata\Local\crashrpt
 
 
 
~~~ Chrome
 
 
[C:\Users\Phil\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Phil\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Phil\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Phil\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  ogminpmldncgcmokldnmmapddoccmhfl
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/25/2015 at 12:06:14.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/25/2015
Scan Time: 12:17 PM
Logfile: malware.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.25.03
Rootkit Database: v2015.07.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Phil
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 527433
Time Elapsed: 23 min, 0 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 1
PUP.Optional.Taplika.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Taplika\\, Quarantined, [33c4ffe67e0cc96d475413fac043af51]
 
Registry Data: 1
PUP.Optional.Conduit.A, HKU\S-1-5-21-429698863-2004191768-778224894-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.condui...bab2dc2e5&sspv=, Good: (www.google.com), Bad: (http://search.condui...bab2dc2e5&sspv=),Replaced,[32c5e9fc7e0c0b2b551e83aff60ff40c]
 
Folders: 0
(No malicious items detected)
 
Files: 18
PUP.Optional.Nosibay.A, C:\$Recycle.Bin\S-1-5-21-429698863-2004191768-778224894-1001\$RI5DPSV.exe, Quarantined, [27d011d4f3976ec8db436906996ce51b], 
PUP.Optional.Nosibay.A, C:\$Recycle.Bin\S-1-5-21-429698863-2004191768-778224894-1001\$RIMUVEV.exe, Quarantined, [b344598ca3e7f343b767006f7f86867a], 
PUP.Optional.Nosibay.A, C:\$Recycle.Bin\S-1-5-21-429698863-2004191768-778224894-1001\$R75F05E.exe, Quarantined, [3dbadd08e0aa8aacd44adf9040c510f0], 
PUP.Optional.Nosibay.A, C:\$Recycle.Bin\S-1-5-21-429698863-2004191768-778224894-1001\$RWCH3ZX.exe, Quarantined, [27d0766fe7a3d165011d9fd04db8ac54], 
PUP.Optional.Nosibay.A, C:\$Recycle.Bin\S-1-5-21-429698863-2004191768-778224894-1001\$R8UZRFJ.exe, Quarantined, [d62150957119ee48001ecea13ec712ee], 
PUP.Optional.Nosibay.A, C:\$Recycle.Bin\S-1-5-21-429698863-2004191768-778224894-1001\$R33GF3X.exe, Quarantined, [14e3a73ed7b3f54135e9de913ec760a0], 
PUP.Optional.Boost.A, C:\$Recycle.Bin\S-1-5-21-429698863-2004191768-778224894-1001\$RQ79AMA.dll, Quarantined, [67901bcaee9c58de5313da95aa5b33cd], 
PUP.Optional.Nosibay.A, C:\$Recycle.Bin\S-1-5-21-429698863-2004191768-778224894-1001\$RQXLULB.exe, Quarantined, [3abd885d2b5f6ec8c757dc9311f4df21], 
PUP.Optional.Nosibay.A, C:\$Recycle.Bin\S-1-5-21-429698863-2004191768-778224894-1001\$RQZHIA9.exe, Quarantined, [ea0deef7533790a65ec07df2788d768a], 
PUP.Optional.Nosibay.A, C:\$Recycle.Bin\S-1-5-21-429698863-2004191768-778224894-1001\$RRKCUI5.exe, Quarantined, [c5322eb70c7e41f550ceb3bc0ef70af6], 
PUP.Optional.Boost.A, C:\$Recycle.Bin\S-1-5-21-429698863-2004191768-778224894-1001\$RGAGJ73.exe, Quarantined, [c82f53926d1dd26498cebbb457ae32ce], 
PUP.Optional.Boost.A, C:\$Recycle.Bin\S-1-5-21-429698863-2004191768-778224894-1001\$R98T8WO.dll, Quarantined, [1fd8faebe0aa290d0a5c5f107392d828], 
PUP.Optional.Nosibay.A, C:\$Recycle.Bin\S-1-5-21-429698863-2004191768-778224894-1001\$RD3V5GW.exe, Quarantined, [47b0d510a0ea7abc67b7195664a1ce32], 
PUP.Optional.Boost.A, C:\$Recycle.Bin\S-1-5-21-429698863-2004191768-778224894-1001\$RMEAGD8.dll, Quarantined, [ce2934b162282412b0b6303f41c47987], 
PUP.Optional.Mindspark.A, C:\Users\Guest\Downloads\FromDocToPDF.exe, Quarantined, [20d78f567e0cb2848c7619d8c93b619f], 
PUP.Optional.Mindspark.A, C:\Users\water_000\Downloads\FromDocToPDFSetup2.5.14.33.pd^Y6^xdm003^YYA^us.CNXUpoqJzrkCFc57QgodqkQAgQ.exe, Quarantined, [ca2d9a4b305a57df4d0b8ae535d045bb], 
PUP.Optional.DealPly, C:\Users\Phil\AppData\Local\35482484\rasi.dll, Quarantined, [1cdb0adb3159053104aed3daff0213ed], 
PUP.Optional.Taplika.C, C:\Users\Phil\AppData\LocalLow\Microsoft\Internet Explorer\Services\WSE_Taplika.ico, Quarantined, [55a250958604072fa5ea67a69d66b54b], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#6
Pyxis
Posted 25 July 2015 - 08:05 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Could you visit chrome://version on Google Chrome and post back the results here? How is your computer doing?
  • Step 1

    You currently have the following outdated program(s) installed. I highly recommend that you perform an update. You will find the download link(s) for the new version(s) below.
    • Java Runtime Environment -- Update
    Uninstall the previous version(s) before installing the updated one(s). If you run into any errors, let me know.
  • Step 2

    Run a free 'ESET Online Scan by ESET' by firstly saving the file to your desktop.
    • Double-click esetsmartinstaller_enu.exe. Accept the Terms of Use then click on Start.
    • Ensure the following settings are followed before clicking Start (you may or may not see the software warning at the very bottom):

      nvMhqop.png

    • The virus signature database will begin to download. Wait for the scan to end--it may take several hours.
    • Upon completion, select List of found threats > Export to text file....
    • Press Back and put a check on the following:
      • Uninstall application on close
      • Delete quarantined files
    • Click Finish.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Run your copy of Farbar Recovery Scan Tool by double-clicking it.
    • Put a check on Addition.
    • Press the Scan button after.
    • It will produce FRST.txt and Addition.txt on your desktop once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Addition.txt (Farbar Recovery Scan Tool)
    • FRST.txt (Farbar Recovery Scan Tool)
    • log.txt (ESET Online Scan)

  • 0

#7
dendrum
Posted 26 July 2015 - 12:10 PM

dendrum

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Thanks Pyxis!  In terms of the computer, I am still having an issue with "Outbound Traffic Detected"  messages frequently from Norton Power Eraser.  When I first logged on this morning I had this message 10 times in less than 5 minutes.   I also have a program that asks me to register everytime I reboot.  The name of the program is 

"Origin" form Electronic Arts Entertainment.  Below are the files asked for:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-07-2015
Ran by Phil at 2015-07-26 11:00:24
Running from C:\Users\Phil\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-429698863-2004191768-778224894-500 - Administrator - Disabled)
camac_000 (S-1-5-21-429698863-2004191768-778224894-1004 - Limited - Enabled) => C:\Users\camac_000
Guest (S-1-5-21-429698863-2004191768-778224894-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-429698863-2004191768-778224894-1008 - Limited - Enabled)
Phil (S-1-5-21-429698863-2004191768-778224894-1001 - Administrator - Enabled) => C:\Users\Phil
UpdatusUser (S-1-5-21-429698863-2004191768-778224894-1006 - Limited - Enabled)
water_000 (S-1-5-21-429698863-2004191768-778224894-1005 - Limited - Enabled) => C:\Users\water_000
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Amazon Kindle) (Version:  - Amazon)
Any DVD Cloner Platinum 1.3.1 (HKLM-x32\...\Any DVD Cloner Platinum_is1) (Version:  - dvdsmith.com)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Big Brainz Launcher (HKLM-x32\...\Big Brainz Launcher O) (Version: O - Big Brainz)
Bigasoft iTunes Video Converter 4.2.2.5206 (HKLM-x32\...\{83340D90-BB65-4969-8C4E7FABC6319CDA}_is1) (Version:  - Bigasoft Corporation)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Center 2 (HKLM-x32\...\Data Center 2) (Version:  - Sigma Elektro GmbH)
DataCenter2 (HKLM-x32\...\DataCenter2.6A52D17A1C86211F195F60E94C15876515EBE62C.1) (Version: 2.0.1 - Sigma Elektro GmbH)
DataCenter2 (x32 Version: 2.0.1 - Sigma Elektro GmbH) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Flixster (HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\57554551bac4f5b1) (Version: 2.1.0.282 - Flixster)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
InstallConverter (x32 Version: 1.0 - InstallConverter) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Multimedia Card Reader (HKLM-x32\...\InstallShield_{4B3D9AA4-B47A-4349-A64F-04D5A9226D7C}) (Version: 2.2.915.108 - Fitipower)
Multimedia Card Reader (x32 Version: 2.2.915.108 - Fitipower) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
NVIDIA 3D Vision Driver 326.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 326.60 - NVIDIA Corporation)
NVIDIA Graphics Driver 326.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 326.60 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.200 - Qualcomm Atheros Communications)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
SAM Animation 1.5.4 (HKLM-x32\...\SAM Animation 1.5.4 1.5.4.0) (Version: 1.5.4.0 - iCreate to Educate, Inc.)
