Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

afraid I have multiple infections

outbound info pop up shockwave crash pop up blocker

  • This topic is locked This topic is locked

#1
growley

growley

    Member

  • Member
  • PipPip
  • 31 posts

I have Norton scanning constantly and it says all is good, but I keep getting outbound traffic pop up to run Norton power eraser, did that found nothing, still popping up. Contacted Norton, technician remotely worked on my computer while I watched and said power eraser also showed nothing but that suspicious signatures of viruses were present and it would be $99.99 to remove them! Why do I even have Norton, I thought they were supposed to help protect your computer from these things. I also get shockwave crash alerts, pop up blocker alerts, web pages covered with pop up ads all over them and google search results jump and scroll strangely, I am sure there are more but I have blocked them out. Computer becoming unusable. Please help.Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-08-2015 02

Ran by Genna (administrator) on MOMMALAPTOP (11-08-2015 20:28:03)
Running from C:\Users\Genna\Desktop
Loaded Profiles: Genna & UpdatusUser (Available Profiles: Genna & UpdatusUser)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\N360.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
() C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\N360.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Wyse Technology Inc.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Gemalto N.V.) C:\Users\Genna\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Motorola Mobility Inc.) C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(GoPro) C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
() C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dropbox, Inc.) C:\Users\Genna\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4384928 2012-07-12] (Dell Inc.)
HKLM\...\Run: [PocketCloud Location] => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe [933776 2012-10-24] (Wyse Technology Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [103936 2013-06-26] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ospd_us_433] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-615137952-235082984-2108559562-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-615137952-235082984-2108559562-1001\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Genna\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
HKU\S-1-5-21-615137952-235082984-2108559562-1001\...\Run: [MotoCast] => C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk [2053 2013-10-16] ()
HKU\S-1-5-21-615137952-235082984-2108559562-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-615137952-235082984-2108559562-1001\...\Run: [Dropbox Update] => C:\Users\Genna\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-23] (Dropbox, Inc.)
HKU\S-1-5-21-615137952-235082984-2108559562-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-28] (Microsoft Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-12-18] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-10-19]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2015-02-13]
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
Startup: C:\Users\Genna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-31]
ShortcutTarget: Dropbox.lnk -> C:\Users\Genna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genna\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genna\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genna\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genna\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genna\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genna\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genna\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/
URLSearchHook: [S-1-5-21-615137952-235082984-2108559562-1004] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...r=493084871&ir=
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.co...r=828429982&ir=
SearchScopes: HKU\S-1-5-21-615137952-235082984-2108559562-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKU\S-1-5-21-615137952-235082984-2108559562-1001 -> {9C0C99ED-1D9E-4D0C-BC8C-4946C91D810D} URL = 
SearchScopes: HKU\S-1-5-21-615137952-235082984-2108559562-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{2F84BA02-1686-4319-B34C-B14E77C142D3}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8631A68B-558A-4E55-BA4B-5E1535483047}: [NameServer] 31.168.224.100,5.135.12.56
Tcpip\..\Interfaces\{BC0E549A-80E7-4F25-A1B1-91216E7DDD60}: [NameServer] 31.168.224.100,5.135.12.56
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-615137952-235082984-2108559562-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Genna\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-06-16] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [2015-08-11]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Genna\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Genna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-10]
CHR Extension: (Google Drive) - C:\Users\Genna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-10]
CHR Extension: (YouTube) - C:\Users\Genna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-10]
CHR Extension: (Norton Security Toolbar) - C:\Users\Genna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-08-05]
CHR Extension: (Google Search) - C:\Users\Genna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-10]
CHR Extension: (Norton Identity Safe) - C:\Users\Genna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Genna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-13]
CHR Extension: (Gmail) - C:\Users\Genna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-10]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Genna\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-25]
CHR HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [apgjagobplilmcdfelodhgefiidomnfl] - C:\Program Files (x86)\Inbox Toolbar\Chrome\ibxtoolbar_chr.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-01]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.goo...ice/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [145288 2015-04-09] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-06-09] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7391232 2013-06-26] (LeapFrog Enterprises, Inc.) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-24] (IDT, Inc.) [File not signed]
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [188928 2012-10-24] () [File not signed]
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [1436160 2012-10-24] (Wyse Technology.) [File not signed]
S2 64af91bf; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~3\fastan~1\FastAndSafeSvc.dll",service
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2012-07-10] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20150728.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20150811.001\IDSvia64.sys [692984 2015-08-04] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20150811.002\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20150811.002\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605020.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-01] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 TDKLIB; \??\C:\Users\Genna\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-11 20:28 - 2015-08-11 20:28 - 00029469 _____ C:\Users\Genna\Desktop\FRST.txt
2015-08-11 20:26 - 2015-08-11 20:28 - 00000000 ____D C:\FRST
2015-08-11 20:25 - 2015-08-11 20:25 - 02172928 _____ (Farbar) C:\Users\Genna\Desktop\FRST64.exe
2015-08-11 19:42 - 2015-08-11 19:42 - 00000000 ____D C:\Users\Genna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-11 15:09 - 2015-08-11 15:09 - 09284296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-08-06 11:51 - 2015-08-06 11:51 - 00000000 ____D C:\NPE
2015-08-06 11:46 - 2015-08-06 11:46 - 03088296 _____ (Symantec Corporation) C:\Users\Genna\Downloads\NPE.exe
2015-08-06 11:39 - 2015-08-06 11:39 - 01596224 _____ (LogMeIn, Inc.) C:\Users\Genna\Downloads\Support-LogMeInRescue (1).exe
2015-08-06 11:39 - 2015-08-06 11:39 - 00002270 _____ C:\Users\Genna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec Support (4).lnk
2015-08-06 09:07 - 2015-08-06 09:07 - 00000055 _____ C:\Users\Genna\Desktop\Brain, Child Magazine - the magazine for thinking mothers.url
2015-08-05 08:40 - 2015-08-06 12:00 - 00000000 ____D C:\Users\Genna\AppData\Local\NPE
2015-08-04 19:11 - 2015-08-04 19:11 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2015-08-04 19:03 - 2015-08-04 19:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2015-07-31 23:04 - 2015-08-04 17:30 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2015-07-28 11:51 - 2015-07-25 09:34 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-20 16:11 - 2015-07-14 10:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-20 16:11 - 2015-07-14 10:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-20 16:11 - 2015-07-14 10:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-20 16:11 - 2015-07-14 10:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-17 21:07 - 2015-07-17 21:07 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-17 08:24 - 2015-07-13 17:10 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-17 08:24 - 2015-07-13 17:10 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 07:23 - 2015-07-09 15:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-15 07:23 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-15 07:23 - 2015-07-09 12:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-15 07:23 - 2015-07-09 11:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-15 07:23 - 2015-07-09 11:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-15 07:23 - 2015-07-09 11:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-15 07:23 - 2015-07-09 11:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-15 07:23 - 2015-07-09 11:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-15 07:23 - 2015-07-09 11:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-15 07:23 - 2015-07-09 11:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-15 07:23 - 2015-07-09 11:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-15 07:23 - 2015-07-09 11:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-15 07:23 - 2015-07-09 11:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-15 07:23 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-15 07:23 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-15 07:23 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-15 07:22 - 2015-07-01 18:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 07:22 - 2015-06-29 18:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-15 07:22 - 2015-06-29 11:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-15 07:22 - 2015-06-29 11:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-15 07:22 - 2015-06-29 11:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-15 07:22 - 2015-06-29 11:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-15 07:22 - 2015-06-28 01:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 07:22 - 2015-06-28 01:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 07:22 - 2015-06-28 01:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 07:22 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-15 07:22 - 2015-06-27 12:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-15 07:22 - 2015-06-26 23:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 07:22 - 2015-06-26 23:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-15 07:22 - 2015-06-26 23:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 07:22 - 2015-06-26 22:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-15 07:22 - 2015-06-26 22:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-15 07:22 - 2015-06-26 22:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 07:22 - 2015-06-26 21:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-15 07:22 - 2015-06-26 21:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-15 07:22 - 2015-06-26 19:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-15 07:22 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-15 07:22 - 2015-06-24 22:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-15 07:22 - 2015-06-15 18:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 07:22 - 2015-06-15 18:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 07:22 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-15 07:22 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-15 07:22 - 2015-06-15 16:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 07:22 - 2015-06-15 15:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-15 07:22 - 2015-05-30 17:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-15 07:22 - 2015-05-30 15:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-15 07:22 - 2015-05-30 15:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-15 07:22 - 2015-05-11 14:17 - 01201664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-07-15 07:22 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-15 07:22 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-15 07:22 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-15 07:22 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-15 07:22 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-15 07:22 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-15 07:22 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 07:22 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 07:22 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-15 07:22 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-15 07:22 - 2015-05-02 20:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-15 07:22 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-15 07:22 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-15 07:22 - 2014-11-04 15:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-07-15 07:22 - 2014-11-04 15:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-07-15 07:22 - 2014-11-04 02:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-07-15 07:22 - 2014-11-04 02:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-07-15 07:22 - 2014-11-04 02:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-07-15 07:22 - 2014-11-04 02:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-07-15 07:21 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-15 07:21 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-15 07:21 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 07:21 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 07:21 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-15 07:21 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-15 07:21 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 07:21 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 07:21 - 2015-07-01 17:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-15 07:21 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 07:21 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-15 07:21 - 2015-06-15 18:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 07:21 - 2015-06-15 18:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-15 07:21 - 2015-06-15 18:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-15 07:21 - 2015-06-15 18:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 07:21 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-15 07:21 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-15 07:21 - 2015-06-15 17:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 07:21 - 2015-06-15 17:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-15 07:21 - 2015-06-15 17:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 07:21 - 2015-06-15 17:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 07:21 - 2015-06-15 17:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-15 07:21 - 2015-06-15 17:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 07:21 - 2015-06-15 17:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-15 07:21 - 2015-06-15 17:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-15 07:21 - 2015-06-15 17:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 07:21 - 2015-06-15 17:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-15 07:21 - 2015-06-15 17:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-15 07:21 - 2015-06-15 17:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-15 07:21 - 2015-06-15 17:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-15 07:21 - 2015-06-15 16:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-15 07:21 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-15 07:21 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-15 07:21 - 2015-06-15 16:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-15 07:21 - 2015-06-15 16:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-15 07:21 - 2015-06-15 16:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-15 07:21 - 2015-06-15 16:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-15 07:21 - 2015-06-15 16:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-15 07:21 - 2015-06-15 16:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-15 07:21 - 2015-06-15 16:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-15 07:21 - 2015-06-15 16:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-15 07:21 - 2015-06-15 16:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-15 07:21 - 2015-06-15 16:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-15 07:21 - 2015-06-15 16:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-15 07:21 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 07:21 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-15 07:21 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-15 07:21 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-15 07:21 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-15 07:21 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-15 07:21 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-15 07:21 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-15 07:20 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-15 07:20 - 2015-05-01 19:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-15 07:19 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-15 07:19 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-11 20:23 - 2014-01-01 20:49 - 01845254 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-11 20:09 - 2014-10-08 16:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-11 20:03 - 2015-06-23 09:53 - 00000942 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-615137952-235082984-2108559562-1001UA.job
2015-08-11 20:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-11 19:59 - 2013-01-04 15:25 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-11 19:47 - 2013-01-04 15:21 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-615137952-235082984-2108559562-1001
2015-08-11 19:43 - 2013-03-10 12:38 - 00000000 ___RD C:\Users\Genna\Dropbox
2015-08-11 19:43 - 2013-03-10 12:35 - 00000000 ____D C:\Users\Genna\AppData\Roaming\Dropbox
2015-08-11 19:25 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-11 18:59 - 2013-01-04 15:25 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-11 18:56 - 2015-07-09 13:14 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-08-11 18:44 - 2015-02-26 18:26 - 00004986 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MOMMALAPTOP-Genna MommaLaptop
2015-08-11 18:34 - 2014-01-25 12:55 - 00000000 ___RD C:\Users\Genna\Google Drive
2015-08-11 18:34 - 2014-01-22 11:49 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{48066FC1-31EF-43ED-99CB-D8307D687B8F}
2015-08-11 18:34 - 2014-01-01 21:07 - 00000000 ___DO C:\Users\Genna\SkyDrive
2015-08-11 17:49 - 2012-10-19 03:16 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-08-11 17:45 - 2015-06-15 10:43 - 00000000 ____D C:\Users\Genna\.gstreamer-0.10
2015-08-11 17:45 - 2013-10-16 16:45 - 00000000 ____D C:\Users\Genna\AppData\Roaming\MotoCast
2015-08-11 17:44 - 2012-10-19 03:17 - 00000000 ____D C:\Temp
2015-08-11 15:29 - 2013-11-14 03:20 - 00300770 _____ C:\WINDOWS\PFRO.log
2015-08-11 15:29 - 2013-08-22 10:46 - 00348944 _____ C:\WINDOWS\setupact.log
2015-08-11 15:29 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-11 15:28 - 2014-01-01 20:35 - 00000000 ____D C:\Users\Genna
2015-08-11 15:28 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-11 15:10 - 2014-10-08 16:30 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-11 05:46 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-10 21:03 - 2015-06-23 09:53 - 00000890 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-615137952-235082984-2108559562-1001Core.job
2015-08-10 20:17 - 2014-12-23 14:08 - 00000000 ____D C:\Users\Genna\AppData\Local\CrashDumps
2015-08-09 15:09 - 2013-01-18 11:46 - 00000157 _____ C:\WINDOWS\SysWOW64\SystemPreferences.xml
2015-08-07 16:46 - 2014-06-16 20:53 - 00000000 ____D C:\Users\Genna\Downloads\Nippon-Beneflex
2015-08-07 16:11 - 2014-12-30 12:38 - 00000000 ____D C:\Users\Genna\AppData\Local\LogMeIn Rescue Applet
2015-08-06 15:30 - 2014-04-06 12:36 - 00000000 ____D C:\Program Files (x86)\Driver Wizard
2015-08-06 11:50 - 2012-07-26 04:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-08-05 08:41 - 2014-11-17 14:03 - 00000000 ____D C:\ProgramData\Norton
2015-08-04 22:07 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-08-04 19:04 - 2014-11-17 14:11 - 00003228 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-08-04 19:04 - 2014-11-17 14:08 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2015-08-04 19:03 - 2014-11-17 14:11 - 00002380 _____ C:\Users\Public\Desktop\Norton Security Suite.LNK
2015-08-01 06:10 - 2014-01-01 23:26 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-01 06:03 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-01 01:42 - 2014-11-17 14:11 - 00111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2015-08-01 01:42 - 2014-11-17 14:11 - 00008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2015-08-01 01:42 - 2014-11-17 14:11 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-08-01 01:31 - 2014-11-17 14:03 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-25 11:08 - 2015-04-05 02:40 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-24 14:13 - 2015-05-13 13:21 - 00000000 ___RD C:\Users\Genna\OneDrive
2015-07-24 14:13 - 2015-02-26 18:06 - 00003102 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-615137952-235082984-2108559562-1001
2015-07-23 12:31 - 2014-01-24 19:25 - 00000000 ____D C:\Users\Genna\.dvdcss
2015-07-22 16:32 - 2013-03-20 14:30 - 01812480 ___SH C:\Users\Genna\Downloads\Thumbs.db
2015-07-22 10:18 - 2013-04-24 10:08 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-22 09:45 - 2013-08-22 10:44 - 00492000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-19 20:58 - 2015-06-23 09:53 - 00003888 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-615137952-235082984-2108559562-1001UA
2015-07-19 20:58 - 2015-06-23 09:53 - 00003508 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-615137952-235082984-2108559562-1001Core
2015-07-17 09:47 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-17 08:15 - 2015-04-05 02:40 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-17 08:15 - 2014-12-12 08:21 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-17 08:15 - 2014-07-10 07:29 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-17 08:15 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-17 08:15 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-15 10:20 - 2013-07-12 12:32 - 00000000 ____D C:\WINDOWS\system32\MRT
 
