Comodo found the Heur.Corrupt threat located in C:\Windows\System32|DriverStore\en-US\bcmfn.ing_loc
I need advice on removal or whatever is the best course of action.
Thanks
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Wally (administrator) on WALLY_OFFICE (29-01-2016 14:32:46)
Running from C:\Users\Wally\Desktop
Loaded Profiles: Wally (Available Profiles: Wally & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.5.5.15\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.5.5.15\n360.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
(COMODO) C:\ZZZ\CCE\CCE.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\nacl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.5.5.15\conathst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Users\Wally\AppData\Local\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\vdeck.exe [2243584 2009-07-28] (VIA)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [72736 2016-01-18] (Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1985056 2016-01-18] (Prosoftnet)
HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\Run: [Spotify Web Helper] => C:\Users\Wally\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-27] (Spotify Ltd)
HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\Run: [join.me.launcher] => C:\Users\Wally\AppData\Local\join.me.launcher\join.me.launcher.exe [176560 2015-10-27] (LogMeIn, Inc)
HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2016-01-21] (SUPERAntiSpyware)
HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
ShellIconOverlayIdentifiers: [ 0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-11-25] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [ 0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-11-25] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [ 0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-11-25] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-01-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Wally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8610.lnk [2015-10-22]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{329f6fe0-f89c-4917-8c6a-1171e2c847e8}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.com/
HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://finance.yahoo.com/
hxxp://nria.net/
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-12] (Symantec Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll => No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-02-26] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-02-26] (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-12] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-1830817234-4242773262-1291581639-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-1830817234-4242773262-1291581639-1000 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No File
Toolbar: HKU\S-1-5-21-1830817234-4242773262-1291581639-1000 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-12] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1830817234-4242773262-1291581639-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Wally\AppData\Roaming\Mozilla\Firefox\Profiles\n2umwrkm.default
FF NewTab: hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10082_campaign_141219__yaff
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.2:
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_wcyid10082_campaign_141219__yaff
FF Keyword.URL: hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20141040,20030,0,100,0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-02-26] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [No File]
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll [2012-07-26] ( )
FF Plugin-x32: @samsungsmartcam.com/npwViewer -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib.dll [2015-11-06] (Samsung Techwin)
FF Plugin-x32: @samsungsmartcam.com/npwViewer_turn -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib_turn.dll [2015-11-06] (Samsung Techwin)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: samsungtechwin.com/SmartCamFinder -> C:\Program Files (x86)\Samsung\SmartCam\npSmartCamFinder.dll [2015-09-24] (Samsung Techwin)
FF Plugin HKU\S-1-5-21-1830817234-4242773262-1291581639-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Wally\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin HKU\S-1-5-21-1830817234-4242773262-1291581639-1000: @samsungsmartcam.com/npwViewer -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib.dll [2015-11-06] (Samsung Techwin)
FF Plugin HKU\S-1-5-21-1830817234-4242773262-1291581639-1000: @samsungsmartcam.com/npwViewer_turn -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib_turn.dll [2015-11-06] (Samsung Techwin)
FF Plugin HKU\S-1-5-21-1830817234-4242773262-1291581639-1000: samsungtechwin.com/SmartCamFinder -> C:\Program Files (x86)\Samsung\SmartCam\npSmartCamFinder.dll [2015-09-24] (Samsung Techwin)
FF Plugin ProgramFiles/Appdata: C:\Users\Wally\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-10-29] (Google)
FF Extension: Yahoo! Toolbar - C:\Users\Wally\AppData\Roaming\Mozilla\Firefox\Profiles\n2umwrkm.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-02-28] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-01-14]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn [2015-08-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF HKLM-x32\...\Thunderbird\Extensions: [
[email protected]] - C:\Program Files (x86)\DS Development\Email Address Collector\ThunderbirdExtension
FF Extension: Email Address Collector connector - C:\Program Files (x86)\DS Development\Email Address Collector\ThunderbirdExtension [2015-02-28] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://vinstaller.com/kmsx/yhome.html?hspart=w3i&hsimp=yhs-syctransfer&type=__PARAM__
CHR StartupUrls: Default -> "hxxp://www.msn.com/","hxxp://www.finance.yahoo.com/","hxxp://www.cnbc.com/"
CHR DefaultSearchURL: Default -> hxxp://vinstaller.com/kmsx/ysearch.html?hspart=w3i&fr=w3i&p={searchTerms}&type=__PARAM__
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxp://vinstaller.com/kmsx/ysuggest.html?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bejeweled) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-02-27]
CHR Extension: (Google Drive) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (McAfee Security Scan+) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-20]
CHR Extension: (Norton Security Toolbar) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-10-07]
CHR Extension: (Google Search) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Norton Identity Safe) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-08-29]
CHR Extension: (Google Maps) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-18]
CHR Extension: (Norton Identity Safe) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\njgpiocdhdmnglomggfjkkonjjfahnom [2014-06-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-06-15]
CHR Extension: (Gmail) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-29]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-29]
CHR HKLM-x32\...\Chrome\Extension: [eefhnbpnnaaokmclnihgajdnlgljajjg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ggebenakhmhfdkmkemdmllecchcldgec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [777744 2015-10-29] (Garmin Ltd. or its subsidiaries)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [154656 2016-01-18] (Prosoftnet)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.5.5.15\N360.exe [282016 2015-11-20] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [216080 2012-07-26] (Nitro PDF Software)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [15552 2012-11-08] (Seagate Technology LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20160125.001_716\BHDrvx64.sys [1665608 2016-01-25] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605050.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-17] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20160128.001\IDSvia64.sys [767224 2016-01-27] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20160129.001\ENG64.SYS [138488 2016-01-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20160129.001\EX64.SYS [2148080 2016-01-27] (Symantec Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R1 RemotePCHelpDesk; C:\Windows\system32\DRIVERS\RemotePCHelpDesk.sys [13120 2012-10-05] (Pro Softnet Crop provider)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605050.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605050.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605050.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-29 14:32 - 2016-01-29 14:33 - 00025767 _____ C:\Users\Wally\Desktop\FRST.txt
2016-01-29 14:32 - 2016-01-29 14:32 - 00000000 ____D C:\FRST
2016-01-29 14:31 - 2016-01-29 14:32 - 02370560 _____ (Farbar) C:\Users\Wally\Desktop\FRST64.exe
2016-01-29 13:42 - 2016-01-29 13:42 - 00000768 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt
2016-01-29 12:32 - 2016-01-29 12:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Identity Safe
2016-01-29 10:57 - 2016-01-29 10:59 - 00076120 _____ C:\TDSSKiller.3.1.0.9_29.01.2016_10.57.36_log.txt
2016-01-29 10:56 - 2016-01-29 10:56 - 25543261 _____ C:\Users\Wally\Desktop\cce_2.5.242177.201_x64.zip
2016-01-29 08:37 - 2016-01-29 08:37 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Wally\Desktop\tdsskiller.exe
2016-01-29 08:37 - 2016-01-29 08:37 - 00004490 _____ C:\TDSSKiller.3.1.0.9_29.01.2016_08.37.30_log.txt
2016-01-28 15:17 - 2016-01-28 15:17 - 00001889 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-01-28 15:17 - 2016-01-28 15:17 - 00000000 ____D C:\Users\Wally\AppData\Roaming\SUPERAntiSpyware.com
2016-01-28 15:17 - 2016-01-28 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-01-28 15:16 - 2016-01-28 15:16 - 24553296 _____ (SUPERAntiSpyware) C:\Users\Wally\Desktop\SUPERAntiSpyware.exe
2016-01-28 13:49 - 2016-01-28 14:32 - 00000000 ____D C:\EEK
2016-01-28 13:48 - 2016-01-28 13:48 - 210336376 _____ C:\Users\Wally\Desktop\EmsisoftEmergencyKit.exe
2016-01-28 09:49 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 09:49 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 09:49 - 2016-01-16 00:44 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-28 09:49 - 2016-01-16 00:26 - 19338752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-28 09:49 - 2016-01-16 00:24 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-28 09:48 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 09:48 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 09:48 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 09:48 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 09:48 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 09:48 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 09:48 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 09:48 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 09:48 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 09:48 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 09:48 - 2016-01-16 01:21 - 22572624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-01-28 09:48 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 09:48 - 2016-01-16 01:20 - 06600904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-01-28 09:48 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 09:48 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 09:48 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 09:48 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 09:48 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 09:48 - 2016-01-16 01:17 - 21125400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-01-28 09:48 - 2016-01-16 01:16 - 05238360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-01-28 09:48 - 2016-01-16 01:13 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-01-28 09:48 - 2016-01-16 01:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-01-28 09:48 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 09:48 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 09:48 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 09:48 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 09:48 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 09:48 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 09:48 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 09:48 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 09:48 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 09:48 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 09:48 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 09:48 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 09:48 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 09:48 - 2016-01-16 00:40 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-01-28 09:48 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 09:48 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 09:48 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 09:48 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 09:48 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 09:48 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 09:48 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 09:48 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 09:48 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 09:48 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 09:48 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 09:48 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 09:48 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 09:48 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 09:48 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 09:48 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 09:48 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 09:48 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 09:48 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 09:48 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 09:48 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 09:48 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 09:48 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 09:48 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 09:48 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 09:48 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 09:48 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 09:48 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 09:48 - 2016-01-16 00:32 - 24602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-28 09:48 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 09:48 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 09:48 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 09:48 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 09:48 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 09:48 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 09:48 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 09:48 - 2016-01-16 00:30 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-28 09:48 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 09:48 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 09:48 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 09:48 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 09:48 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 09:48 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 09:48 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 09:48 - 2016-01-16 00:28 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-01-28 09:48 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 09:48 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 09:48 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 09:48 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 09:48 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 09:48 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 09:48 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 09:48 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 09:48 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 09:48 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 09:48 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 09:48 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 09:48 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 09:48 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 09:48 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 09:48 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 09:48 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 09:48 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 09:48 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 09:48 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 09:48 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 09:48 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 09:48 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 09:48 - 2016-01-16 00:19 - 12126208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-28 09:48 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 09:48 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 09:48 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 09:48 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-28 09:48 - 2016-01-16 00:18 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-01-28 09:48 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 09:48 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 09:48 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 09:48 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 09:48 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 09:48 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 09:48 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 09:48 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-28 09:48 - 2016-01-16 00:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-01-28 08:16 - 2016-01-28 08:16 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2016-01-27 17:21 - 2016-01-27 17:21 - 00014809 _____ C:\Users\Wally\Desktop\ad11adqp-1.pdf
2016-01-27 17:20 - 2016-01-27 17:20 - 00014807 _____ C:\Users\Wally\Desktop\ad11adqp.pdf
2016-01-27 16:32 - 2016-01-27 16:44 - 00498024 _____ C:\Users\Wally\Desktop\BASE App.pdf
2016-01-27 09:30 - 2016-01-27 09:30 - 00025088 _____ C:\Users\Wally\Desktop\qcheck2015.xls
2016-01-27 09:16 - 2016-01-27 09:23 - 00003289 _____ C:\Users\Wally\Desktop\qcheck2015.TXT
2016-01-25 15:12 - 2015-12-30 14:20 - 07549473 _____ C:\Users\Wally\Desktop\DebtManagementApp.pdf
2016-01-25 10:04 - 2016-01-25 10:04 - 00000298 _____ C:\Users\Wally\Desktop\xxxexportemail.txt
2016-01-24 12:00 - 2016-01-24 12:01 - 05243562 _____ C:\Users\Wally\Downloads\SampleBusinessCreditReport.zip
2016-01-24 10:35 - 2016-01-28 09:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-22 17:17 - 2016-01-22 17:17 - 00022424 _____ C:\Users\Wally\Desktop\Tucker Albin Associates Letter.pdf
2016-01-22 17:17 - 2016-01-22 17:17 - 00020905 _____ C:\Users\Wally\Desktop\PDL Recovery Letter.pdf
2016-01-21 16:04 - 2016-01-21 16:04 - 00288623 _____ C:\Users\Wally\Downloads\116382244.pdf
2016-01-20 11:10 - 2016-01-28 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDrive
2016-01-20 11:10 - 2016-01-20 11:10 - 00001249 _____ C:\Users\Public\Desktop\IDrive.lnk
2016-01-20 11:10 - 2015-11-25 13:03 - 00533776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml.dll
2016-01-20 11:10 - 2015-11-25 13:03 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll
2016-01-15 12:54 - 2016-01-15 12:54 - 00023040 _____ C:\Users\Wally\Downloads\bank-routing (1).xls
2016-01-15 12:53 - 2016-01-15 12:53 - 00023040 _____ C:\Users\Wally\Downloads\bank-routing.xls
2016-01-15 10:59 - 2016-01-15 10:59 - 03023349 _____ C:\Users\Wally\Desktop\FedACHdir.txt
2016-01-15 09:31 - 2016-01-15 09:31 - 00683965 _____ C:\Users\Wally\Downloads\01-14-2016.pdf
2016-01-15 07:51 - 2016-01-28 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-15 07:51 - 2016-01-15 07:51 - 00002864 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-01-15 07:51 - 2016-01-15 07:51 - 00000903 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-15 07:51 - 2016-01-15 07:51 - 00000000 ____D C:\Program Files\CCleaner
2016-01-15 07:50 - 2016-01-15 07:50 - 06805328 _____ (Piriform Ltd) C:\Users\Wally\Downloads\ccsetup513.exe
2016-01-15 07:46 - 2016-01-28 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-01-15 07:46 - 2016-01-15 07:46 - 00002049 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-01-14 10:24 - 2016-01-14 10:24 - 00301687 _____ C:\Users\Wally\Desktop\Srbu-prt-un16011408020.pdf
2016-01-14 09:51 - 2016-01-14 09:51 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (22).exe
2016-01-13 15:49 - 2016-01-21 16:34 - 00020132 _____ C:\Users\Wally\Desktop\cashflow2015.xlsx
2016-01-13 08:35 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 08:35 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-13 08:35 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-13 08:35 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 08:35 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 08:35 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-13 08:35 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-13 08:35 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 08:35 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 08:35 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 08:35 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 08:35 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-13 08:35 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-13 08:35 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 08:35 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 08:35 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 08:35 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-13 08:35 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 08:35 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-13 08:35 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 08:35 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 08:35 - 2016-01-04 21:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-13 08:35 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 08:35 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 08:35 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 08:35 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 08:35 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 08:35 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 08:35 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-13 08:35 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-13 08:35 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-13 08:35 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-13 08:35 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-13 08:35 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 08:35 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-13 08:35 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-13 08:35 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-13 08:35 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-13 08:35 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-13 08:35 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 08:35 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-13 08:35 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-13 08:35 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-13 08:35 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 08:35 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 08:35 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-13 08:35 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-13 08:35 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 08:35 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 08:35 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 08:35 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-13 08:35 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-13 08:35 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-13 08:35 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 08:35 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-13 08:35 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-13 08:35 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 08:35 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-13 08:35 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 08:35 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-13 08:35 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-13 08:35 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 08:35 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-13 08:35 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 08:35 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 08:35 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 08:35 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-13 08:35 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-13 08:35 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-13 08:35 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-13 08:35 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-13 08:35 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-13 08:35 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-13 07:57 - 2016-01-13 07:57 - 00198327 _____ C:\Users\Wally\Desktop\OccidentalApp3Pgs.pdf
2016-01-12 13:38 - 2016-01-12 13:38 - 00348995 _____ C:\Users\Wally\Desktop\Occidental MPA 121815.pdf
2016-01-12 11:05 - 2016-01-12 11:53 - 00000000 ____D C:\Users\Wally\AppData\Local\Blue Jeans
2016-01-12 11:05 - 2016-01-12 11:05 - 00000000 ____D C:\Users\Wally\AppData\LocalLow\Blue Jeans
2016-01-12 08:07 - 2016-01-12 08:07 - 00682812 _____ C:\Users\Wally\Downloads\12-14-2015 (1).pdf
2016-01-10 09:08 - 2016-01-10 09:08 - 05299712 _____ C:\Users\Wally\Downloads\ZohoAssist.msi
2016-01-09 09:52 - 2016-01-09 09:52 - 00112023 _____ C:\Users\Wally\Desktop\PDLRecovery.pdf
2016-01-08 14:30 - 2016-01-28 10:25 - 00000000 ____D C:\Users\Wally\AppData\Local\Mozilla Thunderbird
2016-01-07 16:23 - 2016-01-07 16:23 - 00577728 _____ (Zoho) C:\Users\Wally\Downloads\UnattendedClient.exe
2016-01-07 13:05 - 2016-01-12 12:31 - 00000000 ____D C:\Users\Wally\AppData\Local\ZohoMeeting
2016-01-07 13:05 - 2016-01-07 13:05 - 00577728 _____ (Zoho) C:\Users\Wally\Downloads\Join.exe
2016-01-07 13:05 - 2016-01-07 13:05 - 00000000 ____D C:\Program Files (x86)\ZohoMeeting
2016-01-07 12:28 - 2016-01-07 12:28 - 14100240 _____ (LogMeIn, Inc.) C:\Users\Wally\Downloads\join.me (8).exe
2016-01-07 12:10 - 2016-01-07 12:10 - 14100240 _____ (LogMeIn, Inc.) C:\Users\Wally\Downloads\join.me (7).exe
2016-01-06 11:04 - 2016-01-06 11:04 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (21).exe
2016-01-06 11:04 - 2016-01-06 11:04 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (20).exe
2016-01-06 10:56 - 2016-01-06 10:56 - 14100240 _____ (LogMeIn, Inc.) C:\Users\Wally\Downloads\join.me (6).exe
2016-01-05 07:51 - 2016-01-05 08:00 - 00000000 ____D C:\Users\Wally\AppData\LocalLow\WebEx
2016-01-05 07:51 - 2016-01-05 07:52 - 00000000 ____D C:\ProgramData\WebEx
2016-01-05 07:51 - 2016-01-05 07:51 - 00318383 _____ C:\Users\Wally\AppData\LocalLow\Pre96EC.tmp
2016-01-05 07:51 - 2016-01-05 07:51 - 00300792 _____ (Cisco WebEx LLC) C:\Users\Wally\Downloads\X19fbWVldGluZ3NfMzkzODMyNjE2Ml9YOE9QWUJZSzhZQ0JQSDVWRjRUMVZQWE5WNl9XQlgxMV9l_webex.exe
2016-01-05 07:51 - 2016-01-05 07:51 - 00297645 _____ C:\Users\Wally\AppData\LocalLow\Pre9351.tmp
2016-01-05 07:51 - 2016-01-05 07:51 - 00142137 _____ C:\Users\Wally\AppData\LocalLow\Pre90BF.tmp
2016-01-04 16:56 - 2016-01-04 16:56 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (19).exe
2016-01-04 16:55 - 2016-01-04 16:55 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (18).exe
2016-01-04 16:50 - 2016-01-04 16:50 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (17).exe
2016-01-04 16:48 - 2016-01-04 16:48 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (16).exe
2016-01-04 16:46 - 2016-01-04 16:47 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (15).exe
2016-01-04 16:26 - 2016-01-04 16:26 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (14).exe
2016-01-04 16:26 - 2016-01-04 16:26 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (13).exe
2016-01-04 15:03 - 2016-01-04 15:03 - 14100240 _____ (LogMeIn, Inc.) C:\Users\Wally\Downloads\join.me (5).exe
2016-01-04 14:21 - 2016-01-04 14:21 - 00003254 _____ C:\WINDOWS\System32\Tasks\{34D3AB12-8046-4169-BCED-3C2AD50881F1}
2016-01-04 12:21 - 2016-01-04 12:21 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (12).exe
2016-01-04 12:13 - 2016-01-04 12:13 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFiles (3).exe
2016-01-04 12:10 - 2016-01-04 12:10 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (11).exe
2016-01-04 11:50 - 2016-01-04 11:50 - 14100240 _____ (LogMeIn, Inc.) C:\Users\Wally\Downloads\join.me (4).exe
2016-01-04 10:32 - 2016-01-04 10:32 - 03148994 _____ C:\Users\Wally\Downloads\QCheckExpireFix (1).exe
2016-01-04 08:18 - 2016-01-04 08:18 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (10).exe
2016-01-03 11:18 - 2016-01-03 11:18 - 14100240 _____ (LogMeIn, Inc.) C:\Users\Wally\Downloads\join.me (3).exe
2016-01-03 11:17 - 2016-01-03 11:17 - 14100240 _____ (LogMeIn, Inc.) C:\Users\Wally\Downloads\join.me (2).exe
2016-01-03 11:03 - 2016-01-03 11:03 - 14100240 _____ (LogMeIn, Inc.) C:\Users\Wally\Downloads\join.me (1).exe
2016-01-03 10:24 - 2016-01-03 10:24 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFiles (2).exe
2016-01-03 10:18 - 2016-01-03 10:18 - 00025178 _____ C:\Users\Wally\Documents\list.xlsx
2016-01-03 10:16 - 2016-01-03 10:16 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFiles (1).exe
2016-01-03 10:07 - 2016-01-03 10:07 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFiles.exe
2016-01-03 09:12 - 2016-01-03 09:12 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (9).exe
2016-01-03 08:49 - 2016-01-03 08:49 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (8).exe
2016-01-03 08:47 - 2016-01-03 08:47 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (7).exe
2016-01-02 16:35 - 2016-01-02 16:35 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (6).exe
2016-01-02 16:31 - 2016-01-02 16:31 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (5).exe
2016-01-02 15:06 - 2016-01-02 15:06 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (4).exe
2016-01-02 14:59 - 2016-01-02 15:00 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (3).exe
2016-01-02 14:58 - 2016-01-02 14:58 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (2).exe
2016-01-02 14:55 - 2016-01-02 14:55 - 07229045 _____ (Q~Check ) C:\Users\Wally\Downloads\QCheck2015Update (1).exe
2016-01-02 14:46 - 2016-01-02 14:46 - 03148994 _____ C:\Users\Wally\Downloads\QCheckExpireFix.exe
2016-01-02 11:02 - 2016-01-02 11:02 - 00000000 ____D C:\Users\Wally\AppData\Roaming\join.me
2016-01-02 10:58 - 2016-01-02 11:01 - 21883392 _____ C:\Users\Wally\Downloads\join.me.msi
2016-01-02 10:04 - 2016-01-02 10:05 - 04165073 _____ C:\Users\Wally\Downloads\QCheckUpdateEBSSoftware (1).exe
2016-01-02 10:04 - 2016-01-02 10:04 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (1).exe
2016-01-02 10:02 - 2016-01-02 10:02 - 04165073 _____ C:\Users\Wally\Downloads\QCheckUpdateEBSSoftware.exe
2016-01-02 10:00 - 2016-01-02 10:01 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck.exe
2016-01-02 09:54 - 2016-01-02 09:54 - 07229045 _____ (Q~Check ) C:\Users\Wally\Downloads\QCheck2015Update.exe
2016-01-02 09:27 - 2016-01-02 09:27 - 07229045 _____ (Q~Check ) C:\Users\Wally\Downloads\QCheck_Repair (2).exe
2016-01-02 09:07 - 2016-01-02 09:07 - 07229045 _____ (Q~Check ) C:\Users\Wally\Downloads\QCheck_Repair (4).exe
2016-01-02 09:06 - 2016-01-02 09:06 - 07229045 _____ (Q~Check ) C:\Users\Wally\Downloads\QCheck_Repair (3).exe
2015-12-31 12:26 - 2016-01-13 15:55 - 00001665 _____ C:\Users\Public\Desktop\Q~Check.lnk
2015-12-30 11:37 - 2015-12-30 11:37 - 00029650 _____ C:\Users\Wally\Downloads\Single-or-Recurring-Invoice-Charge-Authorization.docx
2015-12-30 10:35 - 2015-12-30 10:35 - 03760672 _____ (Screenleap, Inc.) C:\Users\Wally\Downloads\ScreenleapInst.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-29 14:06 - 2015-12-01 09:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2016-01-29 13:58 - 2012-08-30 16:02 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-29 13:57 - 2015-12-02 12:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-29 13:57 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-29 13:47 - 2012-08-31 00:42 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-29 13:33 - 2012-08-31 11:17 - 00000000 ____D C:\@Q~Check Verify Client Load
2016-01-29 12:46 - 2012-08-30 16:02 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-29 12:21 - 2015-06-15 11:17 - 00000000 ____D C:\ProgramData\IDrive
2016-01-29 11:55 - 2014-01-09 09:37 - 00002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-29 11:09 - 2015-02-18 12:32 - 00000000 ____D C:\ZZZ
2016-01-29 10:55 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-29 08:38 - 2015-12-02 12:13 - 00000000 ____D C:\Users\Wally
2016-01-29 08:25 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-29 08:23 - 2015-08-29 10:13 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{96EF3B55-7427-446B-BB87-4588D105ADA6}
2016-01-28 16:31 - 2015-12-02 12:12 - 01009756 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-28 16:31 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-28 15:28 - 2012-09-02 14:16 - 00000000 ____D C:\EFTPC
2016-01-28 15:17 - 2015-06-25 09:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-28 14:23 - 2015-08-29 09:11 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-28 14:22 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-28 14:19 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-28 14:19 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-28 14:19 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-28 14:19 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-28 14:19 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-28 14:19 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-28 14:19 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-28 13:44 - 2015-01-23 11:43 - 00000000 ____D C:\Q~Check
2016-01-28 10:20 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-28 08:22 - 2014-12-24 08:21 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-28 08:17 - 2015-12-23 11:50 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL
2016-01-28 08:14 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-28 08:07 - 2012-09-05 12:09 - 00000000 ____D C:\Users\Wally\AppData\Roaming\IrfanView
2016-01-28 08:07 - 2012-08-30 17:22 - 00000000 ____D C:\ProgramData\Norton
2016-01-28 08:03 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\registration
2016-01-27 17:21 - 2012-09-04 10:41 - 00000000 ____D C:\Users\Wally\AppData\Roaming\PrimoPDF
2016-01-27 12:43 - 2015-12-02 14:01 - 00000000 ____D C:\Users\Wally\AppData\Local\Deployment
2016-01-25 11:04 - 2012-11-11 08:15 - 00000000 ____D C:\Users\Wally\Documents\MailStore Home
2016-01-25 11:04 - 2012-11-11 08:15 - 00000000 ____D C:\ProgramData\firebird
2016-01-22 14:18 - 2015-09-23 15:21 - 00000000 ____D C:\Stocks
2016-01-22 13:49 - 2012-08-31 11:51 - 00000000 ____D C:\@Backups
2016-01-22 12:27 - 2012-08-31 12:00 - 00000000 ____D C:\QInvoice
2016-01-20 11:10 - 2015-06-15 11:17 - 00000000 ____D C:\Program Files (x86)\IDriveWindows
2016-01-18 08:20 - 2012-09-01 08:53 - 00000000 ____D C:\@Webs Q~Check
2016-01-17 09:37 - 2012-09-01 07:29 - 00000000 ____D C:\Users\Wally\AppData\Roaming\FileZilla
2016-01-17 09:36 - 2012-09-01 07:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-01-17 09:36 - 2012-09-01 07:29 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2016-01-15 12:49 - 2012-09-01 08:41 - 00000000 ____D C:\@Q~Check Platinum
2016-01-15 10:06 - 2014-01-19 10:34 - 00000000 ____D C:\Users\Wally\AppData\Local\Spotify
2016-01-15 10:05 - 2014-01-19 10:33 - 00000000 ____D C:\Users\Wally\AppData\Roaming\Spotify
2016-01-15 07:53 - 2015-03-01 09:04 - 00000000 ____D C:\Users\Wally\AppData\Local\Packages
2016-01-15 07:46 - 2014-02-11 13:22 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-01-15 07:46 - 2009-07-13 21:34 - 00000854 _____ C:\WINDOWS\system32\Drivers\etc\hosts.bak
2016-01-14 15:11 - 2013-06-18 13:49 - 00000000 ____D C:\Program Files (x86)\FollowUpExpert_NEW
2016-01-13 09:33 - 2013-07-20 02:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 09:22 - 2012-09-01 07:27 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-10 10:05 - 2014-11-10 10:11 - 00000000 ____D C:\Home Files
2016-01-07 12:28 - 2012-12-05 08:49 - 00001095 _____ C:\Users\Wally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2016-01-07 12:28 - 2012-12-05 08:49 - 00001087 _____ C:\Users\Wally\Desktop\join.me.lnk
2016-01-07 12:28 - 2012-12-05 08:49 - 00000000 ____D C:\Users\Wally\AppData\Local\join.me
2016-01-07 08:38 - 2014-05-09 14:34 - 00000000 ____D C:\@Q~Check Update
2016-01-05 13:52 - 2013-06-20 09:51 - 00000000 ____D C:\Downloads Save
2016-01-05 08:00 - 2015-01-17 11:58 - 00000000 ____D C:\Users\Wally\AppData\Roaming\webex
2016-01-04 11:08 - 2012-08-30 14:55 - 00051848 _____ C:\Users\Wally\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-02 20:40 - 2015-10-30 02:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 20:40 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-01 10:11 - 2015-12-02 12:04 - 00292768 _____ C:\WINDOWS\system32\FNTCACHE.DAT
==================== Files in the root of some directories =======
2014-10-16 16:24 - 2014-10-16 16:24 - 14016000 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-04-05 07:42 - 2014-09-15 10:06 - 0000096 _____ () C:\Users\Wally\AppData\Roaming\Camdata.ini
2013-04-05 07:42 - 2014-09-15 10:06 - 0000408 _____ () C:\Users\Wally\AppData\Roaming\CamLayout.ini
2013-04-05 07:42 - 2014-09-15 10:06 - 0000408 _____ () C:\Users\Wally\AppData\Roaming\CamShapes.ini
2013-04-05 07:22 - 2014-09-15 10:06 - 0004509 _____ () C:\Users\Wally\AppData\Roaming\CamStudio.cfg
2013-04-05 07:28 - 2013-08-20 09:40 - 0000000 _____ () C:\Users\Wally\AppData\Roaming\CamStudio.Producer.Data.ini
2013-04-05 07:28 - 2013-08-20 09:40 - 0001206 _____ () C:\Users\Wally\AppData\Roaming\CamStudio.Producer.ini
2012-09-05 16:11 - 2014-04-21 17:44 - 1101110 _____ () C:\Users\Wally\AppData\Roaming\wallyb.zip
2014-02-11 11:35 - 2014-03-01 18:31 - 0106780 _____ () C:\Users\Wally\AppData\Local\ars.cache
2014-02-11 11:35 - 2014-03-01 18:31 - 0316962 _____ () C:\Users\Wally\AppData\Local\census.cache
2014-02-11 08:54 - 2014-02-11 08:54 - 0000036 _____ () C:\Users\Wally\AppData\Local\housecall.guid.cache
2014-02-11 08:59 - 2014-03-01 16:22 - 0000010 _____ () C:\Users\Wally\AppData\Local\sponge.last.runtime.cache
2015-04-06 14:07 - 2015-04-06 14:07 - 0000057 _____ () C:\ProgramData\Ament.ini
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-28 13:13
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Wally (2016-01-29 14:33:54)
Running from C:\Users\Wally\Desktop
Windows 10 Home (X64) (2015-12-02 17:41:55)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1830817234-4242773262-1291581639-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1830817234-4242773262-1291581639-503 - Limited - Disabled)
Guest (S-1-5-21-1830817234-4242773262-1291581639-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1830817234-4242773262-1291581639-1008 - Limited - Enabled)
Wally (S-1-5-21-1830817234-4242773262-1291581639-1000 - Administrator - Enabled) => C:\Users\Wally
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0614.2130 - )
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
ccc-core-static (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
EFT for Windows - PC (HKLM-x32\...\{64B9066E-B875-437C-9449-C5294E2F640F}) (Version: 5.0.17 - ETT Consulting)
EFT Network Bill Printer (HKLM-x32\...\{30CDDA59-AF24-4A6E-9074-ABBAA50D91A9}) (Version: 1.0.0.0 - EFT Network, Inc.)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Elevated Installer (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Email Address Collector (HKLM-x32\...\{FB25F780-AA76-4479-BDEE-032CE9A9DE18}) (Version: 6.0.190 - DS Development)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Fidelity Active Trader Pro® (HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\b5fb46aa4436cce0) (Version: 10.6.445.0 - Fidelity Investments)
Fidelity Active Trader Pro® (x32 Version: 10.3.1571.0 - Fidelity Investments) Hidden
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
FollowUpExpert 4.5 Personal (HKLM-x32\...\FollowUpExpert_is1) (Version: 4.5 Personal - Xtreeme)
Garmin Express (HKLM-x32\...\{b292f4e5-60ca-4bb8-8810-e5f908c3c1ff}) (Version: 4.1.10.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDrive Version - 6.0 (HKLM-x32\...\IDrive_is1) (Version: 6.0 - Pro Softnet Corp)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java SE Runtime Environment 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
join.me (HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\JoinMe) (Version: 2.11.0.1717 - LogMeIn, Inc.)
join.me.launcher (x32 Version: 1.0.624.0 - LogMeIn, Inc.) Hidden
Kinovea (HKLM-x32\...\Kinovea) (Version: 0.8.15 - Kinovea)
Kutools for Excel 7.5.5.0 (HKLM-x32\...\{A095BA43-4A97-4D55-8E25-A0BC46F10765}_is1) (Version: - Detong)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
MailStore Home 8.2.0.9316 (HKLM-x32\...\MailStore Home_universal1) (Version: 8.2.0.9316 - MailStore Software GmbH)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
Microsoft FrontPage 2000 (HKLM-x32\...\{00120409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Games for Windows 8 x64 (HKLM\...\{B6047A78-062F-4C6F-A82D-B94DAF72FB73}) (Version: 1.2 - Microsoft)
Microsoft GIF Animator (HKLM-x32\...\GIF Animator) (Version: - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 en-US)) (Version: 31.6.0 - Mozilla)
Mozilla Thunderbird 38.5.1 (x86 en-US) (HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\Mozilla Thunderbird 38.5.1 (x86 en-US)) (Version: 38.5.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetStudio 1.0 (HKLM-x32\...\NetStudio 1.0) (Version: - )
Nitro Reader 2 (HKLM\...\{6525B44C-36F1-433F-A465-710E9D544389}) (Version: 2.5.0.36 - Nitro PDF Software)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.5.5.15 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)
Open PLS in Windows Media Player 2.3.0 (HKLM-x32\...\{F868C16D-75F8-4EE8-BCBF-422D0833415D}_is1) (Version: 2.3 - Jon Galloway)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.2 - Panda Security)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 10.0 - PlotSoft LLC)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Q~Check (HKLM-x32\...\{69F66DC9-806D-4EF0-8330-20AE733E670B}) (Version: 3.1.2.10 - Q~Check)
Quicken 2004 (HKLM-x32\...\InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}) (Version: 13.00.0000 - Intuit)
Quicken 2004 (x32 Version: 13.00.0000 - Intuit) Hidden
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.8.8 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 2.4.1546.4 - AMD)
RAIDXpert (x32 Version: 2.4.1546.4 - AMD) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Sansa Updater (HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\Sansa Updater) (Version: 1.313 - SanDisk Corporation)
Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.2.15.0 - Seagate)
Simple CSS 2.1 (HKLM-x32\...\{0379CF3E-BED6-474C-AE96-D07E8D7763AC}_is1) (Version: - HostM.com Web Hosting)
Skins (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
Spotify (HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\Spotify) (Version: 1.0.20.101.ge6957e14 - Spotify AB)
Stylizer 6 (HKLM-x32\...\Skybound Stylizer 6) (Version: 6 - Skybound Research Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WebViewer Plugin (HKLM-x32\...\InstallShield_{2DEF112F-847B-4DC4-9FC9-97EB52E2D7FC}) (Version: 2.1.0.04 - Samsung Techwin Co., Ltd.)
WebViewer Plugin (x32 Version: 2.1.0.04 - Samsung Techwin Co., Ltd.) Hidden
Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 1.1.0.10 - )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinZip (HKLM-x32\...\WinZip) (Version: 9.0 SR-1 (6224) - WinZip Computing, Inc.)
Zoho Assist (HKLM-x32\...\Zoho Assist) (Version: 11.0.1.39 - Zoho Corp Pvt Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1830817234-4242773262-1291581639-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Wally\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\FileCoAuth.exe (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0269ADB3-A243-4A1E-BF4C-671567FE99E2} - System32\Tasks\Wally DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2012-11-08] (Seagate Technology LLC)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {114600DF-CBB7-4183-B245-CECCA0829D8F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {19774FB7-1BAB-49F3-8C64-24C084A94231} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1E06D6AD-BDB1-4953-A84F-8F0886A5303A} - System32\Tasks\Mozilla Thunderbird Back UP => C:\Program Files (x86)\MozBackup\MozBackup.exe [2011-03-29] ()
Task: {1E6A8A01-9E83-4B11-9480-383A347F5DCA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {1FFDCD61-8D4F-4510-AFD9-69506A0973F9} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {20D5C812-AE4C-41E0-8A19-616585D17B1D} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {2314E0A8-5B30-41E1-AAE4-DA662C01E3AC} - System32\Tasks\{D9305164-923A-43F0-935C-B8009E4D3056} => C:\Program Files (x86)\CamStudio 2.7\Recorder.exe [2013-01-16] (CamStudio Group)
Task: {25A7E465-D945-42EC-8CC6-E37B94C9B3AC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {2C56486D-F36B-4FCD-B9BA-63C82DC4985F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {30E2C1A0-C96A-4CDF-9E7A-BAFFF3C7B58F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {335B8F69-1E65-4840-9963-2D90626AC7C7} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {33EEBFB9-61A6-4910-84F8-F7FA8A2E2E7B} - System32\Tasks\AdobeAAMUpdater-1.0-Wally_Office-Wally => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {3F8D9491-499B-426E-87FD-283C5C095163} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {467038AF-D565-4971-ABBF-65D263948BA8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {482AB784-EE06-4289-9AD5-C14FF867AA89} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-13] (Microsoft Corporation)
Task: {4AB6EEE3-ED17-4DD1-B2AA-3376DEF2E654} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {51CA6164-54CF-4F89-BF13-7B7C6E790713} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.5.5.15\WSCStub.exe [2015-11-20] (Symantec Corporation)
Task: {5BF6C59C-5FB5-457C-9B7F-F3A87D069C8D} - System32\Tasks\{3E57C3C1-8E76-4159-90BB-4AF04C7F4EE3} => C:\Program Files (x86)\CamStudio 2.7\Recorder.exe [2013-01-16] (CamStudio Group)
Task: {5C6BCCF9-F53D-43C6-B626-3FBC8B5306A1} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {64E0CA4B-82D0-49C2-9D0F-98CB14CABF04} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6B14569C-AD73-4172-B56F-1972064977B9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {6B2738AA-7F6B-41C7-9931-F122B25A32C5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {7150B223-F8DA-48F0-947F-8DABF4BD8BDD} - System32\Tasks\Wally Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-11-08] (Seagate Technology LLC)
Task: {7209A559-A53E-497D-98A3-02C6E8307BC7} - System32\Tasks\{DB7FD5F9-5013-4E55-8FA9-93C69335DC21} => pcalua.exe -a C:\Users\Wally\Downloads\MozBackup-1.5.1-EN.exe -d C:\Users\Wally\Downloads
Task: {757BE5C8-4AFF-4B3C-9B2B-2AE5ED4068D0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {787A5B11-A336-465D-A225-B8CEFA566F48} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7C0F8A3A-4208-45BB-88E8-587A94CA4648} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {8551CF4E-28AA-46D4-AAD3-E84653CE3097} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {869942E9-5840-427D-AD86-52F8ED0CC2D4} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {896CB57B-8D46-4BB3-AFAC-1D241B12903E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {930632E5-20CC-413F-ADB5-5A0962C7C5DC} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {951CC03A-6898-4CA0-B1A5-2A7E53E1E449} - System32\Tasks\Wally => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-11-08] (Seagate Technology LLC)
Task: {96E5714A-9C22-4378-96ED-BE145A097907} - System32\Tasks\{08044923-4F15-4F1B-905C-A49F752F3A2D} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {98AEE5DD-58B4-46B6-9F25-E518E75E37C9} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {99E1678D-162B-4543-B687-7C381C790B67} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {9C17AC84-F6E3-4DD8-8AFA-5CB0A66345BF} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A0A144D5-8C87-4BF8-9E0D-02CF3BD58401} - System32\Tasks\{7010CEC6-BDD9-4F31-AF13-1F29D3FEE440} => pcalua.exe -a "C:\Users\Wally\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T715A5JQ\EFT57PC.exe" -d C:\Users\Wally\Desktop
Task: {A0E477D3-1C30-4120-9E6A-4A5DFD7599B3} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {A515CB0D-94ED-416E-8E97-6B59DB7741BC} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-10-29] ()
Task: {ADB774C0-F853-4C96-A5A9-2ED49072DFC2} - System32\Tasks\Wally1 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-11-08] (Seagate Technology LLC)
Task: {ADD3C6EB-6155-4D0C-80D5-EC82FD41A6F4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AEC04DA0-02C2-4373-A06D-A8D793DF46A1} - System32\Tasks\{34D3AB12-8046-4169-BCED-3C2AD50881F1} => pcalua.exe -a C:\Q~Check\QCheckRun.exe -d C:\Users\Wally\Desktop
Task: {B89BA16B-A3C7-48F8-96C3-0CC3AD7CE7B3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {BE7CFCB5-D29A-4740-99AF-F0E96290FBE1} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {BF7AD5C1-C4EF-45D8-AAD2-A883779CA0C0} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {C1AC5D99-219D-4EEE-A77E-B33DEB84B4DF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C4F1E673-983C-441B-B442-F298C0C42ACE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CFA1A785-CFEA-4292-AE03-A16641BDEF84} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D1B316E0-1D24-4D09-B6FA-0B595090F755} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {D46EA7BD-4C2F-45AD-8607-C1BB8749D757} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D857C456-111D-4D24-9CCC-036B6A38BA57} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {DA4487C9-33AF-4292-A882-BFE7BA5DB962} - System32\Tasks\Wally1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-11-08] (Seagate Technology LLC)
Task: {E0CD07F0-E173-4C96-82BE-0A00534A6956} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E1FF1F1B-5673-4D98-A690-02F203BF6C4D} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {E74A8753-B487-45D8-99B9-F33B9CFAAE40} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {E776A1C5-EC39-43C1-9C9E-C935A662AF19} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {E92E4843-42DE-46E4-937F-838969081CD7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EECA74BB-F60E-4254-8E57-94A68207EC62} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F16DEA5B-298A-4968-89BC-26C124EC6E1E} - System32\Tasks\HPCustPartic.exe_{26C9BFC3-B518-476F-B9AD-7547865D94D2} => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {F2DD591C-2780-4E70-973E-3A2B4493CD40} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F92B87ED-FAAF-401E-A681-8C1964227A34} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Web Applications\www.freephonetracer.com\http_80\Phone Number Trace and Reverse Cell Phone Lookup.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.freephonetracer.com/FCPT.aspx?_act=RunASearch&sou=2&cam=3409&gclid=CKLWqc7pqbQCFQSf4AodNlkA-A
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2012-09-04 08:04 - 2011-02-28 17:37 - 00095008 _____ () C:\WINDOWS\System32\Primomonnt.dll
2015-12-03 09:06 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-03 09:06 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-20 11:10 - 2015-11-25 13:03 - 00601600 _____ () C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll
2015-04-15 15:13 - 2015-04-15 15:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-12-18 08:15 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 08:15 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-13 08:35 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 08:35 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 09:48 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 09:48 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-20 11:10 - 2015-11-25 13:03 - 00412672 _____ () C:\Program Files (x86)\IDriveWindows\Sync.dll
2012-07-09 02:46 - 2016-01-29 11:09 - 00271280 _____ () C:\ZZZ\CCE\themes\CCE.THEME
2012-07-09 02:46 - 2016-01-29 11:09 - 00075184 _____ () C:\ZZZ\CCE\scanners\smart.cav
2016-01-20 11:10 - 2016-01-18 16:27 - 00043520 _____ () C:\Program Files (x86)\IDriveWindows\RemoteManagement.dll
2016-01-20 11:10 - 2016-01-18 16:27 - 00013312 _____ () C:\Program Files (x86)\IDriveWindows\SqliteWrapper.dll
2016-01-20 11:10 - 2015-11-25 13:03 - 00834048 _____ () C:\Program Files (x86)\IDriveWindows\sqlite3.dll
2016-01-21 21:07 - 2016-01-21 21:07 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-21 21:07 - 2016-01-21 21:07 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-21 21:07 - 2016-01-21 21:07 - 02941440 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll
2016-01-21 21:07 - 2016-01-21 21:07 - 00583168 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\MessagingEntityExtractionProxy.dll
2016-01-21 21:07 - 2016-01-21 21:07 - 01300992 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\MessagingNativeBase.dll
2016-01-21 21:07 - 2016-01-21 21:08 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-01-29 11:50 - 2016-01-27 12:39 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
2016-01-29 11:50 - 2016-01-27 12:39 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libegl.dll
2016-01-08 14:30 - 2016-01-08 14:30 - 00153032 _____ () C:\Users\Wally\AppData\Local\Mozilla Thunderbird\NSLDAP32V60.dll
2016-01-08 14:30 - 2016-01-08 14:30 - 00022472 _____ () C:\Users\Wally\AppData\Local\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:F8AF2BB9
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\driversupport.com -> hxxps://apps.driversupport.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-01-29 13:49 - 2016-01-29 13:49 - 00000000 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Wally\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CrashPlan Tray.lnk => C:\Windows\pss\CrashPlan Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk => C:\Windows\pss\Quicken Scheduled Updates.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DBAgent => "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: KSS => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spotify => "C:\Users\Wally\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Wally\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Uploader => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\StartupApproved\Run: => "join.me.launcher"
HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [TCP Query User{C310B0B2-C6C5-4333-9120-F876B8851FBF}C:\@q~check verify client load\qcclientloadproj.exe] => (Allow) C:\@q~check verify client load\qcclientloadproj.exe
FirewallRules: [UDP Query User{68A20B20-A0D9-4F8C-95C8-B4029C3EA6A8}C:\@q~check verify client load\qcclientloadproj.exe] => (Allow) C:\@q~check verify client load\qcclientloadproj.exe
FirewallRules: [{4A48F3FD-2F81-4EF9-B3CD-DD943BB85880}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{8EF40FB2-EB90-435C-A7D3-82E37FFF5B8A}C:\users\wally\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\wally\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{343EBE89-B456-4600-8886-07ADB41E1E78}C:\users\wally\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\wally\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9FE3FF79-2914-41ED-82C0-29843476F8D1}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
FirewallRules: [{958A0AB3-BD1A-4B3D-830D-D0578031D0BA}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
FirewallRules: [{3916029B-F0DE-4B91-8C23-FDF6E7D45A4C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FAE2324D-402E-48E8-A124-D97156A45591}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{32BA2E80-AC95-4CEF-BEBE-0BBDC18759DA}C:\users\wally\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\wally\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{91E26AB1-B4C8-4860-AF2A-6B248C4DDF5C}C:\users\wally\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\wally\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C0B6B06E-9571-4AAF-83BE-B4F870DAA78C}] => (Allow) C:\Users\Wally\AppData\Local\Temp\7zS6752\HPDiagnosticCoreUI.exe
FirewallRules: [{F2AB59D8-0C24-4E78-BE4B-75E0C110E477}] => (Allow) C:\Users\Wally\AppData\Local\Temp\7zS6752\HPDiagnosticCoreUI.exe
FirewallRules: [{03142365-F1BE-44DE-9FD2-4DC1E660EEC4}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{FC950BAC-10AC-4709-9E1E-BB64C6E5A1CE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{DAC51916-2694-49F4-BC61-EC99841E1E5D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{DF056B9B-58E1-4104-BB1F-E9907213491A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{A2B03D02-47D9-4780-83CC-1AB9D5B74888}] => (Allow) LPort=5357
FirewallRules: [{0E50270B-7577-43B4-8DFD-59FC29FEEB0C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{5BFC5661-AD6A-4396-AD21-A042FEF4B3C3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
==================== Restore Points =========================
22-01-2016 15:43:22 Scheduled Checkpoint
28-01-2016 07:59:23 Restore Operation
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/29/2016 01:21:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ISAPISearchC:\WINDOWS\system32\query.dll8
Error: (01/29/2016 01:21:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ContentIndexC:\WINDOWS\system32\query.dll8
Error: (01/29/2016 01:21:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ContentFilterC:\WINDOWS\System32\query.dll8
Error: (01/29/2016 01:21:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (01/28/2016 10:20:55 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ISAPISearchC:\WINDOWS\system32\query.dll8
Error: (01/28/2016 10:20:55 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ContentIndexC:\WINDOWS\system32\query.dll8
Error: (01/28/2016 10:20:55 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ContentFilterC:\WINDOWS\System32\query.dll8
Error: (01/28/2016 08:22:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x56321fbb
Faulting module name: KERNELBASE.dll, version: 10.0.10586.0, time stamp: 0x5632da1c
Exception code: 0xe0434352
Fault offset: 0x000bd8a8
Faulting process id: 0x4cc
Faulting application start time: 0xesu.exe0
Faulting application path: esu.exe1
Faulting module path: esu.exe2
Report Id: esu.exe3
Faulting package full name: esu.exe4
Faulting package-relative application ID: esu.exe5
Error: (01/28/2016 08:22:03 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Net.WebException
at System.Net.ConnectStream.Read(Byte[], Int32, Int32)
at ProtoBuf.ProtoReader.Ensure(Int32, Boolean)
at ProtoBuf.ProtoReader.TryReadUInt32VariantWithoutMoving(Boolean, UInt32 ByRef)
at ProtoBuf.ProtoReader.TryReadUInt32Variant(UInt32 ByRef)
at ProtoBuf.ProtoReader.ReadFieldHeader()
at DynamicClass.proto_8(System.Object, ProtoBuf.ProtoReader)
at ProtoBuf.Serializers.CompiledSerializer.ProtoBuf.Serializers.IProtoSerializer.Read(System.Object, ProtoBuf.ProtoReader)
at ProtoBuf.Meta.RuntimeTypeModel.Deserialize(Int32, System.Object, ProtoBuf.ProtoReader)
at ProtoBuf.ProtoReader.ReadTypedObject(System.Object, Int32, ProtoBuf.ProtoReader, System.Type)
at ProtoBuf.ProtoReader.ReadObject(System.Object, Int32, ProtoBuf.ProtoReader)
at DynamicClass.proto_6(System.Object, ProtoBuf.ProtoReader)
at ProtoBuf.Serializers.CompiledSerializer.ProtoBuf.Serializers.IProtoSerializer.Read(System.Object, ProtoBuf.ProtoReader)
at ProtoBuf.Meta.RuntimeTypeModel.Deserialize(Int32, System.Object, ProtoBuf.ProtoReader)
at ProtoBuf.Meta.TypeModel.DeserializeCore(ProtoBuf.ProtoReader, System.Type, System.Object, Boolean)
at ProtoBuf.Meta.TypeModel.Deserialize(System.IO.Stream, System.Object, System.Type, ProtoBuf.SerializationContext)
at ProtoBuf.Serializer.Deserialize[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.IO.Stream)
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])
Error: (01/28/2016 08:16:48 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
System errors:
=============
Error: (01/29/2016 01:58:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053
Error: (01/29/2016 01:58:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.
Error: (01/29/2016 01:58:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058
Error: (01/29/2016 01:57:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_30ada service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (01/29/2016 01:47:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053
Error: (01/29/2016 01:47:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.
Error: (01/29/2016 01:46:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058
Error: (01/29/2016 01:46:59 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (01/29/2016 01:45:47 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Storage Service service did not shut down properly after receiving a preshutdown control.
Error: (01/29/2016 01:45:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_31c2c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
CodeIntegrity:
===================================
Date: 2016-01-28 14:27:23.223
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-15 07:29:03.139
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-07 07:15:48.480
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-01 10:18:18.142
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-31 08:31:17.048
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-19 17:42:56.199
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-10 17:16:33.163
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-10 08:33:03.746
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-05 10:19:48.683
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-04 03:50:21.143
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD Phenom 9750 Quad-Core Processor
Percentage of memory in use: 35%
Total physical RAM: 8191.11 MB
Available physical RAM: 5264.44 MB
Total Virtual: 16383.11 MB
Available Virtual: 13060.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:921.35 GB) (Free:827.78 GB) NTFS
Drive v: () (Fixed) (Total:0.04 GB) (Free:0.03 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: EFB2E745)
Partition 1: (Not Active) - (Size=39 MB) - (Type=06)
Partition 2: (Active) - (Size=10.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=921.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================