SAM Animation 1.5.4 (x32 Version: 1.5.4.0 - iCreate to Educate, Inc.) Hidden
Seagate Dashboard (HKLM-x32\...\{F1D8690F-06B3-4100-9949-398EA253AC61}) (Version: 3.2.1802.2 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sigma Data Center 3.0 (HKLM-x32\...\Sigma Data Center3.0) (Version: 3.0 - Sigma Elektro GmbH)
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
SonicWALL Global VPN Client (HKLM\...\{4A6C8E4B-A2A1-44E3-8AEF-8D7A471D07BA}) (Version: 4.8.6 - SonicWALL)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.05.0001 - Electronic Arts)
Windows Driver Package - SIGMA Elektro GmbH (usbser) Ports  (04/27/2012 5.1.2600.5512) (HKLM\...\72BE00E857D6F4F2018C51300C130B652C40D203) (Version: 04/27/2012 5.1.2600.5512 - SIGMA Elektro GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WizTree v1.07 (HKLM-x32\...\WizTree_is1) (Version:  - Antibody Software)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
08-07-2015 17:25:15 Windows Update
15-07-2015 03:34:37 Windows Update
16-07-2015 10:36:02 Norton_Power_Eraser_20150716103602039
20-07-2015 08:57:38 Norton_Power_Eraser_20150720085735810
21-07-2015 09:15:06 Norton_Power_Eraser_20150721091506626
24-07-2015 12:08:15 Norton_Power_Eraser_20150724120814477
26-07-2015 08:55:28 Removed Java 7 Update 60
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {123FF570-53CF-421B-91A6-B766D04971FD} - System32\Tasks\HP AR Program Upload - 87f5a309db7144bf9c476c44d63c319eeb574d8bc3274707b43c0507fe8c0ca4 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {3EB4B9E5-6810-4B78-BC40-01EE5894A85A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3F114411-AD26-4F9E-BB9F-CAAFEA3223B2} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {50B1E6FD-48B2-4EAE-ADF0-4FAE46E0EABB} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {513FEEC8-C62A-455A-87E5-4B9A29B94E24} - System32\Tasks\Phil Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
Task: {67702E21-198A-4F9C-8CD0-5652B7658E84} - System32\Tasks\Phil DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-09-17] (Seagate Technology LLC)
Task: {7E210760-64FF-46C8-BA03-CEC373A816B6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {9EBFCA5D-DC10-4E91-81E0-DD21E97D1479} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AFDC91DE-05E9-4EFF-A3A9-F017A3C175F1} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-09-17] (Seagate Technology LLC)
Task: {BB2D2891-06A2-40A9-99CC-D2C8F131B67D} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {CE9C6202-E9B8-4F5C-99B3-62BF4D6D8C03} - System32\Tasks\Phil => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
Task: {D3506AB5-43C3-458D-A155-A18DB7CE4A1A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {D3C487BB-76B5-457B-90B9-968E800D3AB8} - System32\Tasks\HP AR Program Upload - 5bf23fee4b0a4a41abf49ffa45402cee7d1a0c34bd924226b30ed41b08347264 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {DE99E14F-19F4-40B7-8010-1F5318D938C1} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {F578ACB6-7CDF-4A5F-8336-64CBB06351F2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {FAF75B22-5424-4880-96BB-21190C1529EC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-21 15:39 - 2012-04-24 19:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-07-02 18:28 - 2012-07-02 18:28 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2012-06-28 14:39 - 2012-06-28 14:39 - 00262144 _____ () C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
2012-11-21 15:38 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-07-14 09:58 - 2015-07-13 14:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 09:58 - 2015-07-13 14:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
2014-10-16 11:55 - 2014-10-16 11:55 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\80a14cd14e9579821dba2282b4349fef\PSIClient.ni.dll
2012-11-21 15:41 - 2012-09-12 20:18 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2012-11-21 15:41 - 2012-08-06 09:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2012-11-21 15:41 - 2012-08-06 09:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2012-11-21 15:33 - 2012-06-26 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\camac_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\water_000\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\dell.com -> dell.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-429698863-2004191768-778224894-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win7 CHROME 1920x1200.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{49090FEF-E3AC-4079-B241-EEEEFABB18B8}] => (Allow) LPort=1900
FirewallRules: [{89E7DB5A-F745-43C9-B300-EFE6A150EF50}] => (Allow) LPort=2869
FirewallRules: [{5667A035-F721-4114-8368-8BE579116B80}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{2E1A8FCB-1619-4FA6-AF88-222FB8AB20B9}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [TCP Query User{8ED13836-C6D4-4671-B22D-ECA97B9447AF}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [UDP Query User{D49056E1-B32B-45FC-977B-D40ED244858E}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [TCP Query User{5CE70431-EBDF-45F4-90A7-4BF9E71742E3}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [{30C53404-F2D2-4E65-BE0F-4515854ED382}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{8DD0699E-F59A-447A-B260-039076826CF6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{77119BA8-E586-4C0F-8F52-98647A916435}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{5F6AC280-75DE-47C5-B181-8C1EC3E5F0D0}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Win7Ui.exe
FirewallRules: [{21F0DFA3-2685-46E2-974B-1AD8F6CF20B8}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{88C2CC7B-4E75-4AFD-9F09-60355F6368E4}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{A2CD3756-5175-46ED-BFA9-741DA44AA61A}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Btvstack.exe
FirewallRules: [{10BE750A-D5EC-4622-B513-1C1EACF6C599}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS4ADB\HPDiagnosticCoreUI.exe
FirewallRules: [{FFD89609-F743-4149-A52D-FDC610BDD70C}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS4ADB\HPDiagnosticCoreUI.exe
FirewallRules: [{EA8937AD-0C9B-4B0E-BFDC-81B1F0F89512}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS3C6E\HPDiagnosticCoreUI.exe
FirewallRules: [{77FAC67C-8412-47F3-B995-0F817A34AAC0}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS3C6E\HPDiagnosticCoreUI.exe
FirewallRules: [{02A74756-4EEF-4744-8ADF-C6FB253498D2}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS3CD3\HPDiagnosticCoreUI.exe
FirewallRules: [{31C00AB5-A4DB-47AA-A3F3-ED027247DEC0}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS3CD3\HPDiagnosticCoreUI.exe
FirewallRules: [{4BF3DCB2-187E-492F-8244-3A4D06F4D1ED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{A872471A-E309-4AD6-A267-B2898FCE5373}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{693B3192-F9BA-4855-AB78-5D7D8FD28E94}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{350B9366-FAD2-4AC7-84C0-18C9D1D66045}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{97EDC2A7-57DD-482C-837D-140749644DCD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{9EF0576B-2BB9-4F02-9B1A-D5F590687623}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{05637EFB-1BBC-4276-B833-7D2F3D5DE8FD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{7A1DC40C-EABF-42E6-B6DC-48328A8FAF40}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{D64480F9-538B-4C64-AA61-6673112D1FB2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{E1D8143A-8148-44C9-AA72-876360421017}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{2E2201A8-90C2-48B8-9EE8-C603B4678F74}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{8560281A-F832-4504-927D-589A591811D7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{2495606D-FB0B-444D-BC21-110820ECD72B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{77B79F79-9A49-4800-A979-D2F4DA4C11AF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{AA655B55-D082-4D8E-A817-9BD7F737F5CF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{B2FDB950-0826-4513-8682-53218575210E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{BA01E3D1-1407-4EC6-8388-890A43C34DB5}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{BAA32C36-C3BA-4606-B35C-0ACE20A5A23E}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS4F17\HPDiagnosticCoreUI.exe
FirewallRules: [{30ABA945-3A32-4535-8579-D5DBAB00CB66}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS4F17\HPDiagnosticCoreUI.exe
FirewallRules: [{6401498D-B768-4324-BAFD-80BF3E088114}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS22BD\HPDiagnosticCoreUI.exe
FirewallRules: [{6F5E2A47-2AA7-4105-BA61-DDA1124D9D1A}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS22BD\HPDiagnosticCoreUI.exe
FirewallRules: [{AB082182-ABCB-4F59-A232-DF8AEE474716}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B66D9100-1674-43DE-9D58-D8CC3DD0FF49}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7B53ED6F-F98A-4633-9C06-C6E3A242E397}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E1730A72-A29D-4447-AA40-FE8BCBEAD72D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5B04DB31-41DB-4487-AC2B-FDBBF7AEE039}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS290E\HPDiagnosticCoreUI.exe
FirewallRules: [{531C35ED-8F73-4C1C-8768-AB8ED312E56F}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS290E\HPDiagnosticCoreUI.exe
FirewallRules: [{DBBA575D-9DE9-4F9B-AACC-3C7AE27ABA84}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS2D82\HPDiagnosticCoreUI.exe
FirewallRules: [{E7C63A32-0B6B-4163-B229-806EA5EB4A1F}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS2D82\HPDiagnosticCoreUI.exe
FirewallRules: [{ACECE9DE-A67A-4429-95FE-14D5090C5E73}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS2E2F\HPDiagnosticCoreUI.exe
FirewallRules: [{9181DE27-69AA-4448-8EAE-EF9080C2203C}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS2E2F\HPDiagnosticCoreUI.exe
FirewallRules: [{3A0D020F-F831-4C09-8F3F-454CB3BA7E11}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS302F\HPDiagnosticCoreUI.exe
FirewallRules: [{BB42286E-E21B-4D5F-AD8F-13521A5CAD0F}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS302F\HPDiagnosticCoreUI.exe
FirewallRules: [{508F782F-8E71-4717-A5A2-8077B0A7099A}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS4560\HPDiagnosticCoreUI.exe
FirewallRules: [{D2D251D1-2544-4A9F-B87A-1C2B78A4FED7}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS4560\HPDiagnosticCoreUI.exe
FirewallRules: [{4AC7374C-948B-4F18-BD39-3EBFCCC5A304}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS49D7\HPDiagnosticCoreUI.exe
FirewallRules: [{C0277A08-AED6-4121-A28A-6B0CC46178B2}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS49D7\HPDiagnosticCoreUI.exe
FirewallRules: [{2E455E2E-C2AE-4A95-931A-94BEA1430E7C}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS4E9C\HPDiagnosticCoreUI.exe
FirewallRules: [{85D2271C-84CC-4BC2-95D6-5791F1980769}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS4E9C\HPDiagnosticCoreUI.exe
FirewallRules: [{CC85730E-7D99-4D34-9FF8-ADDDE337FAFC}] => (Allow) LPort=8888
FirewallRules: [{6B3348A0-B25E-41E5-8F63-A5EAA12019B4}] => (Allow) LPort=8888
FirewallRules: [{AC627A43-CC58-404E-869E-52BC9973C2A6}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS3401\HPDiagnosticCoreUI.exe
FirewallRules: [{5119067E-24B4-4AE2-ACE9-8C5BD3ADC05C}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS3401\HPDiagnosticCoreUI.exe
FirewallRules: [{21E7E5EB-46BA-48A2-86D2-826D6125DA0B}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS3844\HPDiagnosticCoreUI.exe
FirewallRules: [{BC01D0A6-C4A8-438F-959F-699F3BFC0C88}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS3844\HPDiagnosticCoreUI.exe
FirewallRules: [{71ED855A-6053-4FFB-8769-806C69E891F2}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS72B7\HPDiagnosticCoreUI.exe
FirewallRules: [{66AFA6BE-6F66-4897-A745-7CD71C2B8BB3}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS72B7\HPDiagnosticCoreUI.exe
FirewallRules: [{8436071F-AAE5-44CC-883E-2E4081A919E6}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS7330\HPDiagnosticCoreUI.exe
FirewallRules: [{3DD01C2B-7590-4884-9F8B-2A08EC852E76}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS7330\HPDiagnosticCoreUI.exe
FirewallRules: [{70499D27-C3E5-43ED-A02D-17B2AC5FD784}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS1B5B\HPDiagnosticCoreUI.exe
FirewallRules: [{76F1FE90-CC87-4E5A-BA4C-C886566B5713}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS1B5B\HPDiagnosticCoreUI.exe
FirewallRules: [{6BF86859-337D-46B3-B474-0C7D75CD86F5}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS4776\HPDiagnosticCoreUI.exe
FirewallRules: [{912FEA87-4499-4FEC-BDC1-5FEC9FF7A4F2}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS4776\HPDiagnosticCoreUI.exe
FirewallRules: [{A2C7F5A6-F115-467D-8158-6E92BCF52D97}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS53FC\HPDiagnosticCoreUI.exe
FirewallRules: [{FD023486-A5E8-45A5-9424-AE0AF33E8783}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS53FC\HPDiagnosticCoreUI.exe
FirewallRules: [{4856C702-95DB-488D-AF23-B1AE807E5337}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS5B38\HPDiagnosticCoreUI.exe
FirewallRules: [{C6AC87F5-30F4-4F6D-A317-D12D6EAB060C}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS5B38\HPDiagnosticCoreUI.exe
FirewallRules: [{E8865B29-5DA3-47ED-8FF5-10166882F2BA}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS5E1A\HPDiagnosticCoreUI.exe
FirewallRules: [{4DCD819B-4D19-47A4-841A-42102346AE12}] => (Allow) C:\Users\Phil\AppData\Local\Temp\7zS5E1A\HPDiagnosticCoreUI.exe
FirewallRules: [{D4F049AB-9126-4B5B-B5FA-24C2BF60B7E8}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\FaxApplications.exe
FirewallRules: [{7CC06FCA-E0FC-4FF7-8032-D9FE05AF8555}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\DigitalWizards.exe
FirewallRules: [{5A76782F-6767-4C63-B8A8-B43915D17E1B}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\SendAFax.exe
FirewallRules: [{EBB6CBB0-2D59-42F8-B956-B980824E2611}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\DeviceSetup.exe
FirewallRules: [{AC9828D3-D2FC-427E-A3AF-AF0F1D0C4A0D}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{52451267-11F9-4070-AAA6-D82A8CE0790C}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{D9637BD6-8710-4E41-B32B-583F97E1D158}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0496DDB3-1C8E-47A3-BAD4-F34B139952FA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Faulty Device Manager Devices =============
 
Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/26/2015 09:07:28 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (07/26/2015 09:07:25 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (07/26/2015 09:07:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (07/26/2015 09:07:19 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (07/26/2015 09:06:48 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (07/26/2015 09:06:48 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (07/26/2015 09:06:23 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (07/26/2015 09:06:22 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (07/26/2015 09:05:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: delegate_execute.exe, version: 43.0.2357.134, time stamp: 0x55a3ff35
Faulting module name: delegate_execute.exe, version: 43.0.2357.134, time stamp: 0x55a3ff35
Exception code: 0xc0000005
Fault offset: 0x0002b18e
Faulting process id: 0xc48
Faulting application start time: 0xdelegate_execute.exe0
Faulting application path: delegate_execute.exe1
Faulting module path: delegate_execute.exe2
Report Id: delegate_execute.exe3
Faulting package full name: delegate_execute.exe4
Faulting package-relative application ID: delegate_execute.exe5
 
Error: (07/25/2015 08:47:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 52860
 
 
System errors:
=============
Error: (07/26/2015 09:09:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (07/26/2015 09:09:00 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Phil\AppData\Local\Temp\ehdrv.sys
 
Error: (07/26/2015 09:08:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (07/26/2015 09:08:59 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Phil\AppData\Local\Temp\ehdrv.sys
 
Error: (07/26/2015 09:08:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (07/26/2015 09:08:58 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Phil\AppData\Local\Temp\ehdrv.sys
 
Error: (07/26/2015 09:05:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/26/2015 08:49:40 AM) (Source: DCOM) (EventID: 10010) (User: Edeen)
Description: {6F8BD55B-E83D-4A47-85BE-81FFA8057A69}
 
Error: (07/25/2015 08:47:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
 
Error: (07/25/2015 08:46:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WlanSvc service.
 
 
Microsoft Office:
=========================
Error: (07/26/2015 09:07:28 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Phil\Desktop\esetsmartinstaller_enu.exe
 
Error: (07/26/2015 09:07:25 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Phil\Desktop\esetsmartinstaller_enu.exe
 
Error: (07/26/2015 09:07:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Phil\Desktop\esetsmartinstaller_enu.exe
 
Error: (07/26/2015 09:07:19 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Phil\Desktop\esetsmartinstaller_enu.exe
 
Error: (07/26/2015 09:06:48 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Phil\Desktop\esetsmartinstaller_enu.exe
 
Error: (07/26/2015 09:06:48 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Phil\Desktop\esetsmartinstaller_enu.exe
 
Error: (07/26/2015 09:06:23 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Phil\Desktop\esetsmartinstaller_enu.exe
 
Error: (07/26/2015 09:06:22 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Phil\Desktop\esetsmartinstaller_enu.exe
 
Error: (07/26/2015 09:05:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: delegate_execute.exe43.0.2357.13455a3ff35delegate_execute.exe43.0.2357.13455a3ff35c00000050002b18ec4801d0c7bcd432fb0fC:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\delegate_execute.exe14360a18-33b0-11e5-bf32-a4173169e13e
 
Error: (07/25/2015 08:47:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 52860
 
 
CodeIntegrity Error:
===================================
  Date: 2015-02-02 04:59:28.450
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:28.372
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:28.294
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:28.200
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:28.075
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:27.997
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:27.903
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:27.700
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:27.606
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:27.512
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 16344.98 MB
Available physical RAM: 12599.64 MB
Total Virtual: 19800.98 MB
Available Virtual: 15449.98 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:1854.42 GB) (Free:1525.96 GB) NTFS
Drive d: (Seagate Backup Plus Drive) (Fixed) (Total:1397.26 GB) (Free:1084.01 GB) NTFS
Drive j: () (Removable) (Total:7.45 GB) (Free:0.93 GB) FAT32
Drive x: (PBR Image) (Fixed) (Total:7.11 GB) (Free:0.26 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: F8549BE1)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 1397.3 GB) (Disk ID: 99EDCA75)
Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 

 

==================== End of log ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-07-2015
Ran by Phil (administrator) on EDEEN (26-07-2015 10:59:41)
Running from C:\Users\Phil\Desktop
Loaded Profiles: Phil (Available Profiles: Phil & camac_000 & water_000 & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [757888 2012-07-02] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127104 2012-07-02] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Shwicon9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe [262144 2012-06-28] ()
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1518664 2014-09-17] (Seagate Technology LLC)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-03-23] (Google Inc.)
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127080 2014-09-17] (Seagate Technology LLC)
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-05-03] (Electronic Arts)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [21864 2012-07-25] (NVIDIA Corporation)
Startup: C:\Users\water_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-04-19]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-429698863-2004191768-778224894-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-429698863-2004191768-778224894-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-26] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-429698863-2004191768-778224894-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{16078284-AF7D-4371-A7B8-1DE237A4EB1B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1AB6A9FA-2417-44A9-BBF7-BD35B19ADEA9}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-07-26]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Security Toolbar) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-07-16]
CHR Extension: (Norton Identity Safe) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-11]
CHR Extension: (Google Wallet) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-11]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-22]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-22]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [128640 2012-07-02] (Qualcomm Atheros Commnucations) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [145288 2015-04-09] (Dell Inc.)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-06-09] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-05-03] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-22] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
S3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-04] (OSR Open Systems Resources, Inc.)
R1 DNE; C:\Windows\system32\DRIVERS\dnelwf64.sys [119120 2013-02-20] (Citrix Systems, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-06-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-06-16] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150724.001\IDSvia64.sys [692984 2015-07-15] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150726.001\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150726.001\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2014-04-20] ()
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605020.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-26 10:59 - 2015-07-26 11:00 - 00022205 _____ C:\Users\Phil\Desktop\FRST.txt
2015-07-26 10:56 - 2015-07-26 10:56 - 00004662 _____ C:\Users\Phil\Desktop\ESET.txt
2015-07-26 09:07 - 2015-07-26 09:07 - 00000000 ____D C:\Program Files (x86)\ESET
2015-07-26 09:06 - 2015-07-26 09:06 - 02870984 _____ (ESET) C:\Users\Phil\Desktop\esetsmartinstaller_enu.exe
2015-07-26 09:05 - 2015-07-26 09:05 - 00000000 ___RD C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-07-26 08:59 - 2015-07-26 08:58 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-07-26 08:58 - 2015-07-26 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-26 08:58 - 2015-07-26 08:58 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-26 08:56 - 2015-07-26 08:56 - 00563296 _____ (Oracle Corporation) C:\Users\Phil\Desktop\chromeinstall-8u51.exe
2015-07-25 14:21 - 2015-07-25 14:21 - 00003484 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2015-07-25 12:50 - 2015-07-25 12:50 - 00852676 _____ C:\Users\Phil\Desktop\securitycheck.exe
2015-07-25 12:48 - 2015-07-25 12:48 - 00004329 _____ C:\Users\Phil\Desktop\malware.txt
2015-07-25 12:16 - 2015-07-25 12:47 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-25 12:15 - 2015-07-25 12:15 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-25 12:15 - 2015-07-25 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-25 12:15 - 2015-07-25 12:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-25 12:15 - 2015-07-25 12:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-25 12:15 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-25 12:15 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-25 12:15 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-25 12:11 - 2015-07-25 12:12 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Phil\Desktop\mbam-setup-2.1.8.1057 (1).exe
2015-07-25 12:11 - 2015-07-25 12:11 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Phil\Desktop\mbam-setup-2.1.8.1057.exe
2015-07-25 12:10 - 2015-07-25 12:10 - 00000024 _____ C:\Users\Phil\AppData\Roaming\appdataFr25.bin
2015-07-25 12:06 - 2015-07-25 12:06 - 00001461 _____ C:\Users\Phil\Desktop\JRT.txt
2015-07-25 12:00 - 2015-07-25 12:00 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Phil\Desktop\JRT.exe
2015-07-25 08:18 - 2015-07-25 08:18 - 00013681 _____ C:\Users\Phil\Desktop\AdwCleaner[S0].txt
2015-07-25 08:12 - 2015-07-25 08:15 - 00000000 ____D C:\AdwCleaner
2015-07-25 08:11 - 2015-07-25 08:11 - 02248704 _____ C:\Users\Phil\Desktop\AdwCleaner.exe
2015-07-25 08:04 - 2015-07-25 08:04 - 02146816 _____ (Farbar) C:\Users\Phil\Desktop\frst64.exe
2015-07-25 07:56 - 2015-07-25 07:56 - 02146816 _____ (Farbar) C:\Users\Phil\Downloads\FRST64 (1).exe
2015-07-25 07:55 - 2015-07-25 07:55 - 00006343 _____ C:\Users\Phil\Downloads\fixlist.txt
2015-07-25 07:54 - 2015-07-25 07:54 - 00000000 ____D C:\Users\Phil\Downloads\FRST-OlderVersion
2015-07-24 14:02 - 2015-07-24 14:03 - 00050909 _____ C:\Users\Phil\Downloads\FRST.txt
2015-07-24 14:02 - 2015-07-24 14:03 - 00047442 _____ C:\Users\Phil\Downloads\Addition.txt
2015-07-24 14:01 - 2015-07-26 10:59 - 00000000 ____D C:\FRST
2015-07-24 14:01 - 2015-07-25 07:54 - 02146816 _____ (Farbar) C:\Users\Phil\Downloads\FRST64.exe
2015-07-24 12:18 - 2015-07-24 12:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2015-07-21 09:02 - 2015-07-14 07:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-21 09:02 - 2015-07-14 07:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-21 09:02 - 2015-07-14 07:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-21 09:02 - 2015-07-14 07:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-20 08:52 - 2015-07-20 08:52 - 00000000 _____ C:\places.sqlite
2015-07-19 09:19 - 2015-07-19 09:19 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-19 09:19 - 2015-07-19 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-19 09:19 - 2015-07-19 09:19 - 00000000 ____D C:\Program Files\iTunes
2015-07-19 09:19 - 2015-07-19 09:19 - 00000000 ____D C:\Program Files\iPod
2015-07-19 09:19 - 2015-07-19 09:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-19 09:13 - 2015-07-19 09:13 - 00001859 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-19 09:13 - 2015-07-19 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-19 09:13 - 2015-07-19 09:13 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-17 09:50 - 2015-07-17 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\installconverter
2015-07-16 10:23 - 2015-07-16 10:23 - 00000000 ____D C:\Program Files (x86)\AntiPorn Pro  The best AntiPorn addon
2015-07-16 09:37 - 2015-07-24 12:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-07-15 06:53 - 2015-07-09 12:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-15 06:53 - 2015-07-09 11:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-15 06:53 - 2015-07-09 09:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-15 06:53 - 2015-07-09 08:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-15 06:53 - 2015-07-09 08:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-15 06:53 - 2015-07-09 08:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-15 06:53 - 2015-07-09 08:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-15 06:53 - 2015-07-09 08:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-15 06:53 - 2015-07-09 08:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-15 06:53 - 2015-07-09 08:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-15 06:53 - 2015-07-09 08:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-15 06:53 - 2015-07-09 08:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-15 06:53 - 2015-07-09 08:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-15 06:53 - 2015-06-26 20:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-15 06:53 - 2015-06-26 20:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-15 06:53 - 2015-06-26 19:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-15 06:52 - 2015-06-27 22:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 06:52 - 2015-06-27 22:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 06:52 - 2015-06-27 22:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 06:52 - 2015-06-27 22:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-15 06:52 - 2015-06-27 09:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-15 06:52 - 2015-06-26 20:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 06:52 - 2015-06-26 20:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-15 06:52 - 2015-06-26 20:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 06:52 - 2015-06-26 19:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-15 06:52 - 2015-06-26 19:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-15 06:52 - 2015-06-26 19:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 06:52 - 2015-06-26 18:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-15 06:52 - 2015-06-26 18:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-15 06:52 - 2015-06-24 19:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-15 06:52 - 2015-06-15 15:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 06:52 - 2015-06-15 15:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 06:52 - 2015-06-15 15:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-15 06:52 - 2015-06-15 15:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-15 06:52 - 2015-06-15 15:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 06:52 - 2015-06-15 15:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 06:52 - 2015-06-15 15:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-15 06:52 - 2015-06-15 14:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-15 06:52 - 2015-06-15 14:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 06:52 - 2015-06-15 14:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-15 06:52 - 2015-06-15 14:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 06:52 - 2015-06-15 14:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 06:52 - 2015-06-15 14:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-15 06:52 - 2015-06-15 14:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 06:52 - 2015-06-15 14:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-15 06:52 - 2015-06-15 14:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-15 06:52 - 2015-06-15 14:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 06:52 - 2015-06-15 14:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-15 