==================== Files in the root of some directories =======
 
2014-11-01 13:13 - 2014-11-10 17:34 - 0000004 _____ () C:\Users\Genna\AppData\Roaming\appdataFr2.bin
2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\Genna\AppData\Roaming\HRZHEL
2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\Genna\AppData\Roaming\QCARYUG
2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\Genna\AppData\Roaming\SWGXET
2014-10-07 19:06 - 2014-10-07 19:06 - 0000043 _____ () C:\Users\Genna\AppData\Roaming\WB.CFG
2015-02-27 17:19 - 2015-02-27 17:19 - 0003584 _____ () C:\Users\Genna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-30 16:16 - 2014-12-18 23:15 - 0000163 _____ () C:\Users\Genna\AppData\Local\ZenfolioDownloader.log
2013-08-17 12:26 - 2013-08-17 12:26 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-11-16 13:44 - 2014-11-16 13:50 - 0001731 _____ () C:\ProgramData\tempimage.bmp
2012-10-19 03:12 - 2012-10-19 03:13 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-10-19 03:08 - 2012-10-19 03:09 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-10-19 03:09 - 2012-10-19 03:10 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-10-19 03:08 - 2012-10-19 03:08 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-10-19 03:10 - 2012-10-19 03:12 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
Files to move or delete:
====================
C:\Users\Genna\gotomypc_635.exe
 
 
Some files in TEMP:
====================
C:\Users\Genna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_kkzhb.dll
C:\Users\Genna\AppData\Local\Temp\jna1447065687657176497.dll
C:\Users\Genna\AppData\Local\Temp\jna4256376198490995030.dll
C:\Users\Genna\AppData\Local\Temp\jna4428113901446352049.dll
C:\Users\Genna\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-11 15:40
 
==================== End of log ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-08-2015 02
Ran by Genna (2015-08-11 20:29:55)
Running from C:\Users\Genna\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-615137952-235082984-2108559562-500 - Administrator - Disabled)
Genna (S-1-5-21-615137952-235082984-2108559562-1001 - Administrator - Enabled) => C:\Users\Genna
Guest (S-1-5-21-615137952-235082984-2108559562-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-615137952-235082984-2108559562-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-615137952-235082984-2108559562-1004 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) <==== ATTENTION
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.209 - ALPS ELECTRIC CO., LTD.)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Dropbox (HKU\S-1-5-21-615137952-235082984-2108559562-1001\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
DVD Catalyst 4 v4.4.4.4 (HKLM-x32\...\DVD Catalyst 4) (Version: v4.4.4.4 - Tools4Movies)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 6.30.59.26 - Dell Inc.)
Fast And Safe (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf}) (Version:  - GTgroup) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoPro Studio 2.5.4 (HKLM-x32\...\GoPro Studio) (Version: 2.5.4 - GoPro, Inc.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.710 - Oracle)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.0.20.17316 - LeapFrog)
LeapFrog Connect (x32 Version: 5.0.20.17316 - LeapFrog) Hidden
LeapFrog Tag Plugin (x32 Version: 5.0.19.17305 - LeapFrog) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-615137952-235082984-2108559562-1001\...\OneDriveSetup.exe) (Version: 17.3.5907.0716 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.3 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.07.3101 - Motorola Mobility) Hidden
MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 6.2.0 (HKLM\...\{8EC78F02-5C36-4C97-AAC4-95A3D742A285}) (Version: 6.2.0 - Motorola Inc.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PocketCloud Windows Companion (HKLM-x32\...\{EC67E1FF-4433-4096-A091-CF2828434493}) (Version: 2.5.11 - Wyse Technology)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.27 - Dell Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-615137952-235082984-2108559562-1001\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 5.0.19.17305 - LeapFrog)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 12.0.0.1600 - Broadcom Corporation)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-615137952-235082984-2108559562-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Genna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-615137952-235082984-2108559562-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Genna\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-615137952-235082984-2108559562-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Genna\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-615137952-235082984-2108559562-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Genna\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-615137952-235082984-2108559562-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Genna\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-615137952-235082984-2108559562-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Genna\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-615137952-235082984-2108559562-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Genna\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-615137952-235082984-2108559562-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Genna\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-615137952-235082984-2108559562-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Genna\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-615137952-235082984-2108559562-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Genna\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-615137952-235082984-2108559562-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Genna\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-615137952-235082984-2108559562-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Genna\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
28-07-2015 05:58:03 Scheduled Checkpoint
04-08-2015 22:01:26 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 01:26 - 2013-08-08 18:52 - 00000852 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09724424-73E9-4985-AAF7-BABC1866DB36} - System32\Tasks\DonutQuotes => C:\Program Files (x86)\donutleads\ScheduledTask.exe
Task: {0B98D7F2-CDB7-4EA0-9DDB-424878C8D264} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {131F89BB-3474-4998-A14F-4130CE75683B} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {1C3F1563-2EA4-473B-8A70-515B1F110031} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-04] (Google Inc.)
Task: {306C16FC-E9F7-4C11-A62F-0BD4153E54D4} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-615137952-235082984-2108559562-1001UA => C:\Users\Genna\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {474D6192-BDD9-4165-8BBC-5ABD968CE1D6} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {48E398E4-8BBD-4C87-8B35-7FFBBF65D066} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {4E74D280-CC84-450B-BE70-A4FAD859895C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {515CA94E-2F7E-490E-BEDE-E5AD094E2C66} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {57C9D9C1-8BE7-4958-9ACB-EC584EDCC1DF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {5806EAA1-7BAD-47F0-A633-25AC40449838} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {58D34588-0BF8-4223-8B9B-A4B26FBE4C78} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {61170127-945D-42CE-B80F-76C3133E6417} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {658843FA-0808-445B-A316-FEDA548EA0DF} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
Task: {6596D513-FB7C-4615-8031-9574AAED1BF9} - System32\Tasks\UpdaterEX => C:\Users\Genna\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {6C04A447-034F-416C-A366-1BFA2E953FC6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-04] (Google Inc.)
Task: {751EA36C-6DBA-4DA0-91CC-94115F186D2E} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {8E9182BD-8AA2-44C7-B6BD-0354B2247531} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {9D341DC2-793B-4F38-A1D4-F1B094F4FC8B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-615137952-235082984-2108559562-1001Core => C:\Users\Genna\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {A50BF5D7-128A-44AB-B87E-CFEC2659545A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {AB3B3408-7963-4BA9-838F-D7F57228E9A3} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-615137952-235082984-2108559562-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {B5457344-C7DE-4475-BE02-16ECE5D9B0E6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {BE30CDF9-7A50-47EE-B35E-908A4C441836} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {C071F66B-44DA-47CC-ADCB-8A350F8FB1D1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-06-09] (Microsoft Corporation)
Task: {CA55666B-034E-4496-945E-91BCD9A45505} - System32\Tasks\{AB4462D8-6469-479D-BB78-656FC808F025} => pcalua.exe -a "C:\Program Files\McAfee\MSC\mcuihost.exe" -c /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall
Task: {D11679FE-9AB7-4EBC-A6BC-DFBAEE673882} - System32\Tasks\{7EF4D32A-28FA-4CF4-8B23-FAB223BBA47D} => pcalua.exe -a "C:\Program Files (x86)\donutleads\uninstall.exe"
Task: {DDAC7B9E-1CB1-49A5-900A-146D74120651} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {EC4B8160-F34C-4CB9-B04A-DFA961F81760} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {EDCE747D-A5EC-434F-84FE-1C5F55EABB05} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MOMMALAPTOP-Genna MommaLaptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-06-02] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-615137952-235082984-2108559562-1001Core.job => C:\Users\Genna\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-615137952-235082984-2108559562-1001UA.job => C:\Users\Genna\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\UpdaterEX.job => 0x03060100E35FDCAC12581F469CEA1046B59BCBB246000A010000000044440000200000000014730F0000000003130400202080010000000000000000000000000000000000003E0043003A005C00550073006500720073005C00470065006E006E0061005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C005500500044004100540045007E0031005C005500500044004100540045007E0031005C005500500044004100540045007E0031002E00450058004500000007002F0043006800650063006B000000000012004D004F004D004D0041004C004100500054004F0050005C00470065006E006E00610000000000000008000313040000000000010030000000D0070900030000000000000010002E00A00500003C0000000000000001000000010000000000000000000000
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-12-18 15:42 - 2013-12-18 15:42 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-07-09 17:48 - 2013-10-23 04:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-19 14:53 - 2012-07-19 14:53 - 00043384 _____ () c:\Program Files\WIDCOMM\Bluetooth Software\BtwLeAPI.dll
2014-03-13 16:47 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-10-19 03:10 - 2012-04-24 22:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-10-24 12:18 - 2012-10-24 12:18 - 00188928 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
2012-10-24 12:21 - 2012-10-24 12:21 - 00071680 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\ServerNetworkInterface.dll
2012-10-24 12:21 - 2012-10-24 12:21 - 02216448 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\AetherCommLib.dll
2012-10-24 12:21 - 2012-10-24 12:21 - 00078336 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseWebServerLib.DLL
2015-03-17 17:42 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-10-06 02:12 - 2012-10-06 02:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-19 14:53 - 2012-07-19 14:53 - 00043384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\BtwLeAPI.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00240056 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
2013-07-06 13:09 - 2013-04-19 19:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2013-07-06 13:09 - 2013-04-19 19:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2015-07-02 23:59 - 2015-07-02 23:59 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-10-18 09:38 - 2014-10-18 09:38 - 01782784 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll
2015-07-17 09:06 - 2015-07-17 09:06 - 00146944 _____ () C:\Users\Genna\AppData\Local\Packages\Allrecipes.Allrecipes_f8zhmzza100am\AC\Microsoft\CLR_v4.0\NativeImages\nVentive.Um114fe9fe#\077612497528c60084c43fc0b427f8b5\nVentive.Umbrella.Services.Contract.WinRT.ni.dll
2014-10-18 09:38 - 2014-10-18 09:38 - 05185024 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI.Xaml\873b701d9b42e91132f08a6f05c4361a\Windows.UI.Xaml.ni.dll
2012-09-07 21:35 - 2012-09-07 21:35 - 00128960 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
2012-09-07 21:35 - 2012-09-07 21:35 - 00024496 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
2012-09-07 21:37 - 2012-09-07 21:37 - 00466256 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
2012-09-07 21:36 - 2012-09-07 21:36 - 00045992 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
2012-09-07 21:36 - 2012-09-07 21:36 - 00034752 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2013-06-20 17:35 - 2013-06-20 17:35 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2014-10-18 09:33 - 2014-10-18 09:33 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\80a14cd14e9579821dba2282b4349fef\PSIClient.ni.dll
2012-10-19 03:02 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-12-18 15:42 - 2013-12-18 15:42 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2012-02-14 19:05 - 2012-02-14 19:37 - 11796096 _____ () C:\Users\Genna\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
2015-08-11 17:45 - 2015-08-11 17:45 - 00205824 ____N () C:\Users\Genna\AppData\Local\Temp\WindowsAPI.dll767258759589252968.lib
2015-08-06 11:54 - 2015-08-06 11:54 - 00509440 _____ () C:\Users\Genna\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
2015-08-11 17:45 - 2015-08-11 17:45 - 00314368 ____N () C:\Users\Genna\AppData\Local\Temp\WindowsFolderWatcher.dll6943082295819210136.lib
2015-08-11 17:45 - 2015-08-11 17:45 - 00160256 ____N () C:\Users\Genna\AppData\Local\Temp\ZumoLocalGateway.dll6824377401105613419.lib
2015-08-11 17:52 - 2015-08-11 17:52 - 00553984 ____N () C:\Users\Genna\AppData\Local\Temp\zumotaglib.dll6878007039345957515.lib
2015-08-11 17:45 - 2015-08-11 17:45 - 00098816 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\win32api.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00110080 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\pywintypes27.dll
2015-08-11 17:45 - 2015-08-11 17:45 - 00364544 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\pythoncom27.dll
2015-08-11 17:45 - 2015-08-11 17:45 - 00045568 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\_socket.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 01160704 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\_ssl.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00320512 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\win32com.shell.shell.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00713216 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\_hashlib.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 01175040 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\wx._core_.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00805888 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\wx._gdi_.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00811008 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\wx._windows_.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 01062400 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\wx._controls_.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00735232 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\wx._misc_.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00128512 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\_elementtree.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00127488 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\pyexpat.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00557056 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\pysqlite2._sqlite.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00087552 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\_ctypes.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00119808 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\win32file.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00108544 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\win32security.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00007168 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\hashobjs_ext.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00167936 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\win32gui.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00018432 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\win32event.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00038912 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\win32inet.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00011264 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\win32crypt.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00070656 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\wx._html2.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00027136 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\_multiprocessing.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00035840 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\win32process.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00686080 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\unicodedata.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00122368 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\wx._wizard.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00024064 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\win32pipe.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00025600 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\win32pdh.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00525640 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\windows._lib_cacheinvalidation.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00010240 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\select.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00017408 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\win32profile.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00022528 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\win32ts.pyd
2015-08-11 17:45 - 2015-08-11 17:45 - 00078336 _____ () C:\Users\Genna\AppData\Local\Temp\_MEI56362\wx._animate.pyd
2014-12-16 18:37 - 2014-12-16 18:37 - 01800192 _____ () C:\Program Files (x86)\GoPro\Tools\Importer\GPSDKAnalyticsNet.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00699392 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstreamer-0.10.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 01396736 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libxml2-2.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00085504 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\z.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00030208 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstadder.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00471552 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\liborc-0.4-0.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00253440 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstbase-0.10.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00109568 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstaudio-0.10.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00053760 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstinterfaces-0.10.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00014848 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstadpcmdec.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00038400 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaiff.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00018944 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalaw.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00048640 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalpha.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00126976 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstcontroller-0.10.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00038912 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstvideo-0.10.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00017920 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalphacolor.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00020480 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstamrnb.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00248352 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libopencore-amrnb.0.1.1.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00014848 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstamrwbdec.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00123947 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libopencore-amrwb.0.1.1.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00015360 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstapetag.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00133120 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgsttag-0.10.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00098304 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstpbutils-0.10.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00078848 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudioconvert.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00020480 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudiorate.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00052224 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudioresample.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00019456 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstauparse.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00032256 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstautoconvert.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00029184 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstautodetect.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00123904 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstavi.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00041984 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstriff-0.10.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00212480 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcoreelements.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00011776 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcoreindexers.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00016896 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcutter.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00086016 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdecodebin2.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00091136 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdshowdecwrapper.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00073216 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdshowsrcwrapper.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00026624 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstequalizer.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00187904 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstffmpegcolorspace.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00069120 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflac.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00331264 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libFLAC-8.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00023552 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libogg-0.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 01694208 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluaacdec.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00122880 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluasfdemux.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 02009600 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluh264dec.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00033280 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumcaacenc.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00036864 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumch264enc.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00088064 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflummssrc.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 01376256 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflump3dec.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 01563136 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflump3enc.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00363008 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg2video.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00531968 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg4video.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00119296 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpegdemux.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00075776 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflv.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00029696 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstgdp.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00018944 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstdataprotocol-0.10.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00037888 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstgio.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00032256 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstid3demux.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00034304 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstid3tag.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00035840 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstinterleave.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00276480 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstisomp4.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00069632 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstrtp-0.10.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00059904 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstjpeg.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00276992 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libjpeg-8.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00019456 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstlevel.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00207872 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmatroska.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00047616 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegaudioparse.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00150528 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegdemux.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00039936 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegtsmux.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00024576 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegvideoparse.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00015360 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmulaw.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00020480 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmultifile.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00025088 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmultipart.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00132608 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstogg.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00029184 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstpng.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00190976 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libpng14-14.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00035328 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstreplaygain.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00011264 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstshift.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00054784 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstsmpte.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00051712 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstsubparse.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00061952 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgsttypefindfunctions.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00059904 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideobox.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00032768 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideocrop.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00024576 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideorate.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00075776 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideoscale.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00034304 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvolume.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00053760 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvorbis.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00162304 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libvorbis-0.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 01520128 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libvorbisenc-2.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00050688 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstwavpack.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00196608 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libwavpack-1.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00042496 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstwavparse.dll
2012-10-19 15:46 - 2012-10-19 15:46 - 00013312 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgsty4menc.dll
2013-07-06 13:09 - 2013-05-02 20:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll
2014-11-11 20:42 - 2014-11-11 20:42 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-08-11 19:43 - 2015-08-11 19:43 - 00071168 _____ () c:\users\genna\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_kkzhb.dll
2015-07-31 23:08 - 2015-08-05 16:49 - 00012800 _____ () C:\Users\Genna\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-07-31 23:08 - 2015-08-05 16:49 - 00779776 _____ () C:\Users\Genna\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-31 23:08 - 2015-08-05 16:49 - 00056320 _____ () C:\Users\Genna\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-07-31 23:08 - 2015-08-05 16:49 - 00012288 _____ () C:\Users\Genna\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2014-12-09 14:59 - 2014-12-05 21:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-09 14:59 - 2014-12-05 21:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-09 14:59 - 2014-12-05 21:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-09 14:59 - 2014-12-05 21:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Genna\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-615137952-235082984-2108559562-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Genna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-615137952-235082984-2108559562-1004\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "InboxToolbar"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3318B03E-42CD-484B-9353-C166D0D3E894}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
FirewallRules: [{5FFEF1CA-8C93-460B-B1FE-650F02719116}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
FirewallRules: [{BC10910A-A02F-424E-A4C9-A7AC585BA179}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\motocast.exe
FirewallRules: [{0527D6B1-CBDD-482B-99D6-073E266E962A}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\motocast.exe
FirewallRules: [{5596B096-F28E-48B1-9503-C6A1846E5D61}] => (Allow) C:\Program Files (x86)\Motorola Media Link\Lite\mml.exe
FirewallRules: [{C1CADFCA-C58C-41B2-8F6D-21B7AF872EB1}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{F47E45C0-050B-4BE3-B662-8AFAD99793B8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2D01EBCE-DEA1-435B-B2F1-C3E989C88DA4}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{98F4FB4D-9AF8-43CC-A801-ED0970C0B3B7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{2C1FF64B-9D05-48EE-9451-FC1073D3951B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{682D8A27-5FEF-4187-9AB0-50A13C0A1A77}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{AA34E026-4937-4923-BDCC-43FDF870F602}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{95B316B5-D031-4CCC-80A6-5ECB78DF6FED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{56DBC3A7-E272-4EFD-BE59-74110B2EE12E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BC24B9FA-3B48-439B-9C57-7197E4066837}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{743EF8EE-C22C-45E9-BA79-08B8123F4A6E}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [UDP Query User{B840E5CF-00C5-46A4-854D-1D1C13D72BCB}C:\users\genna\appdata\local\temp\g2_943\g2viewer.exe] => (Allow) C:\users\genna\appdata\local\temp\g2_943\g2viewer.exe
FirewallRules: [TCP Query User{49F22B5D-FB60-4738-87F7-BDF950DD3A75}C:\users\genna\appdata\local\temp\g2_943\g2viewer.exe] => (Allow) C:\users\genna\appdata\local\temp\g2_943\g2viewer.exe
FirewallRules: [UDP Query User{E80B4BFD-5E96-4E11-B5C1-A6C90C006E5E}C:\users\genna\appdata\local\temp\g2_943\g2viewer.exe] => (Allow) C:\users\genna\appdata\local\temp\g2_943\g2viewer.exe
FirewallRules: [TCP Query User{2B7CB36C-0E3C-4682-B438-15077559C5C9}C:\users\genna\appdata\local\temp\g2_943\g2viewer.exe] => (Allow) C:\users\genna\appdata\local\temp\g2_943\g2viewer.exe
FirewallRules: [{705385F9-DF79-4208-A3F4-06E5E5BD77EA}] => (Allow) C:\Users\Genna\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [UDP Query User{069B43EF-2B8C-4F17-AFDB-CC4288A9991C}C:\users\genna\appdata\local\temp\g2_635\g2viewer.exe] => (Allow) C:\users\genna\appdata\local\temp\g2_635\g2viewer.exe
FirewallRules: [TCP Query User{BC6BC910-8B43-49F4-8D3C-7B82CB97C933}C:\users\genna\appdata\local\temp\g2_635\g2viewer.exe] => (Allow) C:\users\genna\appdata\local\temp\g2_635\g2viewer.exe
FirewallRules: [{91365B38-4E47-4AFA-BB22-851AE9A5A485}] => (Allow) C:\Users\Genna\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{04E622D6-FC1F-4FA9-AF78-D79980BF90F9}] => (Allow) C:\Users\Genna\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C2DF7E35-6711-4BCA-9805-2AB5A8705A98}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
FirewallRules: [{F99F974B-F267-4437-93C1-7EC282A69E0F}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudInstallWizard.exe
FirewallRules: [{105371C7-1C28-466E-A76B-D1C2FB3C31AC}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudInstallWizard.exe
FirewallRules: [{F99D6E14-6213-4A37-B9A3-B53E000F12D6}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
FirewallRules: [{BC20473D-5929-41F1-9E40-54EA76EB1526}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
FirewallRules: [{BA8AC35A-125E-4353-B2B0-3D553EE6F1CE}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{6CCEE090-0F87-43C8-92F0-AFED01229E67}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1D4F9B93-3347-47FF-85EB-2A942AFCCEC0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{024F33A4-174D-4BAF-8A00-931EB8182C71}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{FFB7B901-15F4-4826-9DC7-5042E4572870}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{7611357E-BD98-497C-81B5-C02EDBEC6463}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{48FF3A01-4181-4F8A-8A46-21BDD1E113C9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{BEA185C4-8FC4-40CF-B243-8C4493D4004A}C:\users\genna\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\genna\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{5BD78FC8-8A1E-4441-B31D-5C5366E0D304}C:\users\genna\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\genna\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{BB41FE38-868F-47CF-8208-CCD43043C1D3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{99FF0617-1AA5-4411-BB92-5BE3D6B816A0}C:\users\genna\appdata\local\temp\g2_1337\g2viewer.exe] => (Block) C:\users\genna\appdata\local\temp\g2_1337\g2viewer.exe
FirewallRules: [UDP Query User{0E6B7BD4-D6CE-4AC7-B59A-18CDDA023D14}C:\users\genna\appdata\local\temp\g2_1337\g2viewer.exe] => (Block) C:\users\genna\appdata\local\temp\g2_1337\g2viewer.exe
FirewallRules: [{E11B1BF3-11C9-488C-B09E-A2922A79D0AE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{663C6E82-8B94-4CF3-A43E-C22EBF11D47E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{451C8AE0-08BE-4582-B18F-666A833BF6C1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{12FC4E34-7D1E-4B3E-9265-3A56D5E6EA45}] => (Allow) LPort=2869
FirewallRules: [{FEC83737-105E-498A-9954-E3589AA3CACB}] => (Allow) LPort=1900
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/11/2015 08:29:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 918
 
Start Time: 01d0d495430f3fc0
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
 
Report Id: 36996b28-4089-11e5-bf69-e006e6d72f00
 
Faulting package full name: Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100am
 
Faulting package-relative application ID: App
 
Error: (08/11/2015 08:29:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1c58
 
Start Time: 01d0d485d0df5256
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 369bcd86-4089-11e5-bf69-e006e6d72f00
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (08/11/2015 08:00:05 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1928) SRUJet: Database C:\WINDOWS\system32\SRU\SRUDB.dat: Index AppIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).
 
Error: (08/11/2015 07:33:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 23e4
 
Start Time: 01d0d48d6fcc9325
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
 
Report Id: 635a8cc6-4081-11e5-bf69-e006e6d72f00
 
Faulting package full name: Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100am
 
Faulting package-relative application ID: App
 
Error: (08/11/2015 07:00:46 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1928) SRUJet: Database C:\WINDOWS\system32\SRU\SRUDB.dat: Index AppIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).
 
Error: (08/11/2015 06:39:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1c50
 
Start Time: 01d0d485d0df5256
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
 
Report Id: c58440ae-4079-11e5-bf69-e006e6d72f00
 
Faulting package full name: Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100am
 
Faulting package-relative application ID: App
 
Error: (08/11/2015 06:00:05 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1928) SRUJet: Database C:\WINDOWS\system32\SRU\SRUDB.dat: Index AppIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).
 
Error: (08/11/2015 03:25:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2268
 
Start Time: 01d0d46ac5c9af88
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
 
Report Id: b946c72e-405e-11e5-bf68-e006e6d72f00
 
Faulting package full name: Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100am
 
Faulting package-relative application ID: App
 
Error: (08/11/2015 03:00:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1668) SRUJet: Database C:\WINDOWS\system32\SRU\SRUDB.dat: Index AppIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).
 
Error: (08/11/2015 02:54:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 183c
 
Start Time: 01d0d46681fef047
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
 
Report Id: 75974822-405a-11e5-bf68-e006e6d72f00
 
Faulting package full name: Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100am
 
Faulting package-relative application ID: App
 
 
System errors:
=============
Error: (08/11/2015 07:25:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.
 
Error: (08/11/2015 05:57:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.
 
Error: (08/11/2015 05:50:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.
 
Error: (08/11/2015 05:45:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (08/11/2015 03:29:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Fast And Safe service to connect.
 
Error: (08/11/2015 03:25:25 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (08/11/2015 03:25:25 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (08/11/2015 03:25:25 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (08/11/2015 03:25:25 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (08/11/2015 08:03:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.
 
 
Microsoft Office:
=========================
Error: (08/11/2015 08:29:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1741591801d0d495430f3fc04294967295C:\WINDOWS\system32\backgroundTaskHost.exe36996b28-4089-11e5-bf69-e006e6d72f00Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100amApp
 
Error: (08/11/2015 08:29:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.209111c5801d0d485d0df52564294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe369bcd86-4089-11e5-bf69-e006e6d72f00microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (08/11/2015 08:00:05 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost1928SRUJet: AppIdTimeStamp{973F5D5C-1D90-4944-BE8E-24B94231A174}C:\WINDOWS\system32\SRU\SRUDB.dat0
 
Error: (08/11/2015 07:33:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1741523e401d0d48d6fcc93254294967295C:\WINDOWS\system32\backgroundTaskHost.exe635a8cc6-4081-11e5-bf69-e006e6d72f00Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100amApp
 
Error: (08/11/2015 07:00:46 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost1928SRUJet: AppIdTimeStamp{973F5D5C-1D90-4944-BE8E-24B94231A174}C:\WINDOWS\system32\SRU\SRUDB.dat0
 
Error: (08/11/2015 06:39:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.174151c5001d0d485d0df52564294967295C:\WINDOWS\system32\backgroundTaskHost.exec58440ae-4079-11e5-bf69-e006e6d72f00Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100amApp
 
Error: (08/11/2015 06:00:05 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost1928SRUJet: AppIdTimeStamp{973F5D5C-1D90-4944-BE8E-24B94231A174}C:\WINDOWS\system32\SRU\SRUDB.dat0
 
Error: (08/11/2015 03:25:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415226801d0d46ac5c9af884294967295C:\WINDOWS\system32\backgroundTaskHost.exeb946c72e-405e-11e5-bf68-e006e6d72f00Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100amApp
 
Error: (08/11/2015 03:00:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost1668SRUJet: AppIdTimeStamp{973F5D5C-1D90-4944-BE8E-24B94231A174}C:\WINDOWS\system32\SRU\SRUDB.dat0
 
Error: (08/11/2015 02:54:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415183c01d0d46681fef0474294967295C:\WINDOWS\system32\backgroundTaskHost.exe75974822-405a-11e5-bf68-e006e6d72f00Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100amApp
 
 
CodeIntegrity:
===================================
  Date: 2015-08-11 20:27:19.501
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-11 20:27:19.392
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-11 20:27:19.235
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-11 20:27:19.095
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-11 20:27:18.851
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-11 20:27:18.726
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-11 20:27:18.570
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-11 20:27:18.445
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-11 20:17:15.739
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-11 20:17:15.614
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 62%
Total physical RAM: 3953.59 MB
Available physical RAM: 1489.58 MB
Total Virtual: 6385.59 MB
Available Virtual: 3288 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:412.67 GB) (Free:193 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.21 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 7E76F41C)
 
Partition: GPT.
 
==================== End of log ============================
 
sorry forgot to attach these

Edited by growley, 11 August 2015 - 06:47 PM.

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome via control panel .
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.
 
Next
Please remove these programs from your programs an features list, Start > Control panel > Programs an features. In the list find the program listed below and uninstall it.
  • Amazon Browser App
  • Fast And Safe
    If a program will not remove skip it.
I'll be back with further instructions. Need time to look at the log reports.

Thanks
Joe :)
  • 0

#3
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

We need to do a fix using FRST.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ospd_us_433] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/
URLSearchHook: [S-1-5-21-615137952-235082984-2108559562-1004] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...r=493084871&ir=
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.co...r=828429982&ir=
SearchScopes: HKU\S-1-5-21-615137952-235082984-2108559562-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKU\S-1-5-21-615137952-235082984-2108559562-1001 -> {9C0C99ED-1D9E-4D0C-BC8C-4946C91D810D} URL = 
C:\Users\Genna\gotomypc_635.exe
Task: {6596D513-FB7C-4615-8031-9574AAED1BF9} - System32\Tasks\UpdaterEX => C:\Users\Genna\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Genna\AppData\Roaming\UPDATE~1
Task: C:\WINDOWS\Tasks\UpdaterEX.job => 0x03060100E35FDCAC12581F469CEA1046B59BCBB246000A010000000044440000200000000014730F0000000003130400202080010000000000000000000000000000000000003E0043003A005C00550073006500720073005C00470065006E006E0061005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C005500500044004100540045007E0031005C005500500044004100540045007E0031005C005500500044004100540045007E0031002E00450058004500000007002F0043006800650063006B000000000012004D004F004D004D0041004C004100500054004F0050005C00470065006E006E00610000000000000008000313040000000000010030000000D0070900030000000000000010002E00A00500003C0000000000000001000000010000000000000000000000
AlternateDataStreams: C:\Users\Genna\SkyDrive:ms-properties 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
Next

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.


In your next reply post;
  • Fixlog.txt, found on desktop after fix has run.
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log
Thanks
Joe :)
  • 0

#4
growley

growley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

FYI Norton popped up saying FRST was suspicious but I clicked continue

How do I post Fixlog, will not let me paste to this box after I copy?


  • 0

#5
growley

growley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

When I clicked on link for AdwCleaner it opened a sign in page, I searched AdwCleaner and went to cnet sight but this is what it says:

 

run or save FromDocToPDF.3f2951429bbe40d9a3ace1dbb0f342ab.exe (350 KB) from ak.imgfarm.com?


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Try to do adwCleaner from here ---Bleeping computer..

http://www.bleepingc...oad/adwcleaner/
  • 0

#7
growley

growley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01

 

Ran by Genna (2015-08-16 11:01:27) Run:1

 

Running from C:\Users\Genna\Desktop

 

Loaded Profiles: Genna & UpdatusUser (Available Profiles: Genna & UpdatusUser)

 

Boot Mode: Normal

 

==============================================

 

 

fixlist content:

 

*****************

 

start

 

CloseProcesses:

 

CreateRestorePoint:

 

HKLM-x32\...\Run: [] => [X]

 

HKLM-x32\...\Run: [ospd_us_433] => [X]

 

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

 

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

 

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

 

ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

 

ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

 

ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

 

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/

 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/

 

URLSearchHook: [S-1-5-21-615137952-235082984-2108559562-1004] ATTENTION => Default URLSearchHook is missing

 

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...r=493084871&ir=

 

SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.co...r=828429982&ir=

 

SearchScopes: HKU\S-1-5-21-615137952-235082984-2108559562-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =

 

SearchScopes: HKU\S-1-5-21-615137952-235082984-2108559562-1001 -> {9C0C99ED-1D9E-4D0C-BC8C-4946C91D810D} URL =

 

C:\Users\Genna\gotomypc_635.exe

 

Task: {6596D513-FB7C-4615-8031-9574AAED1BF9} - System32\Tasks\UpdaterEX =>

 

C:\Users\Genna\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

 

C:\Users\Genna\AppData\Roaming\UPDATE~1

 

Task: C:\WINDOWS\Tasks\UpdaterEX.job => 0x03060100E35FDCAC12581F469CEA1046B59BCBB246000A010000000044440000200000000014730F0000000003130400202080010000000000000000000000000000000000003E0043003A005C00550073006500720073005C00470065006E006E0061005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C005500500044004100540045007E0031005C005500500044004100540045007E0031005C005500500044004100540045007E0031002E00450058004500000007002F0043006800650063006B000000000012004D004F004D004D0041004C004100500054004F0050005C00470065006E006E00610000000000000008000313040000000000010030000000D0070900030000000000000010002E00A00500003C0000000000000001000000010000000000000000000000

 

AlternateDataStreams: C:\Users\Genna\SkyDrive:ms-properties

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys =>

 

""="Driver"

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

CMD: bitsadmin /reset /allusers

 

CMD: netsh winsock reset catalog

 

CMD: ipconfig /flushdns

 

RemoveProxy:

 

hosts:

 

Emptytemp:

 

 

*****************

 

 

Processes closed successfully.

 

Restore point was successfully created.

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_433 => value removed successfully

 

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully

 

HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.

 

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully

 

HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.

 

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully

 

HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.

 

"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully

 

HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.

 

"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully

 

HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.

 

"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully

 

HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.

 

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully

 

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully

 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully

 

Could not restore Default URLSearchHook.

 

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully

 

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.

 

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => key removed successfully

 

HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => key not found.

 

"HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => key removed successfully

 

HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => key not found.

 

"HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C0C99ED-1D9E-4D0C-BC8C-4946C91D810D}" => key removed successfully

 

HKCR\CLSID\{9C0C99ED-1D9E-4D0C-BC8C-4946C91D810D} => key not found.

 

C:\Users\Genna\gotomypc_635.exe => moved successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6596D513-FB7C-4615-8031-9574AAED1BF9}" => key removed successfully

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6596D513-FB7C-4615-8031-9574AAED1BF9}" => key removed successfully

 

C:\WINDOWS\System32\Tasks\UpdaterEX => not found.

 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX => => key not found.

 

"C:\Users\Genna\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION" => File/Folder not found.

 

C:\Users\Genna\AppData\Roaming\UPDATE~1 => moved successfully.

 

C:\WINDOWS\Tasks\UpdaterEX.job => moved successfully.

 

C:\Users\Genna\SkyDrive => ":ms-properties" ADS removed successfully.

 

"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys" => key removed successfully

 

""="Driver" => Error: No automatic fix found for this entry.

 

"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys" => key removed successfully

 

 

=========  bitsadmin /reset /allusers =========

 

 

 

BITSADMIN version 3.0 [ 7.7.9600 ]

 

BITS administration utility.

 

© Copyright 2000-2006 Microsoft Corp.

 

 

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

 

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

 

 

Unable to cancel {FF3B3D67-5612-4E4B-8FB2-196277FE7FA2}.

 

Unable to cancel {62DA7BDF-BFC7-418A-9843-F823AC78915C}.

 

0 out of 2 jobs canceled.

 

 

========= End of CMD: =========

 

 

 

=========  netsh winsock reset catalog =========

 

 

 

Sucessfully reset the Winsock Catalog.

 

You must restart the computer in order to complete the reset.

 

 

 

========= End of CMD: =========

 

 

 

=========  ipconfig /flushdns =========

 

 

 

Windows IP Configuration

 

 

Successfully flushed the DNS Resolver Cache.

 

 

========= End of CMD: =========

 

 

 

========= RemoveProxy: =========

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

 

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

 

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

 

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

 

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

 

HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

 

HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

 

 

 

========= End of RemoveProxy: =========

 

 

C:\Windows\System32\Drivers\etc\hosts => moved successfully.

 

Hosts restored successfully.

 

EmptyTemp: => 22.2 GB temporary data Removed.

 

 

 

The system needed a reboot..

 

 

==== End of Fixlog 11:04:48 ====


  • 0

#8
growley

growley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Message from Norton, zipinstall,exe is not safe and has been removed.

Should Norton still be on?


  • 0

#9
growley

growley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

# AdwCleaner v5.000 - Logfile created 16/08/2015 at 15:17:47
# Updated 14/08/2015 by Xplode
# Database : 2015-08-16.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Genna - MOMMALAPTOP
# Running from : C:\Users\Genna\AppData\Local\Microsoft\Windows\INetCache\IE\PQENB991\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : 64af91bf

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\ProgramData\Fast And Safe
Folder Found : C:\ProgramData\62abe8f2696f7821
Folder Found : C:\Users\Genna\AppData\Local\globalUpdate

***** [ Files ] *****

File Found : C:\END
File Found : C:\Users\UpdatusUser\Desktop\FastPlayer.lnk

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

Task Found : UpdaterEX

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\c6f82a39-37c5-5d51-6b4c-1a7336b115d7
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf}
Key Found : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : HKU\.DEFAULT\Software\Microsoft\KanarCore
Key Found : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Key Found : HKCU\Software\Compete
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\UpdaterEX
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\suprasavings
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\NpApp
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B8A71D1-31D4-EE6A-C32F-836E0BFFA6D3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80E8B0A0-117D-1402-7CDE-688156237115}
Key Found : [x64] HKCU\Software\Compete
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\UpdaterEX
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [ Web browsers ] *****

[C:\Users\Genna\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Genna\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com

*************************

C:\AdwCleaner[S1].txt - [3562 octets] - [16/08/2015 15:17:47]

########## EOF - C:\AdwCleaner[S1].txt - [3625 octets] ##########


  • 0

#10
growley

growley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Sorry I jumped the gun and attached the log prior to restart, here is the one that opened after restart:

# AdwCleaner v5.000 - Logfile created 16/08/2015 at 15:27:04
# Updated 14/08/2015 by Xplode
# Database : 2015-08-16.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Genna - MOMMALAPTOP
# Running from : C:\Users\Genna\AppData\Local\Microsoft\Windows\INetCache\IE\PQENB991\AdwCleaner (1).exe
# Option : Cleaning

***** [ Services ] *****

[-] Service Deleted : 64af91bf

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\predm
[-] Folder Deleted : C:\ProgramData\Fast And Safe
[-] Folder Deleted : C:\ProgramData\62abe8f2696f7821
[-] Folder Deleted : C:\Users\Genna\AppData\Local\globalUpdate

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Users\UpdatusUser\Desktop\FastPlayer.lnk

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : UpdaterEX

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\c6f82a39-37c5-5d51-6b4c-1a7336b115d7
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf}
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[-] Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\KanarCore
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKCU\Software\Compete
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\UpdaterEX
[!] Key Not Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKCU\Software\AppDataLow\Software\suprasavings
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[-] Key Deleted : HKLM\SOFTWARE\CompeteInc
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\NpApp
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B8A71D1-31D4-EE6A-C32F-836E0BFFA6D3}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80E8B0A0-117D-1402-7CDE-688156237115}
[!] Key Not Deleted : [x64] HKCU\Software\Compete
[!] Key Not Deleted : [x64] HKCU\Software\GlobalUpdate
[!] Key Not Deleted : [x64] HKCU\Software\InstallCore
[!] Key Not Deleted : [x64] HKCU\Software\TutoTag
[!] Key Not Deleted : [x64] HKCU\Software\UpdaterEX
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [ Web browsers ] *****

[-] [C:\Users\Genna\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Genna\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com

*************************

:: Proxy settings cleared
:: Winsock settings cleared

*************************

C:\AdwCleaner[C1].txt - [3971 octets] - [16/08/2015 15:27:04]
C:\AdwCleaner[S1].txt - [3730 octets] - [16/08/2015 15:17:47]
C:\AdwCleaner[S2].txt - [3797 octets] - [16/08/2015 15:25:37]

########## EOF - C:\AdwCleaner[C1].txt - [4160 octets] ##########


  • 0

Advertisements


#11
growley

growley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.6 (08.10.2015:1)
OS: Windows 8.1 x64
Ran by Genna on Sun 08/16/2015 at 15:41:13.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDoctorBackgroundMonitorTask

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\Users\Genna\AppData\Roaming\appdataFr2.bin

 

~~~ Folders

 

~~~ Chrome

[C:\Users\Genna\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Genna\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Genna\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Genna\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/16/2015 at 15:44:24.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

I also continually get outdated Java prompts to update, I always click cancel


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Next,
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.
Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#13
growley

growley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/16/2015
Scan Time: 4:06 PM
Logfile: MBAMlog.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.16.03
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Genna

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 416315
Time Elapsed: 34 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 18
PUP.Optional.StormWatch.C, HKLM\SOFTWARE\MICROSOFT\TRACING\StormWatch_RASAPI32, Quarantined, [245f0ffa2b607bbba6f4149b0400d62a],
PUP.Optional.StormWatch.C, HKLM\SOFTWARE\MICROSOFT\TRACING\StormWatch_RASMANCS, Quarantined, [f48fd831bad1b680e3b7d4db9074c739],
PUP.Optional.DonutQuotes, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DonutQuotes, Quarantined, [681be42508833006548de8313cc7827e],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [8003f910375495a1d5b043647c8803fd],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\apgjagobplilmcdfelodhgefiidomnfl, Quarantined, [c8bb34d54348241233450d39847ff20e],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [0380db2ed0bb76c02164e2c54db70ef2],
PUP.Optional.DonutLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\donutleadsServiceCore, Quarantined, [ed96dd2c246748eef9b86cc57093d22e],
PUP.Optional.BrowsersApp.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Browsers+Apps+1.1, Quarantined, [b0d3a3668a01a98d0104d37280836b95],
PUP.Optional.VideoMediaPlayer.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\VideoMedia+Player_v2.3, Quarantined, [a3e0a8614645d2643ec458401be9619f],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{27A038D6-3405-4869-8531-80AFC9728474}, Quarantined, [99eafa0f9bf0f145ea00178d9272ff01],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2F7E6B12-3046-4A24-8DE1-D81F5793597A}, Quarantined, [e89b60a990fb74c29d4d2f754cb8956b],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8FA6FD26-8D31-4C96-86CE-2588CEBE81F0}, Quarantined, [364d50b97e0d340202e86a3ae420a957],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{95AEC4FB-AD20-41C4-8E3C-57B770AFEB85}, Quarantined, [d1b2ad5c484345f1b832297bb351cc34],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9B0B82E7-FAF5-4B5D-BA10-1B15CED0627A}, Quarantined, [98eb63a6bccff0468a61a9fba85cab55],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9EE875CB-ECD6-4D74-8721-A813D8C5BCEE}, Quarantined, [d7acd8314e3da5916289e8bc36cee21e],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B9B039BD-E19F-4353-A136-76263D6A8D8D}, Quarantined, [493ac2479af1b6808764d8cc0400a759],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CB2DA8C9-2828-4BF4-94DC-427E3F706063}, Quarantined, [3e45bd4c6f1c0432bd2de0c4dd277b85],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F7915EDF-BE4B-4648-989B-23A29D564F52}, Quarantined, [117255b4fe8db680f5f601a3709455ab],

Registry Values: 12
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [8003f910375495a1d5b043647c8803fd]
PUP.Optional.Astromenda.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, Quarantined, [b7cce42559322511476ae638798ac739]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [0380db2ed0bb76c02164e2c54db70ef2]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{27A038D6-3405-4869-8531-80AFC9728474}|AppName, 30c9d699-fc2e-4545-a144-7dcce2b5832c-2.exe-buttonutil.exe, Quarantined, [99eafa0f9bf0f145ea00178d9272ff01]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2F7E6B12-3046-4A24-8DE1-D81F5793597A}|AppName, 30c9d699-fc2e-4545-a144-7dcce2b5832c-2.exe-buttonutil.exe, Quarantined, [e89b60a990fb74c29d4d2f754cb8956b]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8FA6FD26-8D31-4C96-86CE-2588CEBE81F0}|AppName, b8b3e879-0421-4a88-88ab-870468bdf42b-2.exe-buttonutil.exe, Quarantined, [364d50b97e0d340202e86a3ae420a957]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{95AEC4FB-AD20-41C4-8E3C-57B770AFEB85}|AppName, 30c9d699-fc2e-4545-a144-7dcce2b5832c-2.exe-buttonutil.exe, Quarantined, [d1b2ad5c484345f1b832297bb351cc34]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9B0B82E7-FAF5-4B5D-BA10-1B15CED0627A}|AppName, b8b3e879-0421-4a88-88ab-870468bdf42b-2.exe-codedownloader.exe, Quarantined, [98eb63a6bccff0468a61a9fba85cab55]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9EE875CB-ECD6-4D74-8721-A813D8C5BCEE}|AppName, 30c9d699-fc2e-4545-a144-7dcce2b5832c-2.exe-codedownloader.exe, Quarantined, [d7acd8314e3da5916289e8bc36cee21e]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B9B039BD-E19F-4353-A136-76263D6A8D8D}|AppName, 30c9d699-fc2e-4545-a144-7dcce2b5832c-2.exe-codedownloader.exe, Quarantined, [493ac2479af1b6808764d8cc0400a759]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CB2DA8C9-2828-4BF4-94DC-427E3F706063}|AppName, b8b3e879-0421-4a88-88ab-870468bdf42b-2.exe-buttonutil.exe, Quarantined, [3e45bd4c6f1c0432bd2de0c4dd277b85]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-615137952-235082984-2108559562-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F7915EDF-BE4B-4648-989B-23A29D564F52}|AppName, 30c9d699-fc2e-4545-a144-7dcce2b5832c-2.exe-codedownloader.exe, Quarantined, [117255b4fe8db680f5f601a3709455ab]

Registry Data: 2
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{8631A68B-558A-4E55-BA4B-5E1535483047}|NameServer, 31.168.224.100,5.135.12.56, Good: (), Bad: (31.168.224.100,5.135.12.56),Replaced,[fe8526e3078490a6b0ee6ce833d2748c]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{BC0E549A-80E7-4F25-A1B1-91216E7DDD60}|NameServer, 31.168.224.100,5.135.12.56, Good: (), Bad: (31.168.224.100,5.135.12.56),Replaced,[384b3ccd0a811d19b0eec094679e4fb1]

Folders: 3
Rogue.Multiple, C:\ProgramData\2340918229, Quarantined, [52319475107b58de867411c3d230de22],
Rogue.Multiple, C:\ProgramData\2355320829, Quarantined, [582bf7122e5d89adbc3e9341c240a65a],
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [a0e36b9e5437e155f20a3d972cd66d93],

Files: 3
PUP.Optional.Conduit.A, C:\Users\Genna\Downloads\Video_Converter_TSV1WSVO.exe, Quarantined, [8ef5d8313655a492ab12040dcd34c739],
PUP.Optional.iBryte, C:\Users\Genna\Downloads\setup.exe, Quarantined, [cdb638d1afdc63d3d1a22efdf60a9c64],
PUP.Optional.DonutQuotes, C:\Windows\System32\Tasks\DonutQuotes, Quarantined, [e69d5dacd7b440f6468e999bd82b7888],

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Lots of junk removed so far.

Tell me what issues remain and what browser.

Thanks
Joe
  • 0

#15
growley

growley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Boxes that popped up:

Application Launcher for Drive (by Google) added

Another program on your computer added an extension that may change the way Chrome works

It can:

Communicate with cooperating native applications

Communicate with cooperating websites

Enable or Remove

 

Norton Security Toolbar added

Another program on your computer added an extension that may change the way Chrome works

It can:

Read and change your browsing history

Read and change all your data on the websites you visit

Manage your apps., extensions and themes

Communicate with cooperating native applications

Enable or Remove

 

Also tab across top:

Google Chrome isn't your default browser

set or don't ask again

 

Still have some ads on the sides of websites

 

Explorer opens to Google but depending on where I search, sometimes Bing

 

Tab on bottom:

Speed up browsing by disabling add-ons

Choose add-ons or Ask

 

Don't know if javascript is still telling me I am out of date, not sure what makes that pop up

 

What else can I check?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP