Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popup Windows cannot find ...\Roaming\5.exe


  • This topic is locked This topic is locked
41 replies to this topic

#1 KathyS158

KathyS158

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 PM

Posted 27 February 2015 - 09:53 AM

I have had the following popup for several days.  I have worked with Avast and Lenovo - both were unable to correct the situation.  Your help would be greatly appreciated.

 

Kathy



BC AdBot (Login to Remove)

 


#2 KathyS158

KathyS158
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 PM

Posted 27 February 2015 - 09:58 AM

I wanted to add that I found a post on bleeping computer with a list of things to perform.  I did everything on the list, in the order as prescribed - but the problem persists.  I have all the log files generated from following that list, but since I don't understand them, I don't know what additional steps to perform based on the results. 

 

Kathy



#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:57 AM

Posted 27 February 2015 - 10:33 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 KathyS158

KathyS158
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 PM

Posted 27 February 2015 - 11:42 AM

  1. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
    Ran by Kathy (administrator) on LENOVO-PC on 27-02-2015 11:39:12
    Running from C:\Users\Kathy\Downloads
    Loaded Profiles: Kathy & QBDataServiceUser24 & QBPOSDBSrvUser (Available profiles: Kathy & John & QBDataServiceUser22 & QBDataServiceUser24 & QBPOSDBSrvUser)
    Platform: Windows 8 Pro (X64) OS Language: English (United States)
    Internet Explorer Version 10 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\windows\System32\nvvsvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (Adobe Systems Incorporated) D:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    () C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe
    (Microsoft Corporation) C:\windows\System32\dasHost.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intuit, Inc.) C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v8\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\LBAI\LBAEvent.exe
    (LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
    (Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
    (Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    (Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 11.0\DatabaseServer\QBPOSDBService.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    (iAnywhere Solutions, Inc.) C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 11.0\DatabaseServer\QBDBMgr10.exe
    (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Service.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\Password Manager\password_manager.exe
    (Akamai Technologies, Inc.) C:\Users\Kathy\AppData\Local\Akamai\netsession_win.exe
    (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_desktop.exe
    (Akamai Technologies, Inc.) C:\Users\Kathy\AppData\Local\Akamai\netsession_win.exe
    (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_metro.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
    (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\password_manager.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Piriform Ltd) D:\Program Files\CCleaner\CCleaner64.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe
    () C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1AW.exe
    (NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
    () C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Awj.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    (Adobe Systems Inc.) D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
    (FLEXquarters.com Limited) D:\Program Files (x86)\QODBC Driver for QuickBooks\QODBC Driver for QuickBooks\QRemote\Server\QRemoteServer.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe
    (Microsoft Corporation) C:\windows\SysWOW64\rundll32.exe
    (Microsoft Corporation) C:\windows\System32\rundll32.exe
    (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe
    (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer.exe
    (TeamViewer GmbH) D:\Program Files (x86)\tv_w32.exe
    (TeamViewer GmbH) D:\Program Files (x86)\tv_x64.exe
    (Intuit, Inc.) D:\Program Files (x86)\Intuit\Enterprise 2014\QBDBMgrN.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    (Microsoft Corporation) C:\windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1665824 2014-06-23] (Lenovo Group Limited)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-01-23] (Intel Corporation)
    HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [27464 2013-04-09] ()
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
    HKLM-x32\...\Run: [RUNUPDATER] => C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe [465728 2010-09-29] (Dell Inc.)
    HKLM-x32\...\Run: [Dell 1355 MFP Launcher] => C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Launcher\dlq1Alauncher.exe [2211688 2012-10-04] ()
    HKLM-x32\...\Run: [Dell 1355 MFP RUN] => C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1ARun.exe [2485744 2013-11-15] (Dell)
    HKLM-x32\...\Run: [StatusAutoRun] => C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe [3793904 2013-11-15] (Dell Inc.)
    HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-06-26] (Intuit Inc. All rights reserved.)
    HKLM-x32\...\Run: [BackupNowEZ Tray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [1295560 2014-11-11] (NTI Corporation)
    HKLM-x32\...\Run: [Reader Library Launcher] => C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [906648 2010-07-13] (Sony Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [QRemoteServer] => D:\Program Files (x86)\QODBC Driver for QuickBooks\QODBC Driver for QuickBooks\QRemote\Server\QRemoteServer.exe [387376 2014-12-11] (FLEXquarters.com Limited)
    HKU\S-1-5-21-2586349100-3698439982-3723638625-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Kathy\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-2586349100-3698439982-3723638625-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
    HKU\S-1-5-21-2586349100-3698439982-3723638625-1001\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
    HKU\S-1-5-21-2586349100-3698439982-3723638625-1001\...\Run: [GoogleChromeAutoLaunch_1A306F60E92D022903A6BB979BA46A96] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
    HKU\S-1-5-21-2586349100-3698439982-3723638625-1001\...\RunOnce: [Uninstall C:\Users\Kathy\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kathy\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64"
    HKU\S-1-5-21-2586349100-3698439982-3723638625-1001\...\MountPoints2: {e50c916b-b9ce-11e4-beb1-fc4dd4f32d25} - "G:\VZW_Software_upgrade_assistant.exe"
    HKU\S-1-5-21-2586349100-3698439982-3723638625-1008\...\RunOnce: [DPAPIKeyMig] => C:\Windows\system32\dpapimig.exe [74752 2012-07-25] (Microsoft Corporation)
    HKU\S-1-5-21-2586349100-3698439982-3723638625-1008\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2012-07-25] (Microsoft Corporation)
    HKU\S-1-5-21-2586349100-3698439982-3723638625-1009\...\RunOnce: [DPAPIKeyMig] => C:\Windows\system32\dpapimig.exe [74752 2012-07-25] (Microsoft Corporation)
    HKU\S-1-5-21-2586349100-3698439982-3723638625-1009\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2012-07-25] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
    ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quick Connect.lnk
    ShortcutTarget: Quick Connect.lnk -> D:\Program Files (x86)\Tific\Tific Client G1\Tific.exe (No File)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk
    ShortcutTarget: QuickBooks Web Connector.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
    ShortcutTarget: QuickBooks_Standard_21.lnk -> D:\Program Files (x86)\Intuit\Enterprise 2015\QBW32.EXE (Intuit Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2586349100-3698439982-3723638625-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-2586349100-3698439982-3723638625-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    HKU\S-1-5-21-2586349100-3698439982-3723638625-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKU\S-1-5-21-2586349100-3698439982-3723638625-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13-comm.msn.com/?pc=LNJB
    HKU\S-1-5-21-2586349100-3698439982-3723638625-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.suntato.com/
    HKU\S-1-5-21-2586349100-3698439982-3723638625-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
    HKU\S-1-5-21-2586349100-3698439982-3723638625-1009\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
    HKU\S-1-5-21-2586349100-3698439982-3723638625-1009\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.suntato.com/
    HKU\S-1-5-21-2586349100-3698439982-3723638625-1009\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    URLSearchHook: [S-1-5-21-2586349100-3698439982-3723638625-1008] ATTENTION ==> Default URLSearchHook is missing.
    URLSearchHook: [S-1-5-21-2586349100-3698439982-3723638625-1009] ATTENTION ==> Default URLSearchHook is missing.
    SearchScopes: HKLM -> DefaultScope {3E49B4B5-9679-4EF3-8ACC-84F2F1B07141} URL = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
    SearchScopes: HKLM -> {3E49B4B5-9679-4EF3-8ACC-84F2F1B07141} URL = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {903FD1AC-CFA2-4DE5-8F7A-3DD0DD18EBD1} URL = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2586349100-3698439982-3723638625-1009 -> {903FD1AC-CFA2-4DE5-8F7A-3DD0DD18EBD1} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-2586349100-3698439982-3723638625-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - D:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - D:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - D:\Program Files (x86)\Intuit\Enterprise 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - D:\Program Files (x86)\Intuit\Enterprise 2015\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll (Intuit Inc.)
    Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe

    FireFox:
    ========
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @sony.com/eBookLibrary -> C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Acrobat -> D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-08]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-01-25]
    FF HKU\S-1-5-21-2586349100-3698439982-3723638625-1001\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension
    FF Extension: No Name - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2014-03-08]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1Qzu0F0CyE0D0DyE0FtAtB0DtByD0AtDzyzytN0D0Tzu0StCtCyEzztN1L2XzutAtFzztFtCtFtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StCyBtDyCyCtD0DyDtG0D0FyBtAtGzz0AtDtDtGtA0FyEtDtGyCtAtDtAzz0Dzz0AtCzz0DtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0EyBtCyDtB0CtGzytAtC0FtGyEtC0AyCtGzz0FyEyBtG0EtD0CyEzyyDyByB0C0E0B0D2QtN1B2Z1V1T1S1NzuyDtCyC&cr=23462156&ir=
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR DefaultSearchKeyword: Default -> binkiland.com
    CHR DefaultSearchURL: Default -> http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1Qzu0F0CyE0D0DyE0FtAtB0DtByD0AtDzyzytN0D0Tzu0StCtCyEzztN1L2XzutAtFzztFtCtFtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StCyBtDyCyCtD0DyDtG0D0FyBtAtGzz0AtDtDtGtA0FyEtDtGyCtAtDtAzz0Dzz0AtCzz0DtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0EyBtCyDtB0CtGzytAtC0FtGyEtC0AyCtGzz0FyEyBtG0EtD0CyEzyyDyByB0C0E0B0D2QtN1B2Z1V1T1S1NzuyDtCyC&cr=23462156&ir=
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR Profile: C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-27]
    CHR Extension: (Honey) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2014-12-14]
    CHR Extension: (TrackIf Web & Price Tracker) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\donafdekbhlobcfppmfkpjmeijnnoacd [2014-12-14]
    CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-01-13]
    CHR Extension: (FinancialLink™ Launcher) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\giflbejokjgiappgpnogdgiehgkoibea [2015-02-02]
    CHR Extension: (Avast Online Security) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-08]
    CHR Extension: (InvisibleHand) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2014-12-14]
    CHR Extension: (ThinkVantage Password Manager) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdfbkehegfmedglgemnhbnpmfmioggj [2014-10-27]
    CHR Extension: (Google Wallet) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-25]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-16]
    CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - https://clients2.google.com/service/update2/crx
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeActiveFileMonitor9.0; D:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-06] (Adobe Systems Incorporated)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-16] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-16] (AVAST Software)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
    R2 DLNADB; C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe [91632 2013-11-15] ()
    R3 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
    R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
    S3 intelsba; C:\Program Files\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [48832 2013-04-10] (Intel Corporation)
    R2 Intuit Entitlement Service v8; C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v8\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [24680 2011-12-23] (Intuit, Inc.)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-01-23] (Intel Corporation)
    R2 LBAEvent; C:\Program Files (x86)\Lenovo\LBAI\LBAEvent.exe [27464 2013-04-02] (Lenovo)
    R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-11-21] (LENOVO INCORPORATED.)
    S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
    R2 MBAMScheduler; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45768 2014-11-11] (NTI Corporation)
    R3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63816 2013-04-09] (Lenovo)
    S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186696 2013-04-09] (Lenovo Group Limited)
    R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]
    S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-06-26] (Intuit Inc.) [File not signed]
    R2 QBPOSDBServiceV11; C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 11.0\DatabaseServer\QBPOSDBService.exe [3140744 2012-11-01] (Intuit Inc.)
    R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-11-08] (Intuit Inc.) [File not signed]
    R3 QuickBooksDB24; D:\Program Files (x86)\Intuit\Enterprise 2014\QBDBMgrN.exe [679936 2014-06-26] (Intuit, Inc.) [File not signed]
    S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2010-04-02] (Sony Corporation) [File not signed]
    S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
    R2 TeamViewer; D:\Program Files (x86)\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
    S3 Tific System Service; C:\Program Files (x86)\Common Files\Tific\Tific Client G1\Tific System Service.exe [1700648 2014-10-03] (Tific AB)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
    U4 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-16] ()
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-16] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-16] (AVAST Software)
    R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-16] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-16] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-16] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-16] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-16] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-16] ()
    R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d63x64.sys [457496 2014-03-14] (Intel Corporation)
    R3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [16200 2013-04-02] (Lenovo)
    R2 lltdio; C:\Windows\system32\DRIVERS\lltdio.sys [60416 2012-07-25] (Microsoft Corporation) [File not signed]
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-27] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
    U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-27 11:39 - 2015-02-27 11:39 - 00031408 _____ () C:\Users\Kathy\Downloads\FRST.txt
    2015-02-27 11:37 - 2015-02-27 11:37 - 02087936 _____ (Farbar) C:\Users\Kathy\Downloads\FRST64.exe
    2015-02-27 11:36 - 2015-02-27 11:39 - 00000000 ____D () C:\FRST
    2015-02-27 11:18 - 2015-02-27 11:23 - 00000000 ____D () C:\Users\Kathy\Desktop\mbar
    2015-02-27 10:06 - 2015-02-27 10:46 - 00000408 __RSH () C:\ProgramData\ntuser.pol
    2015-02-27 08:48 - 2015-02-27 11:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-02-27 08:47 - 2015-02-27 08:47 - 00000000 ____D () D:\Program Files (x86)\Malwarebytes Anti-Rootkit
    2015-02-27 08:45 - 2015-02-27 08:45 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Kathy\Desktop\mbar-1.09.1.1004.exe
    2015-02-27 08:25 - 2015-02-27 08:25 - 00852604 _____ () C:\Users\Kathy\Desktop\SecurityCheck.exe
    2015-02-26 15:57 - 2015-02-26 15:57 - 00002191 _____ () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
    2015-02-26 15:57 - 2015-02-26 15:57 - 00002115 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
    2015-02-26 15:57 - 2015-02-26 15:57 - 00002115 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
    2015-02-26 15:55 - 2015-02-26 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-02-26 15:49 - 2015-02-26 15:49 - 00000000 ____D () C:\MATS
    2015-02-26 11:55 - 2015-02-26 11:55 - 00002204 _____ () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Technician chat window (8).lnk
    2015-02-26 11:54 - 2015-01-09 01:43 - 00951808 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
    2015-02-26 11:54 - 2015-01-09 00:03 - 00601088 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
    2015-02-26 11:54 - 2015-01-08 18:52 - 00478296 _____ () C:\windows\SysWOW64\locale.nls
    2015-02-26 11:54 - 2015-01-08 18:52 - 00478296 _____ () C:\windows\system32\locale.nls
    2015-02-26 11:46 - 2015-02-26 11:46 - 00000000 ____D () C:\SFCFix
    2015-02-26 11:37 - 2015-02-26 11:37 - 00002204 _____ () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Technician chat window (7).lnk
    2015-02-26 11:27 - 2015-02-26 11:27 - 00002204 _____ () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Technician chat window (6).lnk
    2015-02-26 11:00 - 2015-02-26 11:00 - 00003720 ____N () C:\bootsqm.dat
    2015-02-26 11:00 - 2015-02-26 11:00 - 00002204 _____ () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Technician chat window (5).lnk
    2015-02-26 10:37 - 2015-02-26 10:37 - 00002204 _____ () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Technician chat window (4).lnk
    2015-02-26 09:59 - 2015-02-26 09:59 - 00000207 _____ () C:\windows\tweaking.com-regbackup-LENOVO-PC-Windows-8-Pro-(64-bit).dat
    2015-02-26 09:59 - 2015-02-26 09:59 - 00000000 ____D () C:\RegBackup
    2015-02-26 09:51 - 2015-02-27 11:27 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-26 09:51 - 2015-02-27 11:18 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2015-02-26 09:51 - 2015-02-26 09:51 - 00000817 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-02-26 09:51 - 2015-02-26 09:51 - 00000000 ____D () D:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-02-26 09:51 - 2015-02-26 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-02-26 09:51 - 2015-02-26 09:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-02-26 09:51 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2015-02-26 09:51 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2015-02-26 09:28 - 2015-02-26 09:28 - 00002204 _____ () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Technician chat window (3).lnk
    2015-02-26 09:18 - 2015-02-26 09:18 - 00000000 ____D () C:\Users\Kathy\AppData\Local\VS Revo Group
    2015-02-26 09:18 - 2015-02-26 09:18 - 00000000 ____D () C:\ProgramData\VS Revo Group
    2015-02-26 08:57 - 2015-02-26 08:57 - 00002204 _____ () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Technician chat window (2).lnk
    2015-02-26 08:56 - 2015-02-26 08:56 - 00000000 ____D () D:\Program Files\Windows Portable Devices
    2015-02-26 08:56 - 2015-02-26 08:56 - 00000000 ____D () D:\Program Files\Windows Photo Viewer
    2015-02-26 08:56 - 2015-02-26 08:56 - 00000000 ____D () D:\Program Files\Windows NT
    2015-02-26 08:56 - 2015-02-26 08:56 - 00000000 ____D () D:\Program Files\Windows Multimedia Platform
    2015-02-26 08:56 - 2015-02-26 08:56 - 00000000 ____D () D:\Program Files\Windows Journal
    2015-02-26 08:56 - 2015-02-26 08:56 - 00000000 ____D () D:\Program Files\Windows Defender
    2015-02-26 08:56 - 2015-02-26 08:56 - 00000000 ____D () D:\Program Files\Reference Assemblies
    2015-02-26 08:56 - 2015-02-26 08:56 - 00000000 ____D () D:\Program Files\MSBuild
    2015-02-26 08:56 - 2015-02-26 08:56 - 00000000 ____D () D:\Program Files (x86)\Windows Portable Devices
    2015-02-26 08:56 - 2015-02-26 08:56 - 00000000 ____D () D:\Program Files (x86)\Windows Photo Viewer
    2015-02-26 08:56 - 2015-02-26 08:56 - 00000000 ____D () D:\Program Files (x86)\Windows NT
    2015-02-26 08:56 - 2015-02-26 08:56 - 00000000 ____D () D:\Program Files (x86)\Windows Multimedia Platform
    2015-02-26 08:56 - 2015-02-26 08:56 - 00000000 ____D () D:\Program Files (x86)\Windows Defender
    2015-02-26 08:56 - 2015-02-26 08:56 - 00000000 ____D () D:\Program Files (x86)\Reference Assemblies
    2015-02-26 08:56 - 2015-02-26 08:56 - 00000000 ____D () D:\Program Files (x86)\MSBuild
    2015-02-26 08:52 - 2015-02-26 08:52 - 00000000 ____D () C:\Users\Kathy\Downloads\Autoruns
    2015-02-26 08:51 - 2015-02-26 08:51 - 00573697 _____ () C:\Users\Kathy\Downloads\Autoruns.zip
    2015-02-26 08:29 - 2015-02-26 08:29 - 00002230 _____ () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Technician chat window.lnk
    2015-02-26 00:48 - 2015-02-26 00:48 - 00001981 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
    2015-02-26 00:48 - 2015-02-26 00:48 - 00001921 _____ () C:\Users\Public\Desktop\Avast Premier.lnk
    2015-02-26 00:47 - 2014-11-16 08:18 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
    2015-02-26 00:24 - 2015-02-27 11:38 - 00950315 _____ () C:\windows\WindowsUpdate.log
    2015-02-26 00:24 - 2015-02-26 15:01 - 00065024 ___SH () C:\Users\Kathy\Desktop\Thumbs.db
    2015-02-26 00:24 - 2014-05-13 10:15 - 00010240 _____ () C:\ProgramData\Z@!-df5ccc93-5b85-47c1-b75e-98f28b97e08a.tmp
    2015-02-26 00:24 - 2014-05-13 10:15 - 00010240 _____ () C:\ProgramData\Z@!-30155d6c-5e33-40c3-b6d1-7f9ec5ff3793.tmp
    2015-02-26 00:24 - 2014-05-13 10:15 - 00009216 _____ () C:\ProgramData\Z@S!-725268cd-3ec0-4298-a951-019483990493.tmp
    2015-02-25 22:39 - 2015-02-26 00:46 - 00000000 ____D () C:\ProgramData\bomgar-scc-0x54ee9576
    2015-02-25 21:51 - 2015-02-26 00:45 - 00000000 ____D () C:\bomgar-scc-54ee72e1
    2015-02-25 21:08 - 2015-02-25 21:14 - 00000000 ____D () C:\ProgramData\HitmanPro
    2015-02-25 20:46 - 2015-02-25 20:59 - 00000000 ____D () C:\AdwCleaner
    2015-02-25 18:21 - 2015-02-26 00:45 - 00000000 ____D () C:\Remote-Service
    2015-02-24 15:34 - 2015-02-27 11:27 - 00860310 _____ () D:\Program Files (x86)\TeamViewer10_Logfile.log
    2015-02-23 09:58 - 2015-02-23 09:58 - 00000000 ____D () C:\Users\Kathy\AppData\Local\PDF Writer
    2015-02-22 21:49 - 2015-02-22 21:49 - 00262144 _____ () C:\windows\system32\config\userdiff
    2015-02-22 13:50 - 2015-02-22 13:50 - 00000000 ____D () C:\Users\Kathy\Documents\AVCWare
    2015-02-22 13:50 - 2015-02-22 13:50 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\NVIDIA
    2015-02-22 13:50 - 2015-02-22 13:50 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\AVCWare
    2015-02-22 13:49 - 2015-02-22 13:49 - 00000000 ____D () D:\Program Files (x86)\AVCWare
    2015-02-21 17:46 - 2015-02-26 00:45 - 00000000 ____D () C:\ProgramData\InstallShield
    2015-02-21 17:09 - 2015-02-21 17:09 - 00000000 ____D () D:\Program Files (x86)\Google
    2015-02-21 16:52 - 2015-02-26 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullzip
    2015-02-21 16:52 - 2015-02-21 16:53 - 00000000 ____D () C:\ProgramData\PDF Writer
    2015-02-21 16:52 - 2015-02-21 16:52 - 00000000 ____D () D:\Program Files\Bullzip
    2015-02-21 16:52 - 2015-02-21 16:52 - 00000000 ____D () C:\Program Files\Common Files\Bullzip
    2015-02-21 16:52 - 2014-11-19 08:08 - 00228352 _____ (Bullzip) C:\windows\SysWOW64\bzFlRdr.dll
    2015-02-21 16:52 - 2008-07-09 08:08 - 00103424 _____ (Bullzip) C:\windows\SysWOW64\bzDCT.dll
    2015-02-21 16:47 - 2015-02-26 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moneydance
    2015-02-21 16:47 - 2015-02-21 16:47 - 00000000 ____D () D:\Program Files\Moneydance
    2015-02-21 16:26 - 2015-02-26 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuseTips
    2015-02-21 16:26 - 2015-02-21 16:26 - 00003754 _____ () C:\windows\System32\Tasks\Convertor
    2015-02-21 16:26 - 2015-02-21 16:26 - 00003278 _____ () C:\windows\System32\Tasks\Winsta Update
    2015-02-21 16:26 - 2015-02-21 16:26 - 00003238 _____ () C:\windows\System32\Tasks\WinKit
    2015-02-21 16:26 - 2015-02-21 16:26 - 00000400 _____ () C:\Users\Kathy\AppData\Local\oVfRiuK.vbs
    2015-02-21 16:26 - 2015-02-21 16:26 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\PDFConvert
    2015-02-20 17:56 - 2015-02-17 05:30 - 00588656 _____ (TeamViewer) D:\Program Files (x86)\uninstall.exe
    2015-02-20 17:56 - 2015-02-17 04:07 - 00423696 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_fr.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 00407824 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_vi.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 00407312 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_it.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 00404752 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_es.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 00397072 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_nl.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 00394000 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_uk.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 00391952 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_pt.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 00377104 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_fi.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 00371984 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_da.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 00371472 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_no.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 00370448 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_sv.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 00222480 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_zhTW.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 00433424 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_el.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 00412432 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_ro.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 00408336 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_de.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 00400656 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_lt.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 00400656 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_hu.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 00398608 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_bg.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 00397072 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_pl.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 00392464 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_ru.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 00389904 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_hr.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 00387344 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_sr.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 00385808 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_sk.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 00381712 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_tr.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 00379664 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_id.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 00379152 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_cs.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 00368912 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_th.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 00368400 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_en.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 00353552 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_ar.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 00323344 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_he.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 00260368 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_ja.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 00257808 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_ko.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 00217872 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_zhCN.dll
    2015-02-20 17:56 - 2015-02-17 04:05 - 16765200 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer.exe
    2015-02-20 17:56 - 2015-02-17 04:05 - 05436176 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Service.exe
    2015-02-20 17:56 - 2015-02-17 04:05 - 05372176 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Desktop.exe
    2015-02-20 17:56 - 2015-02-17 04:05 - 04491536 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_StaticRes.dll
    2015-02-20 17:56 - 2015-02-17 03:32 - 00272656 _____ (TeamViewer GmbH) D:\Program Files (x86)\tv_x64.dll
    2015-02-20 17:56 - 2015-02-17 03:32 - 00263952 _____ (TeamViewer GmbH) D:\Program Files (x86)\tv_x64.exe
    2015-02-20 17:56 - 2015-02-17 03:32 - 00247056 _____ (TeamViewer GmbH) D:\Program Files (x86)\tv_w32.dll
    2015-02-20 17:56 - 2015-02-17 03:32 - 00229136 _____ (TeamViewer GmbH) D:\Program Files (x86)\tv_w32.exe
    2015-02-20 17:56 - 2015-01-20 04:24 - 00038441 _____ () D:\Program Files (x86)\CopyRights.txt
    2015-02-20 17:56 - 2015-01-20 04:24 - 00031020 _____ () D:\Program Files (x86)\License.txt
    2015-02-20 08:34 - 2015-02-24 15:34 - 01048629 _____ () D:\Program Files (x86)\TeamViewer10_Logfile_OLD.log
    2015-02-18 08:26 - 2015-02-18 08:26 - 00000000 ____D () C:\Users\Kathy\Documents\CyberLink
    2015-02-18 08:26 - 2015-02-18 08:26 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\WebApp
    2015-02-18 08:26 - 2015-02-18 08:26 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\CyberLink
    2015-02-15 08:06 - 2015-01-23 00:50 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2015-02-15 08:06 - 2015-01-22 23:27 - 02864640 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2015-02-14 15:40 - 2015-02-14 15:40 - 00000000 ____D () C:\Users\John\AppData\Roaming\Garmin
    2015-02-14 15:40 - 2015-02-14 15:40 - 00000000 ____D () C:\Users\John\AppData\Local\Garmin
    2015-02-13 13:48 - 2015-02-13 13:48 - 00038419 _____ () C:\Users\Kathy\AppData\Roaming\Comma Separated Values.ADR
    2015-02-12 17:28 - 2015-02-20 17:56 - 00001914 _____ () C:\windows\system32\TeamViewer10_Hooks.log
    2015-02-11 11:29 - 2015-02-11 11:29 - 49242928 _____ () C:\Users\Kathy\Downloads\2009_to_2013_UK_fleet_landings_by_ICES_rectangle.xlsx
    2015-02-11 07:42 - 2015-02-04 04:54 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2015-02-11 07:42 - 2015-02-04 04:52 - 00894464 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2015-02-11 07:42 - 2015-02-04 04:52 - 00761856 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2015-02-11 07:42 - 2015-02-04 04:52 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2015-02-11 07:42 - 2015-02-04 04:52 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2015-02-11 07:42 - 2015-02-02 18:18 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2015-02-11 07:42 - 2015-01-29 03:30 - 00593408 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
    2015-02-11 07:42 - 2015-01-29 03:30 - 00467952 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
    2015-02-11 07:42 - 2015-01-29 03:30 - 00011056 _____ () C:\windows\system32\AutoconfigV2.cab
    2015-02-11 07:42 - 2015-01-29 03:05 - 00695808 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
    2015-02-11 07:42 - 2015-01-29 03:05 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-02-11 07:42 - 2015-01-29 01:19 - 00568832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
    2015-02-11 07:42 - 2015-01-29 01:19 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-02-11 07:42 - 2015-01-15 16:45 - 06973248 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2015-02-11 07:42 - 2015-01-15 06:44 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
    2015-02-11 07:42 - 2015-01-15 06:44 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
    2015-02-11 07:42 - 2015-01-15 06:43 - 01282560 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2015-02-11 07:42 - 2015-01-15 05:00 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
    2015-02-11 07:42 - 2015-01-15 05:00 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
    2015-02-11 07:42 - 2015-01-15 04:38 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2015-02-11 07:42 - 2015-01-15 04:09 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
    2015-02-11 07:42 - 2015-01-14 23:08 - 00568656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
    2015-02-11 07:42 - 2015-01-12 01:49 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2015-02-11 07:42 - 2015-01-12 01:49 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
    2015-02-11 07:42 - 2015-01-12 01:49 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2015-02-11 07:42 - 2015-01-12 01:49 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
    2015-02-11 07:42 - 2015-01-12 01:49 - 00600576 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2015-02-11 07:42 - 2015-01-12 01:48 - 19291136 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2015-02-11 07:42 - 2015-01-12 01:48 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2015-02-11 07:42 - 2015-01-12 01:47 - 15403008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2015-02-11 07:42 - 2015-01-12 01:47 - 02655744 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2015-02-11 07:42 - 2015-01-12 01:47 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2015-02-11 07:42 - 2015-01-12 01:47 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2015-02-11 07:42 - 2015-01-12 01:46 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2015-02-11 07:42 - 2015-01-12 00:07 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2015-02-11 07:42 - 2015-01-12 00:07 - 01338880 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
    2015-02-11 07:42 - 2015-01-12 00:07 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2015-02-11 07:42 - 2015-01-12 00:07 - 00523264 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2015-02-11 07:42 - 2015-01-12 00:06 - 14373376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2015-02-11 07:42 - 2015-01-12 00:06 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2015-02-11 07:42 - 2015-01-12 00:06 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2015-02-11 07:42 - 2015-01-12 00:06 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2015-02-11 07:42 - 2015-01-12 00:06 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2015-02-11 07:42 - 2015-01-12 00:06 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2015-02-11 07:42 - 2015-01-11 23:16 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2015-02-11 07:42 - 2015-01-11 22:46 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
    2015-02-11 07:42 - 2015-01-08 23:33 - 04061696 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2015-02-11 07:42 - 2014-12-18 03:51 - 00096576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
    2015-02-11 07:42 - 2014-12-18 01:52 - 00889344 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
    2015-02-11 07:42 - 2014-12-18 01:51 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
    2015-02-11 07:42 - 2014-12-18 01:50 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
    2015-02-11 07:42 - 2014-12-18 01:20 - 00702464 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
    2015-02-11 07:42 - 2014-12-08 18:14 - 00391526 _____ () C:\windows\system32\ApnDatabase.xml
    2015-02-11 07:42 - 2014-12-08 01:48 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
    2015-02-11 07:42 - 2014-12-08 00:04 - 00318464 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
    2015-02-11 07:42 - 2014-11-26 01:43 - 00778240 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
    2015-02-11 07:42 - 2014-11-25 23:50 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
    2015-02-10 17:22 - 2015-02-20 17:56 - 00000000 ____D () D:\Program Files (x86)\x64
    2015-02-10 17:22 - 2015-02-20 17:56 - 00000000 ____D () D:\Program Files (x86)\outlook
    2015-02-09 20:02 - 2015-02-09 20:02 - 00000000 ____D () C:\Users\John\AppData\Roaming\TeamViewer
    2015-02-09 19:11 - 2015-02-26 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
    2015-02-09 19:11 - 2015-02-09 19:11 - 00000914 _____ () C:\Users\Kathy\Desktop\TreeSize Free.lnk
    2015-02-09 19:11 - 2015-02-09 19:11 - 00000000 ____D () D:\Program Files (x86)\JAM Software
    2015-02-09 19:11 - 2015-02-09 19:11 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\JAM Software
    2015-02-09 19:10 - 2015-02-09 19:10 - 05096104 _____ (JAM Software ) C:\Users\Kathy\Downloads\TreeSizeFreeSetup.exe
    2015-02-09 18:48 - 2015-02-26 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-02-09 18:48 - 2015-02-09 18:48 - 05325208 _____ (Piriform Ltd) C:\Users\Kathy\Downloads\ccsetup502.exe
    2015-02-09 18:48 - 2015-02-09 18:48 - 00002772 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
    2015-02-09 18:48 - 2015-02-09 18:48 - 00000704 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2015-02-09 18:48 - 2015-02-09 18:48 - 00000000 ____D () D:\Program Files\CCleaner
    2015-02-09 18:04 - 2015-02-26 00:44 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
    2015-02-09 18:04 - 2015-02-26 00:44 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
    2015-02-09 18:04 - 2015-02-09 18:04 - 00001534 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
    2015-02-09 18:04 - 2015-02-09 18:04 - 00001008 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
    2015-02-09 18:02 - 2015-02-09 18:02 - 00001633 _____ () C:\Users\Public\Desktop\Adobe Photoshop Elements 9.lnk
    2015-02-09 18:02 - 2015-02-09 18:02 - 00001633 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 9.lnk
    2015-02-09 18:02 - 2010-03-19 03:00 - 00055856 _____ (Sonic Solutions) C:\windows\system32\Drivers\PxHlpa64.sys
    2015-02-09 17:50 - 2015-02-20 17:56 - 00003867 _____ () D:\Program Files (x86)\TeamViewer10_Hooks.log
    2015-02-09 17:50 - 2015-02-20 17:56 - 00000627 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
    2015-02-09 17:50 - 2015-02-09 17:48 - 00000046 _____ () D:\Program Files (x86)\tvinfo.ini
    2015-02-09 15:24 - 2015-02-10 09:51 - 00000000 ____D () D:\Program Files (x86)\QODBC Driver for QuickBooks
    2015-02-09 15:22 - 2015-02-09 15:22 - 00002204 _____ () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intuit (4).lnk
    2015-02-09 15:19 - 2015-02-09 15:19 - 00002164 _____ () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intuit (3).lnk
    2015-02-09 14:59 - 2015-02-09 14:59 - 00002164 _____ () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intuit (2).lnk
    2015-02-09 14:57 - 2015-02-09 14:57 - 00196608 _____ () C:\windows\ocsetup_install_NetFx4-AdvSrvs.etl
    2015-02-09 14:57 - 2015-02-09 14:57 - 00196608 _____ () C:\windows\ocsetup_install_NetFx3.etl
    2015-02-09 14:57 - 2015-02-09 14:57 - 00032571 _____ () C:\windows\ocsetup_cbs_install_NetFx4-AdvSrvs.txt
    2015-02-09 14:57 - 2015-02-09 14:57 - 00032539 _____ () C:\windows\ocsetup_cbs_install_NetFx3.txt
    2015-02-09 14:52 - 2015-02-09 14:56 - 22314616 _____ (Intuit) C:\Users\Kathy\Downloads\QuickBooksInstallDiagnosticTool.exe
    2015-02-09 14:47 - 2015-02-26 16:05 - 00000000 ____D () C:\Users\Kathy\AppData\Local\LogMeIn Rescue Applet
    2015-02-09 14:47 - 2015-02-09 14:47 - 00002230 _____ () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intuit.lnk
    2015-02-09 11:45 - 2015-02-10 08:15 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\QODBC Driver for QuickBooks
    2015-02-09 11:40 - 2015-02-26 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QODBC Driver for use with QuickBooks
    2015-02-09 11:40 - 2015-02-10 09:51 - 00001020 _____ () C:\Users\QBPOSDBSrvUser\Desktop\QODBC Quick Start Guide.lnk
    2015-02-09 11:40 - 2015-02-10 09:51 - 00001020 _____ () C:\Users\QBDataServiceUser24\Desktop\QODBC Quick Start Guide.lnk
    2015-02-09 11:40 - 2015-02-10 09:51 - 00001020 _____ () C:\Users\QBDataServiceUser22\Desktop\QODBC Quick Start Guide.lnk
    2015-02-09 11:40 - 2015-02-10 09:51 - 00000212 _____ () C:\windows\ODBCINST.INI
    2015-02-09 11:40 - 2015-02-10 09:51 - 00000149 _____ () C:\windows\ODBC.INI
    2015-02-09 11:40 - 2015-02-10 09:51 - 00000000 ____D () C:\ProgramData\QODBC Driver for QuickBooks
    2015-02-09 11:40 - 2015-02-09 11:40 - 00003120 _____ () C:\windows\SysWOW64\I9K4UQLW.ocx
    2015-02-09 11:40 - 2015-02-09 11:40 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QODBC Driver for use with QuickBooks
    2015-02-09 11:40 - 2014-12-11 19:09 - 18209072 _____ (FLEXquarters.com Limited) C:\windows\SysWOW64\fqqb32.dll
    2015-02-09 11:40 - 2014-11-04 17:46 - 00779616 _____ (Concept Software, Inc.) C:\windows\SysWOW64\KEYLIB32.dll
    2015-02-09 11:40 - 2014-09-05 20:35 - 00071984 _____ (Flexquarters.com, LLC) C:\windows\SysWOW64\FQQBVSAV.exe
    2015-02-09 11:40 - 2013-08-19 23:54 - 00017760 _____ (FLEXquarters.com Limited) C:\windows\SysWOW64\QODBCQBHelper.dll
    2015-02-09 11:40 - 2008-09-23 05:46 - 00803424 _____ () C:\windows\SysWOW64\sqlcrypt3.dll
    2015-02-09 11:40 - 2008-08-25 12:02 - 01757184 _____ (Apache Software Foundation) C:\windows\SysWOW64\xerces-com.dll
    2015-02-09 11:40 - 2008-07-03 10:43 - 00471040 _____ () C:\windows\SysWOW64\c4dll.dll
    2015-02-09 11:40 - 2007-08-19 09:14 - 00882128 _____ (Sheridan Software Systems, Inc.) C:\windows\SysWOW64\SSDW3BO.OCX
    2015-02-09 11:40 - 2007-08-19 09:14 - 00721168 _____ (Microsoft Corporation) C:\windows\SysWOW64\VB40032.DLL
    2015-02-09 11:40 - 2007-08-19 09:14 - 00098304 _____ (Sheridan Software Systems, Inc.) C:\windows\SysWOW64\ssr2c.dll
    2015-02-09 11:40 - 2007-08-19 09:14 - 00089600 _____ (Microsoft Corporation) C:\windows\SysWOW64\GRID32.OCX
    2015-02-09 11:40 - 2007-08-19 09:14 - 00072192 _____ (Sheridan Software Systems, Inc.) C:\windows\SysWOW64\ssprn32.dll
    2015-02-09 11:40 - 2007-08-19 09:14 - 00061440 _____ (Sheridan Software Systems, Inc.) C:\windows\SysWOW64\ssmedt32.dll
    2015-02-09 11:40 - 2007-08-19 09:13 - 00527624 _____ (/n software inc. - www.nsoftware.com) C:\windows\SysWOW64\ipwssl6.dll
    2015-02-09 11:40 - 2007-08-19 09:13 - 00466944 _____ (/n software inc. - www.nsoftware.com) C:\windows\SysWOW64\ibizqb3.dll
    2015-02-09 11:40 - 2002-09-12 09:29 - 00057344 _____ () C:\windows\SysWOW64\zlib.dll
    2015-02-09 11:40 - 1995-09-27 01:00 - 00024272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ODBC16GT.DLL
    2015-02-09 11:40 - 1995-09-27 01:00 - 00008704 _____ (Microsoft Corporation) C:\windows\SysWOW64\ODBC32GT.DLL
    2015-02-09 11:40 - 1995-09-27 01:00 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ODBCCP32.CPL
    2015-02-09 11:40 - 1995-09-27 01:00 - 00006144 _____ (Microsoft Corporation) C:\windows\SysWOW64\DS32GT.DLL
    2015-02-09 11:40 - 1995-03-03 01:00 - 00017412 _____ () C:\windows\SysWOW64\ODBCINST.HLP
    2015-02-09 11:40 - 1995-03-03 01:00 - 00005024 _____ (Microsoft Corporation) C:\windows\SysWOW64\DS16GT.DLL
    2015-02-04 21:31 - 2015-02-04 21:31 - 00000000 ____D () C:\Users\QBDataServiceUser22\AppData\Roaming\LSC
    2015-02-03 16:58 - 2015-02-03 16:58 - 00000000 ____D () C:\Users\QBDataServiceUser22\Documents\My Books
    2015-02-03 16:58 - 2015-02-03 16:58 - 00000000 ____D () C:\Users\QBDataServiceUser22\AppData\Roaming\Intel Corporation
    2015-02-03 16:58 - 2015-02-03 16:58 - 00000000 ____D () C:\Users\QBDataServiceUser22\AppData\Local\Sony Corporation
    2015-02-03 16:58 - 2015-02-03 16:58 - 00000000 ____D () C:\Users\QBDataServiceUser22\AppData\Local\kinoma
    2015-02-03 16:57 - 2015-02-04 21:32 - 00000000 ____D () C:\Users\QBDataServiceUser22\AppData\Local\Adobe
    2015-02-03 16:57 - 2015-02-04 21:31 - 00000000 ____D () C:\Users\QBDataServiceUser22\AppData\Roaming\Adobe
    2015-02-03 16:57 - 2015-02-03 16:58 - 00000000 ____D () C:\Users\QBDataServiceUser22\AppData\Roaming\Tific
    2015-02-03 16:57 - 2015-02-03 16:57 - 00001405 _____ () C:\Users\QBDataServiceUser22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-02-03 16:57 - 2015-02-03 16:57 - 00000020 ___SH () C:\Users\QBDataServiceUser22\ntuser.ini
    2015-02-03 16:57 - 2015-02-03 16:57 - 00000000 ____D () C:\Users\QBDataServiceUser22\AppData\Roaming\AVAST Software
    2015-02-03 16:57 - 2015-02-03 16:57 - 00000000 ____D () C:\Users\QBDataServiceUser22\AppData\Local\Wondershare
    2015-02-03 16:57 - 2015-02-03 16:57 - 00000000 ____D () C:\Users\QBDataServiceUser22\AppData\Local\VirtualStore
    2015-02-03 16:57 - 2015-02-03 16:57 - 00000000 ____D () C:\Users\QBDataServiceUser22\AppData\Local\Tific
    2015-02-03 16:57 - 2015-02-03 16:57 - 00000000 ____D () C:\Users\QBDataServiceUser22\AppData\Local\Power2Go
    2015-02-03 16:57 - 2015-02-03 16:57 - 00000000 ____D () C:\Users\QBDataServiceUser22\AppData\Local\Packages
    2015-02-03 16:57 - 2015-02-03 16:57 - 00000000 ____D () C:\Users\QBDataServiceUser22\AppData\Local\Google
    2015-02-03 09:53 - 2015-02-20 17:37 - 00000000 ____D () C:\Users\Kathy\Documents\TAXACT 2014
    2015-02-03 09:53 - 2015-02-03 09:53 - 00000000 ____D () C:\Users\Kathy\AppData\Local\FeedbackRpt
    2015-02-03 09:52 - 2015-02-20 17:27 - 00000069 _____ () C:\windows\TaxACT14.ini
    2015-02-03 09:52 - 2015-02-03 09:52 - 00000000 ____D () D:\Program Files (x86)\TaxACT
    2015-02-02 18:13 - 2015-02-02 18:13 - 00232136 _____ (Booyami, Inc) C:\Users\Kathy\Downloads\FinancialLink_Setup (2).exe
    2015-02-02 18:03 - 2015-02-06 11:56 - 00000000 ____D () C:\Users\Kathy\Documents\FinancialLink
    2015-02-02 17:58 - 2015-02-02 17:58 - 00232136 _____ (Booyami, Inc) C:\Users\Kathy\Downloads\FinancialLink_Setup.exe
    2015-02-02 17:58 - 2015-02-02 17:58 - 00232136 _____ (Booyami, Inc) C:\Users\Kathy\Downloads\FinancialLink_Setup (1).exe
    2015-02-02 17:58 - 2015-02-02 17:58 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Booyami

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-27 11:34 - 2014-01-25 11:20 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Packages
    2015-02-27 11:31 - 2012-07-26 02:28 - 00850046 _____ () C:\windows\system32\PerfStringBackup.INI
    2015-02-27 11:27 - 2014-01-25 21:29 - 00000922 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-27 11:27 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-02-27 11:24 - 2014-05-02 08:09 - 00000000 ____D () C:\Users\Kathy\AppData\Local\CrashDumps
    2015-02-27 11:01 - 2012-07-26 00:26 - 00524288 ___SH () C:\windows\system32\config\BBI
    2015-02-27 11:00 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru
    2015-02-27 11:00 - 2012-07-26 02:59 - 00000000 ____D () C:\windows\CbsTemp
    2015-02-27 10:48 - 2014-01-25 21:29 - 00000926 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-27 10:18 - 2014-01-25 18:10 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2586349100-3698439982-3723638625-1004
    2015-02-27 10:04 - 2012-07-26 03:12 - 00000000 ___HD () C:\windows\system32\GroupPolicy
    2015-02-27 09:24 - 2014-01-25 11:26 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2586349100-3698439982-3723638625-1001
    2015-02-27 08:47 - 2014-11-21 17:07 - 00000000 ___HD () C:\$Windows.~BT
    2015-02-27 08:46 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\AUInstallAgent
    2015-02-26 15:57 - 2014-01-25 11:30 - 00000000 ___RD () C:\Users\Kathy\SkyDrive
    2015-02-26 15:31 - 2014-10-27 09:41 - 00469672 _____ () C:\windows\system32\FNTCACHE.DAT
    2015-02-26 10:33 - 2012-07-26 00:26 - 00000128 _____ () C:\windows\win.ini
    2015-02-26 10:30 - 2014-01-15 21:37 - 00850046 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
    2015-02-26 08:57 - 2014-01-25 11:21 - 00000000 ____D () C:\windows\System32\Tasks\WPD
    2015-02-26 08:53 - 2014-01-15 21:38 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo
    2015-02-26 00:48 - 2014-11-16 08:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2015-02-26 00:48 - 2014-10-27 12:15 - 00000000 ____D () C:\Users\QBDataServiceUser24
    2015-02-26 00:47 - 2014-03-08 09:44 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
    2015-02-26 00:46 - 2015-01-25 09:18 - 00000000 ____D () C:\windows\SysWOW64\syncdb
    2015-02-26 00:46 - 2014-12-10 10:49 - 00000000 ____D () C:\windows\system32\appraiser
    2015-02-26 00:46 - 2014-12-04 21:41 - 00000000 ____D () C:\windows\SysWOW64\vbox
    2015-02-26 00:46 - 2014-12-04 21:41 - 00000000 ____D () C:\windows\system32\vbox
    2015-02-26 00:46 - 2014-10-29 07:58 - 00000000 ____D () C:\windows\system32\AutoUpdateLicense
    2015-02-26 00:46 - 2014-10-27 12:15 - 00000000 ___RD () C:\Users\QBPOSDBSrvUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-02-26 00:46 - 2014-10-27 12:15 - 00000000 ___RD () C:\Users\QBPOSDBSrvUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-02-26 00:46 - 2014-10-27 12:15 - 00000000 ___RD () C:\Users\QBDataServiceUser24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-02-26 00:46 - 2014-10-27 12:15 - 00000000 ___RD () C:\Users\QBDataServiceUser24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-02-26 00:46 - 2014-10-27 12:15 - 00000000 ___RD () C:\Users\QBDataServiceUser22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-02-26 00:46 - 2014-10-27 12:15 - 00000000 ___RD () C:\Users\QBDataServiceUser22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-02-26 00:46 - 2014-10-27 12:15 - 00000000 ___RD () C:\Users\QBDataServiceUser22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-02-26 00:46 - 2014-10-27 12:15 - 00000000 ____D () C:\Users\QBDataServiceUser22
    2015-02-26 00:46 - 2014-09-17 02:22 - 00000000 ___SD () C:\windows\system32\CompatTel
    2015-02-26 00:46 - 2014-02-12 10:15 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TaxACT
    2015-02-26 00:46 - 2014-01-25 18:02 - 00000000 ____D () C:\Users\John
    2015-02-26 00:46 - 2014-01-25 11:20 - 00000000 ___RD () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-02-26 00:46 - 2014-01-25 11:20 - 00000000 ___RD () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-02-26 00:46 - 2014-01-25 11:20 - 00000000 ____D () C:\Users\Kathy
    2015-02-26 00:46 - 2014-01-15 21:38 - 00000000 ____D () C:\windows\System32\Tasks\TVT
    2015-02-26 00:46 - 2014-01-15 21:37 - 00000000 ____D () C:\windows\SysWOW64\sda
    2015-02-26 00:46 - 2012-07-26 03:12 - 00000000 __RHD () C:\Users\Public\Libraries
    2015-02-26 00:46 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\spool
    2015-02-26 00:46 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\Help
    2015-02-26 00:46 - 2012-07-26 00:38 - 00000000 ____D () C:\windows\system32\Sysprep
    2015-02-26 00:45 - 2015-01-26 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    2015-02-26 00:45 - 2014-12-26 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ePUBee
    2015-02-26 00:45 - 2014-12-26 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reader
    2015-02-26 00:45 - 2014-12-10 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup Now EZ
    2015-02-26 00:45 - 2014-12-10 14:45 - 00000000 ____D () C:\ProgramData\BackupNowEZ
    2015-02-26 00:45 - 2014-12-04 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
    2015-02-26 00:45 - 2014-12-04 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks Point of Sale
    2015-02-26 00:45 - 2014-12-04 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
    2015-02-26 00:45 - 2014-11-29 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-02-26 00:45 - 2014-11-29 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
    2015-02-26 00:45 - 2014-11-06 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Printers
    2015-02-26 00:45 - 2014-10-28 09:19 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\TeamViewer
    2015-02-26 00:45 - 2014-10-27 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAPILab
    2015-02-26 00:45 - 2014-10-27 10:40 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\BlueSprig
    2015-02-26 00:45 - 2014-10-27 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Connect
    2015-02-26 00:45 - 2014-03-08 08:24 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Tvsukernel
    2015-02-26 00:45 - 2014-02-12 15:10 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Akamai
    2015-02-26 00:45 - 2014-02-12 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxACT
    2015-02-26 00:45 - 2014-01-25 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-02-26 00:45 - 2014-01-25 18:02 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-02-26 00:45 - 2014-01-25 18:02 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-02-26 00:45 - 2014-01-25 11:21 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Adobe
    2015-02-26 00:45 - 2014-01-25 11:20 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Macromedia
    2015-02-26 00:45 - 2014-01-15 22:16 - 00000000 ____D () C:\ProgramData\Lenovo
    2015-02-26 00:45 - 2014-01-15 21:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Create
    2015-02-26 00:45 - 2014-01-15 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
    2015-02-26 00:45 - 2014-01-15 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
    2015-02-26 00:45 - 2014-01-15 21:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2015-02-26 00:45 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\registration
    2015-02-26 00:45 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\AppCompat
    2015-02-26 00:44 - 2014-10-27 14:31 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Downloaded Installations
    2015-02-26 00:44 - 2014-10-27 14:05 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Intuit
    2015-02-26 00:44 - 2014-10-27 13:31 - 00000000 ____D () C:\ProgramData\Intuit
    2015-02-26 00:44 - 2014-03-08 09:43 - 00000000 ____D () C:\ProgramData\AVAST Software
    2015-02-26 00:44 - 2014-01-25 21:29 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Google
    2015-02-26 00:44 - 2014-01-15 21:39 - 00000000 ____D () C:\ProgramData\Temp
    2015-02-26 00:44 - 2014-01-15 21:38 - 00000000 ____D () C:\ProgramData\Adobe
    2015-02-26 00:44 - 2014-01-15 21:35 - 00000000 ____D () C:\ProgramData\Intel
    2015-02-26 00:44 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2015-02-26 00:25 - 2014-10-27 10:28 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Tific
    2015-02-26 00:25 - 2014-10-27 10:28 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Tific
    2015-02-25 23:20 - 2014-10-27 10:26 - 00000600 _____ () C:\Users\Kathy\AppData\Roaming\winscp.rnd
    2015-02-25 23:20 - 2014-10-27 10:25 - 00000000 ____D () C:\CSV
    2015-02-25 21:40 - 2014-11-04 07:15 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps
    2015-02-25 21:40 - 2013-03-25 17:01 - 00000000 ____D () C:\windows\Panther
    2015-02-25 21:40 - 2013-03-12 13:30 - 00000000 ____D () C:\Users\Kathy\SyncFolder
    2015-02-25 17:23 - 2014-10-27 15:22 - 00000000 ____D () C:\Users\John\AppData\Roaming\Tific
    2015-02-25 08:41 - 2014-02-12 14:50 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Adobe
    2015-02-22 21:57 - 2014-10-28 09:28 - 00000000 ____D () C:\windows\system32\appmgmt
    2015-02-22 21:57 - 2014-02-12 14:50 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
    2015-02-22 21:57 - 2014-01-15 21:35 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-02-22 21:57 - 2013-03-25 16:03 - 00000000 ____D () C:\ProgramData\PRICache
    2015-02-22 21:57 - 2012-07-26 03:18 - 00000000 ____D () C:\windows\DigitalLocker
    2015-02-22 21:57 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\NDF
    2015-02-22 21:57 - 2012-07-26 02:51 - 00000000 ____D () C:\windows\SysWOW64\WCN
    2015-02-22 21:57 - 2012-07-26 02:51 - 00000000 ____D () C:\windows\SysWOW64\sysprep
    2015-02-22 21:57 - 2012-07-26 02:51 - 00000000 ____D () C:\windows\system32\WCN
    2015-02-22 21:57 - 2012-07-26 00:38 - 00000000 ____D () C:\windows\SysWOW64\SMI
    2015-02-22 21:57 - 2009-07-14 02:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
    2015-02-22 21:49 - 2014-10-28 20:20 - 00000000 __SHD () C:\Recovery
    2015-02-21 17:08 - 2012-07-26 00:26 - 00524288 ___SH () C:\windows\system32\config\BBI(73)
    2015-02-20 17:37 - 2014-02-12 10:16 - 00000164 _____ () C:\windows\SysWOW64\msxkwn.vxp
    2015-02-20 06:49 - 2014-01-25 21:31 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-02-18 18:17 - 2014-01-25 18:02 - 00000000 ____D () C:\Users\John\AppData\Local\Packages
    2015-02-17 09:42 - 2014-10-28 08:53 - 00192408 _____ () C:\windows\diagwrn.xml
    2015-02-17 09:42 - 2014-10-28 08:53 - 00192408 _____ () C:\windows\diagerr.xml
    2015-02-17 09:42 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
    2015-02-14 12:26 - 2014-12-06 16:01 - 00000000 ____D () C:\windows\rescache
    2015-02-14 11:25 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\WinStore
    2015-02-14 11:25 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\PolicyDefinitions
    2015-02-11 10:25 - 2015-01-13 09:47 - 00000000 ___SD () C:\Users\Kathy\Documents\My Data Sources
    2015-02-11 09:44 - 2014-02-04 20:23 - 00000000 ____D () C:\windows\system32\MRT
    2015-02-11 09:42 - 2014-02-04 20:23 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2015-02-11 08:00 - 2014-10-27 13:31 - 00000090 _____ () C:\windows\QBChanUtil_Trigger.ini
    2015-02-09 19:06 - 2014-01-15 21:39 - 00000000 ____D () C:\ProgramData\CLSK
    2015-02-09 18:54 - 2014-10-27 12:15 - 00000000 ___DC () C:\Users\Kathy\AppData\Local\MigWiz
    2015-02-09 18:37 - 2015-01-21 12:03 - 00000000 ____D () C:\windows\Minidump
    2015-02-09 18:03 - 2015-01-25 09:24 - 00000000 ____D () D:\Program Files (x86)\Adobe
    2015-02-09 17:56 - 2014-12-26 21:09 - 00000000 ____D () C:\Users\Kathy\Documents\My Digital Editions
    2015-02-09 11:43 - 2014-10-27 13:31 - 00000000 ____D () C:\ProgramData\SQL Anywhere 11
    2015-02-06 11:55 - 2014-01-25 21:29 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Deployment
    2015-02-05 12:14 - 2014-01-25 18:02 - 00000000 ____D () C:\Users\John\AppData\Roaming\Adobe
    2015-02-04 03:43 - 2014-01-25 21:29 - 00003898 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-02-04 03:43 - 2014-01-25 21:29 - 00003662 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-02-03 14:29 - 2012-07-26 03:14 - 00714184 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-02-03 14:29 - 2012-07-26 03:14 - 00106440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== Files in the root of some directories =======

    2015-02-20 17:56 - 2015-01-20 04:24 - 0038441 _____ () D:\Program Files (x86)\CopyRights.txt
    2015-02-20 17:56 - 2015-01-20 04:24 - 0031020 _____ () D:\Program Files (x86)\License.txt
    2015-02-20 17:56 - 2015-02-17 04:05 - 16765200 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer.exe
    2015-02-09 17:50 - 2015-02-20 17:56 - 0003867 _____ () D:\Program Files (x86)\TeamViewer10_Hooks.log
    2015-02-24 15:34 - 2015-02-27 11:27 - 0860310 _____ () D:\Program Files (x86)\TeamViewer10_Logfile.log
    2015-02-20 08:34 - 2015-02-24 15:34 - 1048629 _____ () D:\Program Files (x86)\TeamViewer10_Logfile_OLD.log
    2015-02-20 17:56 - 2015-02-17 04:05 - 5372176 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Desktop.exe
    2015-02-20 17:56 - 2015-02-17 04:06 - 0353552 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_ar.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 0398608 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_bg.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 0379152 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_cs.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 0371984 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_da.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 0408336 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_de.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 0433424 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_el.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 0368400 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_en.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 0404752 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_es.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 0377104 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_fi.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 0423696 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_fr.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 0323344 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_he.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 0389904 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_hr.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 0400656 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_hu.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 0379664 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_id.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 0407312 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_it.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 0260368 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_ja.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 0257808 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_ko.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 0400656 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_lt.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 0397072 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_nl.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 0371472 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_no.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 0397072 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_pl.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 0391952 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_pt.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 0412432 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_ro.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 0392464 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_ru.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 0385808 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_sk.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 0387344 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_sr.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 0370448 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_sv.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 0368912 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_th.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 0381712 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_tr.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 0394000 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_uk.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 0407824 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_vi.dll
    2015-02-20 17:56 - 2015-02-17 04:06 - 0217872 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_zhCN.dll
    2015-02-20 17:56 - 2015-02-17 04:07 - 0222480 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Resource_zhTW.dll
    2015-02-20 17:56 - 2015-02-17 04:05 - 5436176 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_Service.exe
    2015-02-20 17:56 - 2015-02-17 04:05 - 4491536 _____ (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer_StaticRes.dll
    2015-02-09 17:50 - 2015-02-09 17:48 - 0000046 _____ () D:\Program Files (x86)\tvinfo.ini
    2015-02-20 17:56 - 2015-02-17 03:32 - 0247056 _____ (TeamViewer GmbH) D:\Program Files (x86)\tv_w32.dll
    2015-02-20 17:56 - 2015-02-17 03:32 - 0229136 _____ (TeamViewer GmbH) D:\Program Files (x86)\tv_w32.exe
    2015-02-20 17:56 - 2015-02-17 03:32 - 0272656 _____ (TeamViewer GmbH) D:\Program Files (x86)\tv_x64.dll
    2015-02-20 17:56 - 2015-02-17 03:32 - 0263952 _____ (TeamViewer GmbH) D:\Program Files (x86)\tv_x64.exe
    2015-02-20 17:56 - 2015-02-17 05:30 - 0588656 _____ (TeamViewer) D:\Program Files (x86)\uninstall.exe
    2015-02-13 13:48 - 2015-02-13 13:48 - 0038419 _____ () C:\Users\Kathy\AppData\Roaming\Comma Separated Values.ADR
    2014-10-27 10:26 - 2015-02-25 23:20 - 0000600 _____ () C:\Users\Kathy\AppData\Roaming\winscp.rnd
    2015-02-21 16:26 - 2015-02-21 16:26 - 0000400 _____ () C:\Users\Kathy\AppData\Local\oVfRiuK.vbs
    2014-01-25 11:20 - 2014-09-14 11:43 - 0000280 _____ () C:\Users\Kathy\AppData\Local\RegisteredPackageInformation.xml
    2014-12-04 23:30 - 2014-12-04 23:30 - 0000017 _____ () C:\Users\Kathy\AppData\Local\resmon.resmoncfg
    2014-10-27 13:48 - 2014-10-27 13:48 - 0000159 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    2012-11-01 16:07 - 2012-11-01 16:07 - 0002507 _____ () C:\ProgramData\regid.1983-04.com.intuit,IFS,POS_E1171703-BD05-428F-99A1-7FE2FC879DE2.swidtag
    2015-02-26 00:24 - 2014-05-13 10:15 - 0010240 _____ () C:\ProgramData\Z@!-30155d6c-5e33-40c3-b6d1-7f9ec5ff3793.tmp
    2015-02-26 00:24 - 2014-05-13 10:15 - 0010240 _____ () C:\ProgramData\Z@!-df5ccc93-5b85-47c1-b75e-98f28b97e08a.tmp
    2015-02-26 00:24 - 2014-05-13 10:15 - 0009216 _____ () C:\ProgramData\Z@S!-725268cd-3ec0-4298-a951-019483990493.tmp
    2014-01-15 21:40 - 2014-01-15 21:40 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
    2014-01-15 21:39 - 2014-01-15 21:39 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2014-01-15 21:39 - 2014-01-15 21:40 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
    2014-01-15 21:40 - 2014-01-15 21:40 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

    Files to move or delete:
    ====================
    C:\Users\Kathy\GoToAssistDownloadHelper (1).exe
    C:\Users\Kathy\Setup for Outlook 64-bit.exe
    C:\Users\Kathy\Setup for Outlook.exe

    Some content of TEMP:
    ====================
    C:\Users\John\AppData\Local\Temp\COMAP.EXE
    C:\Users\Kathy\AppData\Local\Temp\OfficeSetup.exe
    C:\Users\Kathy\AppData\Local\Temp\setup32.exe

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-02-14 10:33

    ==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Kathy at 2015-02-27 11:39:32
Running from C:\Users\Kathy\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2586349100-3698439982-3723638625-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Premier (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bullzip PDF Printer 10.10.0.2307 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.10.0.2307 - Bullzip)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5119.52 - CyberLink Corp.)
Dell 1355cn/1355cnw Color MFP (HKLM-x32\...\InstallShield_{B0317670-E357-4DE6-8D58-116F7A22780B}) (Version: 1.046.0 - Dell Inc.)
Dell 1355cn/1355cnw Color MFP (x32 Version: 1.046.0 - Dell Inc.) Hidden
Dell Printer Driver Updater (x32 Version: 1.026.00 - Dell) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
ePUBee DRM Removal (HKLM-x32\...\ePUBee DRM Removal) (Version: 3.0.5.1 - ePUBee Inc.)
Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 19.1 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel® Update Manager (x32 Version: 1.0.0.36888 - Intel Corporation) Hidden
Java 7 Update 76 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217076FF}) (Version: 7.0.760 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LBAI (HKLM-x32\...\{C5C91B7B-38A6-40B7-84D6-E44885E44B13}_is1) (Version: 1.0.0.8 - Lenovo Group Limited)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.32.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo Solutions for Small Business (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.0.32.7350 - Intel® Corporation)
Lenovo Solutions for Small Business Customizations (HKLM-x32\...\{AFD7B869-3B70-40C7-8983-769256BA3BD2}) (Version: 2.0.0004.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0007.00 - Lenovo)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2586349100-3698439982-3723638625-1001\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Moneydance 2015 (HKLM\...\5244-9769-3058-9401) (Version: 2015 - The Infinite Kind)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.66 - NTI Corporation)
NTI Backup Now EZ (x32 Version: 3.0.2.66 - NTI Corporation) Hidden
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 3.01.0006 - Lenovo Group Limited)
QODBC Driver (HKLM-x32\...\QODBC Driver) (Version:  - )
Quick Connect (HKLM-x32\...\Total Support) (Version: 8.5.9655.26 - PlumChoice, Inc.)
QuickBooks (x32 Version: 22.0.4015.2206 - Intuit Inc.) Hidden
QuickBooks (x32 Version: 23.0.4012.2305 - Intuit Inc.) Hidden
QuickBooks (x32 Version: 24.0.4007.2403 - Intuit Inc.) Hidden
QuickBooks (x32 Version: 24.0.4008.2403 - Intuit Inc.) Hidden
QuickBooks (x32 Version: 25.0.4004.2506 - Intuit Inc.) Hidden
QuickBooks (x32 Version: 25.0.4005.2506 - Intuit Inc.) Hidden
QuickBooks Enterprise Solutions: Accountant Edition 14.0 (HKLM-x32\...\{47E586BD-3FF0-4ED2-8A0C-890F2C02A2F4}) (Version: 24.0.4008.2403 - Intuit Inc.)
QuickBooks Enterprise Solutions: Accountant Edition 15.0 (HKLM-x32\...\{96E243B9-3193-4CDC-AB80-6784DA6177A2}) (Version: 25.0.4005.2506 - Intuit Inc.)
QuickBooks Point of Sale 2013 (HKLM-x32\...\{2F6FE8E0-A61C-4C2D-A601-F5731D8F7EF0}) (Version: 22.3.1029 - Intuit Inc.)
QuickBooks Premier: Accountant Edition 2012 (HKLM-x32\...\{2181214D-1954-4C60-91FD-EEA7EBB32022}) (Version: 22.0.4015.2206 - Intuit Inc.)
QuickBooks Premier: Accountant Edition 2013 (HKLM-x32\...\{36B3E6E3-D4DE-4B89-A9E6-727715C2A318}) (Version: 23.0.4012.2305 - Intuit Inc.)
QuickBooks Premier: Accountant Edition 2014 (HKLM-x32\...\{48DCE40F-BD78-4EEA-B810-6F371716A5DD}) (Version: 24.0.4007.2403 - Intuit Inc.)
QuickBooks Premier: Accountant Edition 2015 (HKLM-x32\...\{D58E14D8-963A-4CCD-852E-065655D45004}) (Version: 25.0.4004.2506 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Reader Library by Sony (HKLM-x32\...\{B70E5793-F912-4C62-AFE2-C4F0B078FD31}) (Version: 3.3.00.07130 - Sony Corporation)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30158 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6844 - Realtek Semiconductor Corp.)
Send Personally (HKLM-x32\...\{27525601-6772-407E-89C5-B58F492A5166}) (Version: 2.0.0 - MAPILab Ltd.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
TaxACT 2014 - 1040 Edition (HKLM-x32\...\TaxACT 2014 - 1040 Edition) (Version: 1.02 - TaxACT, Inc.)
TaxACT 2014 North Carolina (HKLM-x32\...\TaxACT 2014 North Carolina) (Version: 1.01 - TaxACT, Inc.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
ThinkVantage Password Manager (HKLM-x32\...\{70EE2BAA-F82A-4B8A-950E-649EFD64D5B9}) (Version: 4.60.4.0 - Lenovo Group Limited)
TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software)
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
View Management Utility (HKLM\...\View Management Utility_is1) (Version: 3.0.1.20121226 - Lenovo Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Wondershare Video Editor(Build 4.8.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2586349100-3698439982-3723638625-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Kathy\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2586349100-3698439982-3723638625-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Kathy\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2586349100-3698439982-3723638625-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Kathy\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2586349100-3698439982-3723638625-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Kathy\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

09-02-2015 14:57:08 Installed Microsoft Visual C++ 2005 Redistributable
15-02-2015 08:18:22 Windows Update
21-02-2015 17:46:22 Removed Virtual Account Numbers
25-02-2015 18:22:10 QuickConnect
26-02-2015 00:44:07 Restore Operation
26-02-2015 09:18:51 Revo Uninstaller Pro's restore point - Malwarebytes Anti-Malware version 2.0.4.1028
26-02-2015 09:19:34 Revo Uninstaller Pro's restore point - 5.exe
26-02-2015 09:22:37 Revo Uninstaller Pro's restore point - Virtual Account Numbers
26-02-2015 14:37:32 Revo Uninstaller Pro's restore point - Microsoft Office Professional 2013 - en-us

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2015-02-26 10:33 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0ADE8652-BE4D-43B5-BDF7-CBDF50671985} - System32\Tasks\Convertor => C:\Program Files (x86)\Convertor\Convertor.exe [2014-11-25] ()
Task: {1A25E098-476E-4E6B-B2F0-C07531C658D6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Task: {1BCDF244-9FB5-4B75-9FB2-56AD346BC30E} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {25A3AB43-B0B4-4B94-AE23-4EB0683DA687} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-10-16] ()
Task: {2677FA62-798F-4282-923E-714221F4501E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25] (Google Inc.)
Task: {2D75E1E6-699E-49C8-A979-3AF45AEE1B07} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {2FCAB41C-97AA-4772-94D3-7A3F292CF4C0} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [2013-03-19] (CyberLink Corp.)
Task: {52DBE744-C712-4847-864B-B0044B5CD9FC} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {55DA4BD8-072F-4982-806B-E200E70490AF} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {72539CE9-176E-41B2-BB1A-F43C6D0BF94F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-16] (AVAST Software)
Task: {72B0945D-5152-4ED5-8983-C5CC4DE226D4} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {7B0C48B4-BBE7-43C5-9E85-D4F9D259FDBA} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-02-19] (Realtek Semiconductor)
Task: {84003D20-F13A-47BA-9FF5-5B3B00ED87C9} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {8C980335-7C06-4FFB-A5BD-1009D337AA0E} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PwmIdTsv.exe [2013-04-09] (Lenovo Group Limited)
Task: {95AE3888-DE02-4672-B906-5793644CC008} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {B15D23AC-F24E-4265-882B-26956C0460F4} - System32\Tasks\WinKit => C:\Users\Kathy\AppData\Roaming\PDFConvert\SWUpdate.exe [2014-11-25] ()
Task: {BDA7BB22-6988-432C-ACF0-FE89CC437A16} - System32\Tasks\Intel® Small Business Advantage\Notifier => C:\Program Files\Intel\Intel® Small Business Advantage\UI\SBA_Notifier.exe [2013-04-10] (Intel Corporation)
Task: {CAC88776-AA90-435C-96B1-3A8DC73E8DB8} - System32\Tasks\Winsta Update => C:\Program Files (x86)\Winsta\bin\Winsta.exe [2014-11-25] ()
Task: {E36B567E-3129-4428-9548-5E0FB214D37C} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {EAA6E964-671F-44FB-A92A-80624BEF0AFE} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {F455FAE4-94B6-4A30-BAE7-F161749580F0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {F8A59AFE-319F-4D7A-A460-4C23E5AEBE95} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25] (Google Inc.)
Task: {FA7E84CA-9A90-43D2-B5DA-8DA2E0F4333B} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-11-21] ()
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-26 15:55 - 2015-02-26 15:55 - 06522480 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-11-06 11:00 - 2013-10-08 13:01 - 00027648 _____ () C:\windows\System32\dlnaflm.DLL
2014-11-06 11:00 - 2012-03-22 10:23 - 00032256 _____ () C:\windows\system32\spool\PRTPROCS\x64\dlnafPP.dll
2015-02-09 17:50 - 2015-01-20 04:45 - 00020240 _____ () C:\windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2014-01-25 11:22 - 2012-08-31 15:58 - 13980672 _____ () C:\windows\system32\spool\DRIVERS\x64\3\dlnapRC.DLL
2014-01-25 11:22 - 2010-04-22 14:28 - 00678400 _____ () C:\windows\system32\spool\DRIVERS\x64\3\dlnapips.DLL
2015-02-27 11:16 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-11-15 12:00 - 2013-11-15 12:00 - 00091632 _____ () C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe
2014-09-14 11:53 - 2014-06-23 19:47 - 00601376 _____ () C:\Program Files\Lenovo\Password Manager\pwm_website_config.dll
2013-11-15 12:00 - 2013-11-15 12:00 - 00253416 _____ () C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1AW.exe
2013-11-15 12:00 - 2013-11-15 12:00 - 00239600 _____ () C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Awj.exe
2014-01-15 21:37 - 2013-04-09 18:52 - 00035656 _____ () C:\Program Files (x86)\Lenovo\PowerMgr\US\PWMRT64V.DLL
2015-02-14 10:34 - 2015-02-14 10:34 - 01147904 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\0bdeb0544528971808b8a94e142d939c\Windows.UI.ni.dll
2015-02-27 08:21 - 2015-02-27 08:21 - 02913792 _____ () C:\Program Files\AVAST Software\Avast\defs\15022700\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-11 16:05 - 2014-11-11 16:05 - 00466032 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
2014-06-23 19:44 - 2014-06-23 19:44 - 00546592 _____ () C:\Program Files (x86)\Lenovo\Password Manager\pwm_website_config.dll
2015-02-20 06:49 - 2015-02-17 17:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 06:49 - 2015-02-17 17:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 06:49 - 2015-02-17 17:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2014-11-16 08:18 - 2014-11-16 08:18 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-27 15:04 - 2014-09-11 17:09 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-10-27 15:04 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2010-07-13 01:28 - 2010-07-13 01:28 - 00856064 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\fsk.dll
2010-07-13 01:13 - 2010-07-13 01:13 - 00033792 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskMediaPlayers.dll
2010-07-13 01:15 - 2010-07-13 01:15 - 00233472 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\Fskin.dll
2010-07-13 01:22 - 2010-07-13 01:22 - 00020480 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskinLocalize.dll
2010-04-02 21:23 - 2010-04-02 21:23 - 00815104 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskSecurity.dll
2010-07-13 01:16 - 2010-07-13 01:16 - 00118784 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskDocumentViewer.dll
2010-07-13 01:22 - 2010-07-13 01:22 - 00009728 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskPower.dll
2010-07-13 01:26 - 2010-07-13 01:26 - 00018432 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskNetInterface.dll
2010-07-13 01:15 - 2010-07-13 01:15 - 00010240 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskMobileMediaDevice.dll
2010-07-13 01:25 - 2010-07-13 01:25 - 00008704 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll
2010-07-13 01:25 - 2010-07-13 01:25 - 00028160 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ticket.dll
2010-07-13 01:25 - 2010-07-13 01:25 - 00011776 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll
2010-04-02 20:44 - 2010-04-02 20:44 - 00086016 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookUsb.dll
2010-07-13 01:29 - 2010-07-13 01:29 - 00143360 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\connectionDetector.dll
2010-07-13 01:10 - 2010-07-13 01:10 - 00172032 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\USBDetector.dll
2015-02-10 09:51 - 2011-01-27 10:47 - 00558133 _____ () D:\Program Files (x86)\QODBC Driver for QuickBooks\QODBC Driver for QuickBooks\QRemote\Server\sqlite3.dll
2014-01-15 21:35 - 2013-01-23 18:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2586349100-3698439982-3723638625-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2586349100-3698439982-3723638625-1008\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-2586349100-3698439982-3723638625-1009\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Web Connector.lnk"
HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
HKLM\...\StartupApproved\Run32: => "StatusAutoRun"
HKLM\...\StartupApproved\Run32: => "Virtual Account Numbers"

==================== Accounts: =============================

Administrator (S-1-5-21-2586349100-3698439982-3723638625-500 - Administrator - Disabled)
Guest (S-1-5-21-2586349100-3698439982-3723638625-501 - Limited - Disabled)
John (S-1-5-21-2586349100-3698439982-3723638625-1004 - Administrator - Enabled) => C:\Users\John
Kathy (S-1-5-21-2586349100-3698439982-3723638625-1001 - Administrator - Enabled) => C:\Users\Kathy
QBDataServiceUser22 (S-1-5-21-2586349100-3698439982-3723638625-1007 - Limited - Enabled) => C:\Users\QBDataServiceUser22
QBDataServiceUser24 (S-1-5-21-2586349100-3698439982-3723638625-1008 - Limited - Enabled) => C:\Users\QBDataServiceUser24
QBPOSDBSrvUser (S-1-5-21-2586349100-3698439982-3723638625-1009 - Limited - Enabled) => C:\Users\QBPOSDBSrvUser

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2015 10:13:25 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (7332) An attempt to open the file "C:\Users\John\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/27/2015 09:24:47 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Spooler8

Error: (02/27/2015 08:37:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17183, time stamp: 0x546ebc2a
Faulting module name: MSHTML.dll, version: 10.0.9200.17228, time stamp: 0x54b33baa
Exception code: 0xc0000005
Fault offset: 0x0004ca5a
Faulting process id: 0x1c3c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (02/26/2015 04:06:10 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (4512) An attempt to open the file "C:\Users\John\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/26/2015 02:37:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (02/26/2015 02:37:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (02/26/2015 01:54:35 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (2400) An attempt to open the file "C:\Users\John\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/26/2015 11:00:40 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (1196) An attempt to open the file "C:\Users\Kathy\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/26/2015 10:37:06 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (1912) An attempt to open the file "C:\Users\Kathy\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/26/2015 10:31:35 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider StorageWMI attempted to register query "select * from MSFT_StorageModificationEvent" whose target class "MSFT_StorageModificationEvent" in //./root/Microsoft/Windows/Storage namespace does not exist. The query will be ignored.

System errors:
=============
Error: (02/27/2015 11:27:28 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (02/27/2015 11:27:24 AM) (Source: volmgr) (EventID: 49) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Error: (02/27/2015 11:27:18 AM) (Source: volmgr) (EventID: 49) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Error: (02/27/2015 11:27:18 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (02/27/2015 11:01:37 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (02/27/2015 11:01:33 AM) (Source: volmgr) (EventID: 49) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Error: (02/27/2015 11:01:27 AM) (Source: volmgr) (EventID: 49) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Error: (02/27/2015 11:01:27 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (02/27/2015 10:47:45 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (02/27/2015 10:47:42 AM) (Source: volmgr) (EventID: 49) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Microsoft Office Sessions:
=========================
Error: (02/27/2015 10:13:25 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex7332C:\Users\John\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (02/27/2015 09:24:47 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Spooler8

Error: (02/27/2015 08:37:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.17183546ebc2aMSHTML.dll10.0.9200.1722854b33baac00000050004ca5a1c3c01d0528f988792f1C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\MSHTML.dllca03d376-be85-11e4-bebd-fc4dd4f32d25

Error: (02/26/2015 04:06:10 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex4512C:\Users\John\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (02/26/2015 02:37:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (02/26/2015 02:37:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (02/26/2015 01:54:35 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex2400C:\Users\John\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (02/26/2015 11:00:40 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex1196C:\Users\Kathy\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (02/26/2015 10:37:06 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex1912C:\Users\Kathy\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (02/26/2015 10:31:35 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: StorageWMIselect * from MSFT_StorageModificationEventMSFT_StorageModificationEvent//./root/Microsoft/Windows/Storage

==================== Memory info ===========================

Processor: Intel® Core™ i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 14%
Total physical RAM: 20404.54 MB
Available physical RAM: 17521.05 MB
Total Pagefile: 32630.54 MB
Available Pagefile: 29112.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:105.63 GB) (Free:19.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (New Volume) (Fixed) (Total:465.63 GB) (Free:427.62 GB) NTFS
Drive e: (Toshiba Canvio Hard Drive) (Fixed) (Total:931.41 GB) (Free:751.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 17C7E27B)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: A42490B7)
Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:57 AM

Posted 27 February 2015 - 12:03 PM

Step 1

YjhLJro.pngSystemLook

  • Please download SystemLook (x64) and save the file to your Desktop.
  • Right-Click SystemLook_x64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Copy the entire contents of the codebox below and paste into the textfield.
    :filefind
    5.exe
    
    :regfind
    5.exe
  • Click the Ji0XpU4.png button to start the scan.
  • Upon completion, a log (SystemLook.txt) will open. Copy the contents of the log and paste in your next reply.
  • Click the OCFv7xc.png button.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 KathyS158

KathyS158
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 PM

Posted 27 February 2015 - 12:06 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 12:05 on 27/02/2015 by Kathy
Administrator - Elevation successful

========== filefind ==========

Searching for "5.exe"
No files found.

========== regfind ==========

Searching for "5.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Advertised\Policy\AppPatch\v2.0.50727.00000\DW15.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\policy\AppPatch\v2.0.50727.00000\DW15.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\policy\AppPatch\v4.0.30319.00000\DW15.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Messaging Subsystem\MSMapiApps]
"inetsw95.exe"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Advertised\Policy\AppPatch\v2.0.50727.00000\DW15.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\policy\AppPatch\v2.0.50727.00000\DW15.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\policy\AppPatch\v4.0.30319.00000\DW15.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Messaging Subsystem\MSMapiApps]
"inetsw95.exe"=""
[HKEY_USERS\S-1-5-21-2586349100-3698439982-3723638625-1008\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Kathy\Downloads\Setup_QuickBooksPremier2015.exe.FriendlyAppName"="Setup_QuickBooksPremier2015.exe"
[HKEY_USERS\S-1-5-21-2586349100-3698439982-3723638625-1008_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Kathy\Downloads\Setup_QuickBooksPremier2015.exe.FriendlyAppName"="Setup_QuickBooksPremier2015.exe"
[HKEY_USERS\S-1-5-21-2586349100-3698439982-3723638625-1009\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Kathy\Downloads\Setup_QuickBooksPremier2015.exe.FriendlyAppName"="Setup_QuickBooksPremier2015.exe"
[HKEY_USERS\S-1-5-21-2586349100-3698439982-3723638625-1009_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Kathy\Downloads\Setup_QuickBooksPremier2015.exe.FriendlyAppName"="Setup_QuickBooksPremier2015.exe"

-= EOF =-



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:57 AM

Posted 27 February 2015 - 12:09 PM

Are these popups gone or are they still there?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 KathyS158

KathyS158
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 PM

Posted 27 February 2015 - 12:11 PM

Will reboot machine and let you know.

 

Kathy



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:57 AM

Posted 27 February 2015 - 12:11 PM

OK. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 KathyS158

KathyS158
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 PM

Posted 27 February 2015 - 12:18 PM

Pop up appears 5 minutes into reboot. 



#11 KathyS158

KathyS158
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 PM

Posted 27 February 2015 - 12:20 PM

If I close the popup that shows when I reboot - it doesn't seem to come back.


In the past it would keep popping up.  Now it only seems to popup when I first boot the machine.



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:57 AM

Posted 27 February 2015 - 12:25 PM

Now it only seems to popup when I first boot the machine.


Please post a screenshot or picture.
 

post-155276-0-19034800-1406371428.png


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 KathyS158

KathyS158
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 PM

Posted 27 February 2015 - 12:37 PM

Please see attached picture.



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:57 AM

Posted 27 February 2015 - 12:40 PM

:) Please try it again or upload the picture here. http://www.filedropper.com/


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 KathyS158

KathyS158
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 PM

Posted 27 February 2015 - 12:41 PM

Sorry about that .

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users