06:52 - 2015-06-15 14:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-15 06:52 - 2015-06-15 14:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-15 06:52 - 2015-06-15 14:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-15 06:52 - 2015-06-15 14:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-15 06:52 - 2015-06-15 14:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-15 06:52 - 2015-06-15 13:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-15 06:52 - 2015-06-15 13:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 06:52 - 2015-06-15 13:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-15 06:52 - 2015-06-15 13:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-15 06:52 - 2015-06-15 13:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-15 06:52 - 2015-06-15 13:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-15 06:52 - 2015-06-15 13:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-15 06:52 - 2015-06-15 13:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-15 06:52 - 2015-06-15 13:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-15 06:52 - 2015-06-15 13:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-15 06:52 - 2015-06-15 13:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-15 06:52 - 2015-06-15 13:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-15 06:52 - 2015-06-15 13:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-15 06:52 - 2015-06-15 13:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-15 06:52 - 2015-06-15 13:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-15 06:52 - 2015-06-15 12:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-15 06:52 - 2015-05-30 14:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-15 06:52 - 2015-05-30 12:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-15 06:52 - 2015-05-30 12:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-15 06:52 - 2015-05-11 11:17 - 01201664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-07-15 06:52 - 2015-05-07 10:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-15 06:52 - 2015-05-07 10:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-15 06:52 - 2015-05-07 09:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-15 06:52 - 2015-05-07 09:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-15 06:52 - 2015-05-07 08:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-15 06:52 - 2015-05-07 08:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-15 06:52 - 2015-05-02 17:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-15 06:52 - 2015-04-29 16:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-15 06:50 - 2015-06-29 15:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-15 06:50 - 2015-06-29 08:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-15 06:50 - 2015-06-29 08:07 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-15 06:50 - 2015-06-29 08:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-15 06:50 - 2015-06-29 08:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-15 06:50 - 2015-06-29 08:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-15 06:50 - 2015-06-26 16:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-15 06:50 - 2015-06-26 16:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-15 06:50 - 2015-06-15 22:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 06:50 - 2015-06-15 22:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-15 06:50 - 2015-06-10 20:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 06:50 - 2015-06-10 09:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-15 06:50 - 2015-05-12 06:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-15 06:50 - 2015-05-11 09:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-15 06:50 - 2015-05-07 09:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-15 06:50 - 2015-05-03 08:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 06:50 - 2015-05-03 08:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-15 06:50 - 2015-05-03 07:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 06:50 - 2015-05-03 07:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-15 06:50 - 2015-05-03 07:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-15 06:50 - 2015-05-03 07:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-15 06:50 - 2015-05-01 16:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-15 06:50 - 2015-04-28 06:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-15 06:50 - 2015-04-28 06:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-15 06:50 - 2015-04-24 19:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-15 06:50 - 2015-04-23 08:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-15 06:50 - 2015-04-23 08:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-15 06:50 - 2014-11-04 12:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-07-15 06:50 - 2014-11-04 12:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-07-15 06:50 - 2014-11-03 23:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-07-15 06:50 - 2014-11-03 23:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-07-15 06:50 - 2014-11-03 23:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-07-15 06:50 - 2014-11-03 23:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-07-15 06:49 - 2015-07-02 14:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-15 06:49 - 2015-07-02 13:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-15 06:49 - 2015-07-02 13:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 06:49 - 2015-07-02 13:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 06:49 - 2015-07-02 13:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-15 06:49 - 2015-07-02 12:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-15 06:49 - 2015-07-02 12:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 06:49 - 2015-07-02 11:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 06:49 - 2015-07-01 15:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 06:49 - 2015-07-01 14:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-08 17:03 - 2015-07-26 10:37 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-06-26 06:13 - 2015-06-26 06:13 - 00003210 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2015-06-26 06:13 - 2015-06-26 06:13 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-06-26 06:12 - 2015-06-26 06:12 - 00000000 ____D C:\Program Files\Dell Support Center
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-26 11:00 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-26 10:47 - 2013-11-05 22:21 - 01992929 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-26 09:10 - 2012-11-21 15:41 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-07-26 09:08 - 2013-02-22 23:05 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-429698863-2004191768-778224894-1001
2015-07-26 09:07 - 2013-02-23 13:15 - 00000000 ____D C:\Users\Phil\AppData\Local\CrashDumps
2015-07-26 09:02 - 2013-11-05 22:22 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-26 09:02 - 2013-08-22 07:46 - 00439488 _____ C:\WINDOWS\setupact.log
2015-07-26 09:02 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-26 09:01 - 2013-11-05 22:23 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2015-07-26 09:01 - 2013-09-29 20:55 - 00267982 _____ C:\WINDOWS\PFRO.log
2015-07-26 09:00 - 2013-08-22 06:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-07-26 08:58 - 2013-09-24 20:24 - 00000000 ____D C:\ProgramData\Oracle
2015-07-26 08:50 - 2013-11-06 18:31 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9FA1F623-F220-4B1D-897D-93A445E4F3F1}
2015-07-25 14:22 - 2013-11-05 22:23 - 00000767 _____ C:\WINDOWS\system32\lvcoinst.log
2015-07-25 12:43 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\System
2015-07-25 12:42 - 2015-05-02 19:13 - 00000000 ____D C:\Users\Phil\AppData\Local\35482484
2015-07-25 12:21 - 2013-03-09 16:37 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-429698863-2004191768-778224894-1005
2015-07-25 12:01 - 2013-11-05 22:26 - 00000000 ____D C:\Users\Phil
2015-07-25 10:25 - 2013-11-06 16:45 - 00000000 ___DO C:\Users\water_000\SkyDrive
2015-07-25 08:06 - 2012-07-26 01:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-07-25 07:53 - 2015-04-04 11:25 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-24 15:14 - 2012-11-21 15:34 - 00000000 ____D C:\Program Files (x86)\Dell Wireless
2015-07-24 13:47 - 2013-03-23 17:03 - 00000000 ____D C:\Users\Phil\Documents\Phil's Stuff
2015-07-24 12:41 - 2014-04-12 17:08 - 00000000 ____D C:\Users\Phil\AppData\Local\NPE
2015-07-24 12:13 - 2013-02-24 21:03 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2015-07-24 12:12 - 2013-02-24 21:03 - 00003206 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-07-24 12:12 - 2013-02-24 21:03 - 00002259 _____ C:\Users\Public\Desktop\Norton 360.LNK
2015-07-22 05:58 - 2013-02-24 21:03 - 00111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2015-07-22 05:58 - 2013-02-24 21:03 - 00008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2015-07-21 09:40 - 2013-08-22 07:44 - 00419192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-21 09:29 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-21 09:18 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-19 09:23 - 2012-11-21 15:33 - 00000000 ____D C:\Program Files (x86)\Multimedia Card Reader(9106)
2015-07-19 09:19 - 2015-04-25 18:07 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-19 09:19 - 2014-06-11 19:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-19 09:01 - 2013-11-06 17:48 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C9C3D454-47CB-4DFC-8E73-AB94D5B74065}
2015-07-18 04:21 - 2013-02-26 21:59 - 00000157 _____ C:\WINDOWS\SysWOW64\SystemPreferences.xml
2015-07-16 09:51 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-16 09:27 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-16 09:27 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-16 09:19 - 2013-03-23 18:39 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 04:09 - 2013-02-23 11:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-16 04:08 - 2014-12-09 17:25 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-16 04:08 - 2014-07-09 07:54 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-16 04:07 - 2013-08-20 14:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-15 06:53 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-15 03:36 - 2015-04-04 11:25 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-14 10:40 - 2013-02-24 20:58 - 00000000 ____D C:\ProgramData\Norton
2015-07-14 09:58 - 2013-03-23 18:39 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-13 14:10 - 2013-08-22 08:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 14:10 - 2013-08-22 08:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 12:15 - 2013-02-24 21:03 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-13 12:03 - 2013-02-24 20:58 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-13 10:02 - 2014-06-12 15:02 - 00000000 ____D C:\Users\Phil\AppData\Local\Apps\2.0
2015-07-11 15:54 - 2015-04-26 20:55 - 00003554 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 5bf23fee4b0a4a41abf49ffa45402cee7d1a0c34bd924226b30ed41b08347264
2015-07-08 17:03 - 2013-05-21 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-07-05 13:58 - 2013-02-24 09:56 - 00000000 ____D C:\Users\Phil\AppData\Local\softthinks
2015-07-03 08:43 - 2013-02-23 23:53 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-26 06:12 - 2012-11-21 15:37 - 00000000 ____D C:\ProgramData\PCDr
 
==================== Files in the root of some directories =======
 
2015-07-25 12:10 - 2015-07-25 12:10 - 0000024 _____ () C:\Users\Phil\AppData\Roaming\appdataFr25.bin
2014-05-30 16:33 - 2014-05-30 16:33 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-04-12 12:17 - 2014-05-29 16:49 - 0005424 _____ () C:\ProgramData\hpzinstall.log
2012-11-21 15:39 - 2012-11-21 15:39 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
 
Some files in TEMP:
====================
C:\Users\Phil\AppData\Local\Temp\Quarantine.exe
C:\Users\Phil\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-25 13:04
 
==================== End of log ============================
 
C:\$Recycle.Bin\S-1-5-21-429698863-2004191768-778224894-1001\$R7HP00Q.exe multiple threats cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Phil\AppData\Roaming\Nosibay\Bubble Dock\l;akhd;f.exe.vir a variant of Win32/BubbleDock.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Phil\AppData\Roaming\Nosibay\Bubble Dock\ladjkf.exe.vir a variant of Win32/BubbleDock.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Phil\AppData\Roaming\WTools\Selection Tools\1_Selection Tools.exe.vir a variant of Win32/BubbleDock.B potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Windows\SysWOW64\Emxloweeuhop\1.0.4.1\llemiive.exe a variant of MSIL/Adware.PullUpdate.P application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application cleaned by deleting - quarantined
C:\Program Files (x86)\Google\Chrome\Application\chrome.dll a variant of Win32/ExtenBro.BK trojan cleaned by deleting - quarantined
C:\Program Files (x86)\Google\Chrome\Application\GoogleUpdateHelper.dll a variant of Win32/ExtenBro.BK trojan cleaned by deleting (after the next restart) - quarantined
D:\Seagate Dashboard 2.0\EDEEN\Phil\Backup\fca53d22-1808-4bf2-990a-b22bd849dded\20150726_085008_PhilInc213\C\AdwCleaner\Quarantine\C\Users\Phil\AppData\Roaming\Nosibay\Bubble Dock\l;akhd;f.exe.vir a variant of Win32/BubbleDock.A potentially unwanted application cleaned by deleting - quarantined
D:\Seagate Dashboard 2.0\EDEEN\Phil\Backup\fca53d22-1808-4bf2-990a-b22bd849dded\20150726_085008_PhilInc213\C\AdwCleaner\Quarantine\C\Users\Phil\AppData\Roaming\Nosibay\Bubble Dock\ladjkf.exe.vir a variant of Win32/BubbleDock.A potentially unwanted application cleaned by deleting - quarantined
D:\Seagate Dashboard 2.0\EDEEN\Phil\Backup\fca53d22-1808-4bf2-990a-b22bd849dded\20150726_085008_PhilInc213\C\AdwCleaner\Quarantine\C\Users\Phil\AppData\Roaming\WTools\Selection Tools\1_Selection Tools.exe.vir a variant of Win32/BubbleDock.B potentially unwanted application cleaned by deleting - quarantined
Operating memory a variant of Win32/ExtenBro.BK trojan contained infected files
 
 
Thanks again for all of your help!!!

  • 0

#8
Pyxis
Posted 27 July 2015 - 12:49 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

Thanks Pyxis! In terms of the computer, I am still having an issue with "Outbound Traffic Detected" messages frequently from Norton Power Eraser. When I first logged on this morning I had this message 10 times in less than 5 minutes. I also have a program that asks me to register everytime I reboot. The name of the program is
"Origin" form Electronic Arts Entertainment.


We'll remove that in the next fix. A few things, please:
  • Could you turn off Seagate Dashboard 2.0 for the duration of this process? It appears to have been backing up all the malicious files we have already removed.
  • I do not suppose you use Bing Bar, do you? Kindly uninstall it.
  • There seems to be a lot of Dell bloatware in this system. Are you fine with keeping them? Additionally, did you consent the recent installation of Dell Backup and Recovery?
  • As per my previous request, could you visit chrome://version on Google Chrome and post back the results here?
Your answers to the above are crucial to our next steps, so I'd appreciate it if you can take your time to answer them. Lastly, please ensure you copy all the contents inside the code box. :)
  • Step 1

    Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
    Task: {FAF75B22-5424-4880-96BB-21190C1529EC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-05-03] (Electronic Arts)
HKU\S-1-5-21-429698863-2004191768-778224894-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
2012-11-21 15:39 - 2012-11-21 15:39 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2015-07-25 12:10 - 2015-07-25 12:10 - 0000024 _____ () C:\Users\Phil\AppData\Roaming\appdataFr25.bin
2014-05-30 16:33 - 2014-05-30 16:33 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-06-26 06:12 - 2012-11-21 15:37 - 00000000 ____D C:\ProgramData\PCDr
2015-07-25 12:42 - 2015-05-02 19:13 - 00000000 ____D C:\Users\Phil\AppData\Local\35482484
2015-06-26 06:13 - 2015-06-26 06:13 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-07-16 10:23 - 2015-07-16 10:23 - 00000000 ____D C:\Program Files (x86)\AntiPorn Pro  The best AntiPorn addon
2015-07-17 09:50 - 2015-07-17 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\installconverter
2015-07-24 14:01 - 2015-07-25 07:54 - 02146816 _____ (Farbar) C:\Users\Phil\Downloads\FRST64.exe
2015-07-25 07:56 - 2015-07-25 07:56 - 02146816 _____ (Farbar) C:\Users\Phil\Downloads\FRST64 (1).exe
2015-07-25 07:55 - 2015-07-25 07:55 - 00006343 _____ C:\Users\Phil\Downloads\fixlist.txt
2015-07-25 07:54 - 2015-07-25 07:54 - 00000000 ____D C:\Users\Phil\Downloads\FRST-OlderVersion
2015-07-24 14:02 - 2015-07-24 14:03 - 00050909 _____ C:\Users\Phil\Downloads\FRST.txt
2015-07-24 14:02 - 2015-07-24 14:03 - 00047442 _____ C:\Users\Phil\Downloads\Addition.txt
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
C:\Users\Phil\AppData\Roaming\Store\WindApp
C:\Users\Phil\AppData\Roaming\Nosibay
C:\Program Files (x86)\Max Computer Cleaner
C:\Program Files (x86)\MaxComputerCleaner_v17.337
C:\Users\Phil\AppData\Roaming\WTools

RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
    • Run your copy of FRST. It is important to ensure it is located in your desktop.
    • Press the Fix button.
    • It will produce a log (fixlog.txt) once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Run your copy of AdwCleaner by double-clicking it.
    • Click Scan and choose Clean after.
    • Wait for it to finish. It won't take long.
    • Click OK for the next prompts. Your system will automatically reboot.
    • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner\AdwCleaner[S*].txt.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • fixlog.txt (Farbar Recovery Scan Tool)
    • AdwCleaner[S*].txt (AdwCleaner)

  • 0

#9
dendrum
Posted 27 July 2015 - 10:11 AM

dendrum

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Thanks Pyxis.  I have been receiving notifications from  my internet provider that I have a virus (see below).

 

Dear Subscriber,

Cox has identified that one or more computers/ devices behind your cable modem maybe infected with the FakeSecSen or "Spy Sheriff" Virus. A device behind your cable modem appears to have connected to a command and control server affiliated with this malware.

Viruses can take control of your PC and gather your personal information such as passwords and credit card numbers, putting your data at risk

 

Here are my answers to your questions:

 

-I have turned of Seagate and unplugged the drive

-I don't run Bing Bar

-I'm OK with keeping the Dell Software and I don't remember installing Dell Backup and Recovery

-Version 43.0.2357.134 dev-m

 

# AdwCleaner v4.208 - Logfile created 27/07/2015 at 08:55:53

# Updated 09/07/2015 by Xplode
# Database : 2015-07-26.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Phil - EDEEN
# Running from : C:\Users\Phil\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Browser
Key Deleted : HKCU\Software\maxcomputerclenner
Key Deleted : HKU\.DEFAULT\Software\Browser
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v43.0.2357.134
 
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3319613&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=58&CUI=&UM=5&UP=SP8F42E7FB-FDA8-49EA-8BA5-43DBAB2DC2E5&q=UCM_SEARCH_TERM&SSPV=
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_bndl&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCyCzy0EtCtA0EtAtC0BtDtN0D0Tzu0StCtBtCyBtN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAtA0FyDyD0AtD0FtG0A0DyByDtGyC0A0BzztGzytD0C0CtGyEyBtB0CtD0DyD0D0E0ByCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzy0AtCtAyDyC0FtG0CtA0ByEtGyEtDtDtAtGzz0EtBzztG0E0A0B0CtBzz0C0DyDzytC0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyBtCtA&cr=685880974&ir=
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://taplika.com/?results.php?&q={searchTerms}&f=4&a=&cd=&cr=&ir=
[C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://taplika.com/?f=1&a=&cd=&cr=&ir=
 
*************************
 
AdwCleaner[R0].txt - [14396 bytes] - [25/07/2015 08:13:21]
AdwCleaner[R1].txt - [2439 bytes] - [27/07/2015 08:53:39]
AdwCleaner[R2].txt - [2498 bytes] - [27/07/2015 08:55:17]
AdwCleaner[S0].txt - [13681 bytes] - [25/07/2015 08:14:49]
AdwCleaner[S1].txt - [2348 bytes] - [27/07/2015 08:55:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2407  bytes] ##########
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:25-07-2015
Ran by Phil at 2015-07-27 08:45:59 Run:3
Running from C:\Users\Phil\Desktop
Loaded Profiles: Phil (Available Profiles: Phil & camac_000 & water_000 & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Task: {FAF75B22-5424-4880-96BB-21190C1529EC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-05-03] (Electronic Arts)
HKU\S-1-5-21-429698863-2004191768-778224894-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
2012-11-21 15:39 - 2012-11-21 15:39 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2015-07-25 12:10 - 2015-07-25 12:10 - 0000024 _____ () C:\Users\Phil\AppData\Roaming\appdataFr25.bin
2014-05-30 16:33 - 2014-05-30 16:33 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-06-26 06:12 - 2012-11-21 15:37 - 00000000 ____D C:\ProgramData\PCDr
2015-07-25 12:42 - 2015-05-02 19:13 - 00000000 ____D C:\Users\Phil\AppData\Local\35482484
2015-06-26 06:13 - 2015-06-26 06:13 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-07-16 10:23 - 2015-07-16 10:23 - 00000000 ____D C:\Program Files (x86)\AntiPorn Pro  The best AntiPorn addon
2015-07-17 09:50 - 2015-07-17 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\installconverter
2015-07-24 14:01 - 2015-07-25 07:54 - 02146816 _____ (Farbar) C:\Users\Phil\Downloads\FRST64.exe
2015-07-25 07:56 - 2015-07-25 07:56 - 02146816 _____ (Farbar) C:\Users\Phil\Downloads\FRST64 (1).exe
2015-07-25 07:55 - 2015-07-25 07:55 - 00006343 _____ C:\Users\Phil\Downloads\fixlist.txt
2015-07-25 07:54 - 2015-07-25 07:54 - 00000000 ____D C:\Users\Phil\Downloads\FRST-OlderVersion
2015-07-24 14:02 - 2015-07-24 14:03 - 00050909 _____ C:\Users\Phil\Downloads\FRST.txt
2015-07-24 14:02 - 2015-07-24 14:03 - 00047442 _____ C:\Users\Phil\Downloads\Addition.txt
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
C:\Users\Phil\AppData\Roaming\Store\WindApp
C:\Users\Phil\AppData\Roaming\Nosibay
C:\Program Files (x86)\Max Computer Cleaner
C:\Program Files (x86)\MaxComputerCleaner_v17.337
C:\Users\Phil\AppData\Roaming\WTools
 
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
*****************
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FAF75B22-5424-4880-96BB-21190C1529EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAF75B22-5424-4880-96BB-21190C1529EC}" => key removed successfully
C:\Windows\System32\Tasks\PCDEventLauncherTask => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask" => key removed successfully
HKU\S-1-5-21-429698863-2004191768-778224894-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EADM => value removed successfully
HKU\S-1-5-21-429698863-2004191768-778224894-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log => moved successfully.
C:\Users\Phil\AppData\Roaming\appdataFr25.bin => moved successfully.
C:\ProgramData\Ament.ini => moved successfully.
C:\ProgramData\PCDr => moved successfully.
C:\Users\Phil\AppData\Local\35482484 => moved successfully.
C:\ProgramData\PC-Doctor for Windows => moved successfully.
C:\Program Files (x86)\AntiPorn Pro  The best AntiPorn addon => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\installconverter => moved successfully.
C:\Users\Phil\Downloads\FRST64.exe => moved successfully.
C:\Users\Phil\Downloads\FRST64 (1).exe => moved successfully.
C:\Users\Phil\Downloads\fixlist.txt => moved successfully.
C:\Users\Phil\Downloads\FRST-OlderVersion => moved successfully.
C:\Users\Phil\Downloads\FRST.txt => moved successfully.
C:\Users\Phil\Downloads\Addition.txt => moved successfully.
BTATH_LWFLT => service removed successfully
"C:\Users\Phil\AppData\Roaming\Store\WindApp" => File/Folder not found.
"C:\Users\Phil\AppData\Roaming\Nosibay" => File/Folder not found.
"C:\Program Files (x86)\Max Computer Cleaner" => File/Folder not found.
"C:\Program Files (x86)\MaxComputerCleaner_v17.337" => File/Folder not found.
"C:\Users\Phil\AppData\Roaming\WTools" => File/Folder not found.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-429698863-2004191768-778224894-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-429698863-2004191768-778224894-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
EmptyTemp: => 17 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 08:47:01 ====

 

 

Thanks for your help!


Edited by dendrum, 27 July 2015 - 04:11 PM.

  • 0

#10
Pyxis
Posted 27 July 2015 - 11:48 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Cox Communications does send these kind of warnings if its systems spot odd connections. If there's anything that email got right, it's the fact that you were infected... the infection, however, not so much. :lol: Are you still getting alerts from Norton Power Eraser?
  • Step 1

    One of the infections installed a development-build Google Chrome in place of your stable copy, which gives leverage to harmful extensions. Unfortunately, this means needing to replace your existing installation and resetting your settings to ensure no traces remain.
    • Download 'Google Chrome by Google' and save it to your desktop.
    • You can choose to export bookmarks if you have any. Do so by following 'this' guide.
    • If you signed in to Google Chrome, visit 'Google Sync' and click Reset sync > OK. Skip this step otherwise.
    • Close all instances of Google Chrome and uninstall it via Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7).
      • Tick Also delete your browsing data? > Uninstall.
    • Close the browser window the uninstaller will open. Proceed to install the copy you downloaded earlier.
    • You can safely import the HTML bookmark backup(s) you made earlier and 'sync your settings' again.

  • 0

Advertisements

#11
dendrum
Posted 28 July 2015 - 09:17 AM

dendrum

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Thanks Pyxis!

 

I have not gotten any alerts from Norton Power Eraser recently:)

 

It's amazing to me the how complicated this is.  The lengths people go to to infect your computer is unbelievable.  There must be money in it somewhere.  I uninstalled and re-installed Google Chrome.


  • 0

#12
Pyxis
Posted 28 July 2015 - 12:14 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Oh, yes. There definitely is money at stake here for these thugs. Let's have one final check before I let you go. ;)
  • Step 1

    Run your copy of Farbar Recovery Scan Tool by double-clicking it.
    • Put a check on Addition.
    • Press the Scan button after.
    • It will produce FRST.txt and Addition.txt on your desktop once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Addition.txt (Farbar Recovery Scan Tool)
    • FRST.txt (Farbar Recovery Scan Tool)

  • 0

#13
dendrum
Posted 28 July 2015 - 02:10 PM

dendrum

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Thanks Pyxis.  Files are below.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-07-2015
Ran by Phil at 2015-07-28 13:07:33
Running from C:\Users\Phil\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-429698863-2004191768-778224894-500 - Administrator - Disabled)
camac_000 (S-1-5-21-429698863-2004191768-778224894-1004 - Limited - Enabled) => C:\Users\camac_000
Guest (S-1-5-21-429698863-2004191768-778224894-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-429698863-2004191768-778224894-1008 - Limited - Enabled)
Phil (S-1-5-21-429698863-2004191768-778224894-1001 - Administrator - Enabled) => C:\Users\Phil
UpdatusUser (S-1-5-21-429698863-2004191768-778224894-1006 - Limited - Enabled)
water_000 (S-1-5-21-429698863-2004191768-778224894-1005 - Limited - Enabled) => C:\Users\water_000
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Amazon Kindle) (Version:  - Amazon)
Any DVD Cloner Platinum 1.3.1 (HKLM-x32\...\Any DVD Cloner Platinum_is1) (Version:  - dvdsmith.com)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Big Brainz Launcher (HKLM-x32\...\Big Brainz Launcher O) (Version: O - Big Brainz)
Bigasoft iTunes Video Converter 4.2.2.5206 (HKLM-x32\...\{83340D90-BB65-4969-8C4E7FABC6319CDA}_is1) (Version:  - Bigasoft Corporation)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Center 2 (HKLM-x32\...\Data Center 2) (Version:  - Sigma Elektro GmbH)
DataCenter2 (HKLM-x32\...\DataCenter2.6A52D17A1C86211F195F60E94C15876515EBE62C.1) (Version: 2.0.1 - Sigma Elektro GmbH)
DataCenter2 (x32 Version: 2.0.1 - Sigma Elektro GmbH) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Flixster (HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\57554551bac4f5b1) (Version: 2.1.0.282 - Flixster)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
InstallConverter (x32 Version: 1.0 - InstallConverter) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Multimedia Card Reader (HKLM-x32\...\InstallShield_{4B3D9AA4-B47A-4349-A64F-04D5A9226D7C}) (Version: 2.2.915.108 - Fitipower)
Multimedia Card Reader (x32 Version: 2.2.915.108 - Fitipower) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
NVIDIA 3D Vision Driver 326.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 326.60 - NVIDIA Corporation)
NVIDIA Graphics Driver 326.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 326.60 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.200 - Qualcomm Atheros Communications)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
SAM Animation 1.5.4 (HKLM-x32\...\SAM Animation 1.5.4 1.5.4.0) (Version: 1.5.4.0 - iCreate to Educate, Inc.)
SAM Animation 1.5.4 (x32 Version: 1.5.4.0 - iCreate to Educate, Inc.) Hidden
Seagate Dashboard (HKLM-x32\...\{F1D8690F-06B3-4100-9949-398EA253AC61}) (Version: 3.2.1802.2 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sigma Data Center 3.0 (HKLM-x32\...\Sigma Data Center3.0) (Version: 3.0 - Sigma Elektro GmbH)
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
SonicWALL Global VPN Client (HKLM\...\{4A6C8E4B-A2A1-44E3-8AEF-8D7A471D07BA}) (Version: 4.8.6 - SonicWALL)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.05.0001 - Electronic Arts)
Windows Driver Package - SIGMA Elektro GmbH (usbser) Ports  (04/27/2012 5.1.2600.5512) (HKLM\...\72BE00E857D6F4F2018C51300C130B652C40D203) (Version: 04/27/2012 5.1.2600.5512 - SIGMA Elektro GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WizTree v1.07 (HKLM-x32\...\WizTree_is1) (Version:  - Antibody Software)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
15-07-2015 03:34:37 Windows Update
16-07-2015 10:36:02 Norton_Power_Eraser_20150716103602039
20-07-2015 08:57:38 Norton_Power_Eraser_20150720085735810
21-07-2015 09:15:06 Norton_Power_Eraser_20150721091506626
24-07-2015 12:08:15 Norton_Power_Eraser_20150724120814477
26-07-2015 08:55:28 Removed Java 7 Update 60
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {123FF570-53CF-421B-91A6-B766D04971FD} - System32\Tasks\HP AR Program Upload - 87f5a309db7144bf9c476c44d63c319eeb574d8bc3274707b43c0507fe8c0ca4 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {31510318-1778-4FD9-B430-6585F1787663} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {3EB4B9E5-6810-4B78-BC40-01EE5894A85A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3F114411-AD26-4F9E-BB9F-CAAFEA3223B2} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {43F88225-5B2A-4DF8-BC46-C997CE79CA2B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {50B1E6FD-48B2-4EAE-ADF0-4FAE46E0EABB} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {513FEEC8-C62A-455A-87E5-4B9A29B94E24} - System32\Tasks\Phil Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
Task: {67702E21-198A-4F9C-8CD0-5652B7658E84} - System32\Tasks\Phil DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-09-17] (Seagate Technology LLC)
Task: {7F960146-9C59-41E6-9657-59CFDBD9EE7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {9EBFCA5D-DC10-4E91-81E0-DD21E97D1479} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AFDC91DE-05E9-4EFF-A3A9-F017A3C175F1} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-09-17] (Seagate Technology LLC)
Task: {BB2D2891-06A2-40A9-99CC-D2C8F131B67D} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {CE9C6202-E9B8-4F5C-99B3-62BF4D6D8C03} - System32\Tasks\Phil => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
Task: {D3506AB5-43C3-458D-A155-A18DB7CE4A1A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {D3C487BB-76B5-457B-90B9-968E800D3AB8} - System32\Tasks\HP AR Program Upload - 5bf23fee4b0a4a41abf49ffa45402cee7d1a0c34bd924226b30ed41b08347264 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {DE99E14F-19F4-40B7-8010-1F5318D938C1} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {F578ACB6-7CDF-4A5F-8336-64CBB06351F2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {FDBB8A72-34E5-4EDD-B103-BC514CF0F961} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-21 15:39 - 2012-04-24 19:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-07-02 18:28 - 2012-07-02 18:28 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2012-06-28 14:39 - 2012-06-28 14:39 - 00262144 _____ () C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
2014-10-16 11:55 - 2014-10-16 11:55 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\80a14cd14e9579821dba2282b4349fef\PSIClient.ni.dll
2012-11-21 15:33 - 2012-06-26 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-11-21 15:41 - 2012-09-12 20:18 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2012-11-21 15:41 - 2012-08-06 09:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2012-11-21 15:41 - 2012-08-06 09:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2012-11-21 15:38 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-07-28 08:00 - 2015-07-23 15:39 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\libglesv2.dll
2015-07-28 08:00 - 2015-07-23 15:39 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\camac_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\water_000\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\dell.com -> dell.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-429698863-2004191768-778224894-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win7 CHROME 1920x1200.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{EB6BCBF9-7ED0-4FC5-81D3-A90BC02657ED}] => (Allow) LPort=8888
FirewallRules: [{A33DAC1C-47B0-4773-B3E2-CA9D00F0A701}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/28/2015 01:06:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ERUNT.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc0000005
Fault offset: 0x0006d3ec
Faulting process id: 0x260c
Faulting application start time: 0xERUNT.exe0
Faulting application path: ERUNT.exe1
Faulting module path: ERUNT.exe2
Report Id: ERUNT.exe3
Faulting package full name: ERUNT.exe4
Faulting package-relative application ID: ERUNT.exe5
 
Error: (07/28/2015 06:55:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (07/28/2015 06:51:18 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (07/27/2015 05:33:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 49344
 
Error: (07/27/2015 05:33:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 49344
 
Error: (07/27/2015 05:33:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/27/2015 05:33:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37891
 
Error: (07/27/2015 05:33:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37891
 
Error: (07/27/2015 05:33:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/27/2015 05:33:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26203
 
 
System errors:
=============
Error: (07/28/2015 08:05:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/28/2015 06:52:11 AM) (Source: DCOM) (EventID: 10010) (User: Edeen)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (07/28/2015 06:51:41 AM) (Source: DCOM) (EventID: 10010) (User: Edeen)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (07/27/2015 05:33:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
 
Error: (07/27/2015 05:33:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WlanSvc service.
 
Error: (07/27/2015 09:17:30 AM) (Source: DCOM) (EventID: 10010) (User: Edeen)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (07/27/2015 09:17:00 AM) (Source: DCOM) (EventID: 10010) (User: Edeen)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (07/27/2015 09:09:14 AM) (Source: DCOM) (EventID: 10010) (User: Edeen)
Description: {6F8BD55B-E83D-4A47-85BE-81FFA8057A69}
 
Error: (07/27/2015 09:00:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/27/2015 08:58:22 AM) (Source: DCOM) (EventID: 10016) (User: Edeen)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}EdeenPhilS-1-5-21-429698863-2004191768-778224894-1001LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office:
=========================
Error: (07/28/2015 01:06:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ERUNT.exe0.0.0.02a425e19ntdll.dll6.3.9600.17736550f42c2c00000050006d3ec260c01d0c970eed0ef8aC:\WINDOWS\ERUNT.exeC:\WINDOWS\SYSTEM32\ntdll.dll2caf8d8b-3564-11e5-bf35-a4173169e13e
 
Error: (07/28/2015 06:55:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestc:\users\phil\desktop\esetsmartinstaller_enu.exe
 
Error: (07/28/2015 06:51:18 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestc:\users\phil\desktop\esetsmartinstaller_enu.exe
 
Error: (07/27/2015 05:33:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 49344
 
Error: (07/27/2015 05:33:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 49344
 
Error: (07/27/2015 05:33:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/27/2015 05:33:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37891
 
Error: (07/27/2015 05:33:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37891
 
Error: (07/27/2015 05:33:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/27/2015 05:33:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26203
 
 
CodeIntegrity Error:
===================================
  Date: 2015-02-02 04:59:28.450
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:28.372
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:28.294
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:28.200
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:28.075
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:27.997
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:27.903
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:27.700
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:27.606
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
  Date: 2015-02-02 04:59:27.512
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 15%
Total physical RAM: 16344.98 MB
Available physical RAM: 13833.68 MB
Total Virtual: 19800.98 MB
Available Virtual: 16742.75 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:1854.42 GB) (Free:1544.37 GB) NTFS
Drive j: () (Removable) (Total:7.45 GB) (Free:0.93 GB) FAT32
Drive x: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:7.11 GB) (Free:0.26 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: F8549BE1)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End of log ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-07-2015
Ran by Phil (administrator) on EDEEN (28-07-2015 13:07:04)
Running from C:\Users\Phil\Desktop
Loaded Profiles: Phil (Available Profiles: Phil & camac_000 & water_000 & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [757888 2012-07-02] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127104 2012-07-02] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Shwicon9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe [262144 2012-06-28] ()
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1518664 2014-09-17] (Seagate Technology LLC)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-03-23] (Google Inc.)
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127080 2014-09-17] (Seagate Technology LLC)
HKU\S-1-5-21-429698863-2004191768-778224894-1001\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [21864 2012-07-25] (NVIDIA Corporation)
Startup: C:\Users\water_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-04-19]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-429698863-2004191768-778224894-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-28] (Google Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-26] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-28] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-26] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-28] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-429698863-2004191768-778224894-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-28] (Google Inc.)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{16078284-AF7D-4371-A7B8-1DE237A4EB1B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1AB6A9FA-2417-44A9-BBF7-BD35B19ADEA9}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-07-28]
 
Chrome: 
=======
CHR Profile: C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-28]
CHR Extension: (Google Docs) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-28]
CHR Extension: (Google Drive) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-28]
CHR Extension: (YouTube) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-28]
CHR Extension: (Norton Security Toolbar) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-07-28]
CHR Extension: (Google Search) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-28]
CHR Extension: (Google Sheets) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-28]
CHR Extension: (Norton Identity Safe) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-07-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-28]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-22]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-22]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [128640 2012-07-02] (Qualcomm Atheros Commnucations) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [145288 2015-04-09] (Dell Inc.)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-06-09] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-05-03] (Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-22] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
S3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-04] (OSR Open Systems Resources, Inc.)
R1 DNE; C:\Windows\system32\DRIVERS\dnelwf64.sys [119120 2013-02-20] (Citrix Systems, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-28] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150727.001\IDSvia64.sys [692984 2015-07-15] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150727.020\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150727.020\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2014-04-20] ()
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605020.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-28 08:07 - 2015-07-28 08:07 - 00000000 ___RD C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-07-28 08:05 - 2015-07-28 08:06 - 00000000 ____D C:\ProgramData\Google
2015-07-28 08:00 - 2015-07-28 13:06 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-28 08:00 - 2015-07-28 13:06 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-28 08:00 - 2015-07-28 08:13 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-28 08:00 - 2015-07-28 08:00 - 00003878 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-28 08:00 - 2015-07-28 08:00 - 00003642 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-28 08:00 - 2015-07-28 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-28 07:55 - 2015-07-28 07:55 - 00931408 _____ (Google Inc.) C:\Users\Phil\Desktop\ChromeSetup.exe
2015-07-28 06:52 - 2015-07-25 06:34 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-27 15:16 - 2015-07-27 15:16 - 00003484 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2015-07-27 08:50 - 2015-07-27 15:15 - 00000000 ____D C:\ProgramData\PCDr
2015-07-26 17:10 - 2015-07-26 17:10 - 03088296 _____ (Symantec Corporation) C:\Users\Phil\Desktop\NPE.exe
2015-07-26 11:00 - 2015-07-26 11:00 - 00050650 _____ C:\Users\Phil\Desktop\Addition.txt
2015-07-26 10:59 - 2015-07-28 13:07 - 00023831 _____ C:\Users\Phil\Desktop\FRST.txt
2015-07-26 10:56 - 2015-07-26 10:56 - 00004662 _____ C:\Users\Phil\Desktop\ESET.txt
2015-07-26 09:06 - 2015-07-26 09:06 - 02870984 _____ (ESET) C:\Users\Phil\Desktop\esetsmartinstaller_enu.exe
2015-07-26 08:59 - 2015-07-26 08:58 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-07-26 08:58 - 2015-07-26 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-26 08:58 - 2015-07-26 08:58 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-26 08:56 - 2015-07-26 08:56 - 00563296 _____ (Oracle Corporation) C:\Users\Phil\Desktop\chromeinstall-8u51.exe
2015-07-25 12:50 - 2015-07-25 12:50 - 00852676 _____ C:\Users\Phil\Desktop\securitycheck.exe
2015-07-25 12:48 - 2015-07-25 12:48 - 00004329 _____ C:\Users\Phil\Desktop\malware.txt
2015-07-25 12:16 - 2015-07-25 12:47 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-25 12:15 - 2015-07-25 12:15 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-25 12:15 - 2015-07-25 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-25 12:15 - 2015-07-25 12:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-25 12:15 - 2015-07-25 12:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-25 12:15 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-25 12:15 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-25 12:15 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-25 12:11 - 2015-07-25 12:12 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Phil\Desktop\mbam-setup-2.1.8.1057 (1).exe
2015-07-25 12:11 - 2015-07-25 12:11 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Phil\Desktop\mbam-setup-2.1.8.1057.exe
2015-07-25 12:06 - 2015-07-25 12:06 - 00001461 _____ C:\Users\Phil\Desktop\JRT.txt
2015-07-25 12:00 - 2015-07-25 12:00 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Phil\Desktop\JRT.exe
2015-07-25 08:18 - 2015-07-25 08:18 - 00013681 _____ C:\Users\Phil\Desktop\AdwCleaner[S0].txt
2015-07-25 08:12 - 2015-07-27 08:55 - 00000000 ____D C:\AdwCleaner
2015-07-25 08:11 - 2015-07-25 08:11 - 02248704 _____ C:\Users\Phil\Desktop\AdwCleaner.exe
2015-07-25 08:04 - 2015-07-25 08:04 - 02146816 _____ (Farbar) C:\Users\Phil\Desktop\frst64.exe
2015-07-24 14:01 - 2015-07-28 13:07 - 00000000 ____D C:\FRST
2015-07-24 12:18 - 2015-07-24 12:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2015-07-21 09:02 - 2015-07-14 07:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-21 09:02 - 2015-07-14 07:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-21 09:02 - 2015-07-14 07:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-21 09:02 - 2015-07-14 07:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-20 08:52 - 2015-07-20 08:52 - 00000000 _____ C:\places.sqlite
2015-07-19 09:19 - 2015-07-19 09:19 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-19 09:19 - 2015-07-19 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-19 09:19 - 2015-07-19 09:19 - 00000000 ____D C:\Program Files\iTunes
2015-07-19 09:19 - 2015-07-19 09:19 - 00000000 ____D C:\Program Files\iPod
2015-07-19 09:19 - 2015-07-19 09:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-19 09:13 - 2015-07-19 09:13 - 00001859 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-19 09:13 - 2015-07-19 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-19 09:13 - 2015-07-19 09:13 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-16 09:37 - 2015-07-24 12:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-07-15 06:53 - 2015-07-09 12:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-15 06:53 - 2015-07-09 11:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-15 06:53 - 2015-07-09 09:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-15 06:53 - 2015-07-09 08:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-15 06:53 - 2015-07-09 08:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-15 06:53 - 2015-07-09 08:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-15 06:53 - 2015-07-09 08:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-15 06:53 - 2015-07-09 08:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-15 06:53 - 2015-07-09 08:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-15 06:53 - 2015-07-09 08:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-15 06:53 - 2015-07-09 08:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-15 06:53 - 2015-07-09 08:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-15 06:53 - 2015-07-09 08:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-15 06:53 - 2015-06-26 20:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-15 06:53 - 2015-06-26 20:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-15 06:53 - 2015-06-26 19:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-15 06:52 - 2015-06-27 22:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 06:52 - 2015-06-27 22:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 06:52 - 2015-06-27 22:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 06:52 - 2015-06-27 22:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-15 06:52 - 2015-06-27 09:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-15 06:52 - 2015-06-26 20:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 06:52 - 2015-06-26 20:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-15 06:52 - 2015-06-26 20:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 06:52 - 2015-06-26 19:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-15 06:52 - 2015-06-26 19:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-15 06:52 - 2015-06-26 19:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 06:52 - 2015-06-26 18:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-15 06:52 - 2015-06-26 18:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-15 06:52 - 2015-06-24 19:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-15 06:52 - 2015-06-15 15:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 06:52 - 2015-06-15 15:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 06:52 - 2015-06-15 15:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-15 06:52 - 2015-06-15 15:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-15 06:52 - 2015-06-15 15:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 06:52 - 2015-06-15 15:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 06:52 - 2015-06-15 15:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-15 06:52 - 2015-06-15 14:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-15 06:52 - 2015-06-15 14:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 06:52 - 2015-06-15 14:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-15 06:52 - 2015-06-15 14:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 06:52 - 2015-06-15 14:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 06:52 - 2015-06-15 14:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-15 06:52 - 2015-06-15 14:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 06:52 - 2015-06-15 14:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-15 06:52 - 2015-06-15 14:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-15 06:52 - 2015-06-15 14:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 06:52 - 2015-06-15 14:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-15 06:52 - 2015-06-15 14:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-15 06:52 - 2015-06-15 14:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-15 06:52 - 2015-06-15 14:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-15 06:52 - 2015-06-15 14:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-15 06:52 - 2015-06-15 14:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-15 06:52 - 2015-06-15 13:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-15 06:52 - 2015-06-15 13:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 06:52 - 2015-06-15 13:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-15 06:52 - 2015-06-15 13:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-15 06:52 - 2015-06-15 13:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-15 06:52 - 2015-06-15 13:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-15 06:52 - 2015-06-15 13:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-15 06:52 - 2015-06-15 13:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-15 06:52 - 2015-06-15 13:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-15 06:52 - 2015-06-15 13:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-15 06:52 - 2015-06-15 13:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-15 06:52 - 2015-06-15 13:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-15 06:52 - 2015-06-15 13:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-15 06:52 - 2015-06-15 13:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-15 06:52 - 2015-06-15 13:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-15 06:52 - 2015-06-15 12:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-15 06:52 - 2015-05-30 14:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-15 06:52 - 2015-05-30 12:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-15 06:52 - 2015-05-30 12:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-15 06:52 - 2015-05-11 11:17 - 01201664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-07-15 06:52 - 2015-05-07 10:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-15 06:52 - 2015-05-07 10:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-15 06:52 - 2015-05-07 09:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-15 06:52 - 2015-05-07 09:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-15 06:52 - 2015-05-07 08:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-15 06:52 - 2015-05-07 08:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-15 06:52 - 2015-05-02 17:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-15 06:52 - 2015-04-29 16:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-15 06:50 - 2015-06-29 15:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-15 06:50 - 2015-06-29 08:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-15 06:50 - 2015-06-29 08:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-15 06:50 - 2015-06-29 08:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-15 06:50 - 2015-06-29 08:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-15 06:50 - 2015-06-26 16:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-15 06:50 - 2015-06-26 16:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-15 06:50 - 2015-06-15 22:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 06:50 - 2015-06-15 22:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-15 06:50 - 2015-06-10 20:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 06:50 - 2015-06-10 09:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-15 06:50 - 2015-05-12 06:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-15 06:50 - 2015-05-11 09:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-15 06:50 - 2015-05-07 09:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-15 06:50 - 2015-05-03 08:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 06:50 - 2015-05-03 08:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-15 06:50 - 2015-05-03 07:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 06:50 - 2015-05-03 07:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-15 06:50 - 2015-05-03 07:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-15 06:50 - 2015-05-03 07:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-15 06:50 - 2015-05-01 16:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-15 06:50 - 2015-04-28 06:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-15 06:50 - 2015-04-28 06:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-15 06:50 - 2015-04-24 19:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-15 06:50 - 2015-04-23 08:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-15 06:50 - 2015-04-23 08:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-15 06:50 - 2014-11-04 12:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-07-15 06:50 - 2014-11-04 12:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-07-15 06:50 - 2014-11-03 23:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-07-15 06:50 - 2014-11-03 23:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-07-15 06:50 - 2014-11-03 23:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-07-15 06:50 - 2014-11-03 23:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-07-15 06:49 - 2015-07-02 14:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-15 06:49 - 2015-07-02 13:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-15 06:49 - 2015-07-02 13:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 06:49 - 2015-07-02 13:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 06:49 - 2015-07-02 13:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-15 06:49 - 2015-07-02 12:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-15 06:49 - 2015-07-02 12:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 06:49 - 2015-07-02 11:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 06:49 - 2015-07-01 15:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 06:49 - 2015-07-01 14:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-08 17:03 - 2015-07-28 07:02 - 00000000 ____D C:\Program Files (x86)\Dell Update
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-28 13:06 - 2013-02-23 13:15 - 00000000 ____D C:\Users\Phil\AppData\Local\CrashDumps
2015-07-28 13:02 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-28 13:00 - 2013-11-05 22:21 - 01446865 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-28 12:49 - 2013-11-05 22:23 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2015-07-28 08:37 - 2013-03-23 17:03 - 00000000 ____D C:\Users\Phil\Documents\Phil's Stuff
2015-07-28 08:23 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-28 08:22 - 2013-03-23 18:39 - 00000000 ____D C:\Users\Phil\AppData\Local\Google
2015-07-28 08:22 - 2013-02-22 23:05 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-429698863-2004191768-778224894-1001
2015-07-28 08:10 - 2012-11-21 15:41 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-07-28 08:02 - 2013-11-05 22:22 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-28 08:02 - 2013-09-29 20:55 - 00268628 _____ C:\WINDOWS\PFRO.log
2015-07-28 08:02 - 2013-08-22 07:46 - 00439719 _____ C:\WINDOWS\setupact.log
2015-07-28 08:02 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-28 08:01 - 2013-08-22 06:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-07-28 08:00 - 2013-03-23 18:39 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-28 06:54 - 2013-11-06 18:31 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9FA1F623-F220-4B1D-897D-93A445E4F3F1}
2015-07-28 06:50 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-27 15:16 - 2013-11-05 22:23 - 00001947 _____ C:\WINDOWS\system32\lvcoinst.log
2015-07-27 08:51 - 2013-02-24 20:58 - 00093184 ___SH C:\Users\Phil\Desktop\Thumbs.db
2015-07-26 17:12 - 2014-04-12 17:08 - 00000000 ____D C:\Users\Phil\AppData\Local\NPE
2015-07-26 08:58 - 2013-09-24 20:24 - 00000000 ____D C:\ProgramData\Oracle
2015-07-25 12:43 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\System
2015-07-25 12:21 - 2013-03-09 16:37 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-429698863-2004191768-778224894-1005
2015-07-25 12:01 - 2013-11-05 22:26 - 00000000 ____D C:\Users\Phil
2015-07-25 10:25 - 2013-11-06 16:45 - 00000000 ___DO C:\Users\water_000\SkyDrive
2015-07-25 08:06 - 2012-07-26 01:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-07-25 07:53 - 2015-04-04 11:25 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-24 15:14 - 2012-11-21 15:34 - 00000000 ____D C:\Program Files (x86)\Dell Wireless
2015-07-24 12:13 - 2013-02-24 21:03 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2015-07-24 12:12 - 2013-02-24 21:03 - 00003206 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-07-24 12:12 - 2013-02-24 21:03 - 00002259 _____ C:\Users\Public\Desktop\Norton 360.LNK
2015-07-22 05:58 - 2013-02-24 21:03 - 00111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2015-07-22 05:58 - 2013-02-24 21:03 - 00008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2015-07-21 09:40 - 2013-08-22 07:44 - 00419192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-21 09:18 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-19 09:23 - 2012-11-21 15:33 - 00000000 ____D C:\Program Files (x86)\Multimedia Card Reader(9106)
2015-07-19 09:19 - 2015-04-25 18:07 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-19 09:19 - 2014-06-11 19:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-19 09:01 - 2013-11-06 17:48 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C9C3D454-47CB-4DFC-8E73-AB94D5B74065}
2015-07-18 04:21 - 2013-02-26 21:59 - 00000157 _____ C:\WINDOWS\SysWOW64\SystemPreferences.xml
2015-07-16 09:51 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-16 09:27 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-16 09:27 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-16 09:19 - 2013-03-23 18:39 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 04:09 - 2013-02-23 11:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-16 04:08 - 2014-12-09 17:25 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-16 04:08 - 2014-07-09 07:54 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-16 04:07 - 2013-08-20 14:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-15 03:36 - 2015-04-04 11:25 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-14 10:40 - 2013-02-24 20:58 - 00000000 ____D C:\ProgramData\Norton
2015-07-13 14:10 - 2013-08-22 08:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 14:10 - 2013-08-22 08:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 12:15 - 2013-02-24 21:03 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-13 12:03 - 2013-02-24 20:58 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-13 10:02 - 2014-06-12 15:02 - 00000000 ____D C:\Users\Phil\AppData\Local\Apps\2.0
2015-07-11 15:54 - 2015-04-26 20:55 - 00003554 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 5bf23fee4b0a4a41abf49ffa45402cee7d1a0c34bd924226b30ed41b08347264
2015-07-08 17:03 - 2013-05-21 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-07-05 13:58 - 2013-02-24 09:56 - 00000000 ____D C:\Users\Phil\AppData\Local\softthinks
2015-07-03 08:43 - 2013-02-23 23:53 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2014-04-12 12:17 - 2014-05-29 16:49 - 0005424 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Phil\AppData\Local\Temp\Quarantine.exe
C:\Users\Phil\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-28 08:22
 
==================== End of log ============================

  • 0

#14
Pyxis
Posted 28 July 2015 - 10:04 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
You should be A-OK after this. ;)
  • Step 1

    Upon careful inspection, your log indicates that the program(s) listed below is installed on your computer. I would like to request for the removal of the program(s) as it is associated with malware, adware or spyware. Please proceed to uninstalling by going to Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7). If Windows says it cannot locate the program(s) and that it prompts for it to be removed from the list instead, do so by allowing it.
    • Bing Bar
    Inform me if you encounter problems in the removal process.
  • Step 2

    Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
2015-07-27 08:50 - 2015-07-27 15:15 - 00000000 ____D C:\ProgramData\PCDr
    • Run your copy of FRST. It is important to ensure it is located in your desktop.
    • Press the Fix button.
    • It will produce a log (fixlog.txt) once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • fixlog.txt (Farbar Recovery Scan Tool)

  • 0

#15
dendrum
Posted 29 July 2015 - 08:23 AM

dendrum

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks again Pyxil.  The log is below.
 
Fix result of Farbar Recovery Scan Tool (x64) Version:28-07-2015
Ran by Phil (2015-07-29 07:22:01) Run:4
Running from C:\Users\Phil\Desktop
Loaded Profiles: Phil (Available Profiles: Phil & camac_000 & water_000 & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
2015-07-27 08:50
- 2015-07-27 15:15 - 00000000 ____D C:\ProgramData\PCDr 
*****************
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"2015-07-27 08:50" => File/Folder not found.
- 2015-07-27 15:15 - 00000000 ____D C:\ProgramData\PCDr => Error: No automatic fix found for this entry.
 
==== End of Fixlog 07:22:01 ====

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP