Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Terdir.com the horrible. And deal top. grr.


  • This topic is locked This topic is locked
14 replies to this topic

#1 quicklycrazy

quicklycrazy

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 30 March 2015 - 03:01 AM

Nothing is picking this crap up.  At least nothing I have tried so far.  MBAM at least keeps blocking it.

 

Heres the logs:

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Heather (administrator) on MINE on 30-03-2015 03:52:39
Running from C:\Users\Heather\Desktop
Loaded Profiles: Heather & UpdatusUser (Available profiles: Heather & UpdatusUser & Chiara)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\CAM\bin\CAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILBE.EXE
(Dell) C:\Users\Heather\AppData\Local\Apps\2.0\V9YA9KZK.K5Z\4KLORGEL.4NJ\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Farbar) C:\Users\Heather\Desktop\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-06] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4384928 2012-08-27] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-4207824641-2776632091-801553687-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Heather\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4207824641-2776632091-801553687-1001\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4207824641-2776632091-801553687-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-4207824641-2776632091-801553687-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2014-12-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4207824641-2776632091-801553687-1001\...\Run: [DellSystemDetect] => C:\Users\Heather\AppData\Local\Apps\2.0\V9YA9KZK.K5Z\4KLORGEL.4NJ\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2014-12-11] (Dell)
HKU\S-1-5-21-4207824641-2776632091-801553687-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
Startup: C:\Users\Chiara.Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4207824641-2776632091-801553687-1006\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4207824641-2776632091-801553687-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-4207824641-2776632091-801553687-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4207824641-2776632091-801553687-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-4207824641-2776632091-801553687-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKU\S-1-5-21-4207824641-2776632091-801553687-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
URLSearchHook: [S-1-5-21-4207824641-2776632091-801553687-1004] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4207824641-2776632091-801553687-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4207824641-2776632091-801553687-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4207824641-2776632091-801553687-1001 -> {6D21BFE3-4AC6-4285-8DC1-3C9E3B3F2AE5} URL = http://search.findwide.com/serp?guid={8D3087A8-D893-4566-9715-3F3BC0A29D4F}&action=default_search&serpv=22&k={searchTerms}
SearchScopes: HKU\S-1-5-21-4207824641-2776632091-801553687-1001 -> {710B9205-3055-40F0-BB08-084F93C27283} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4207824641-2776632091-801553687-1001 -> {72E79FEC-909A-4D13-BC8B-4A73BBCF2165} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4207824641-2776632091-801553687-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4207824641-2776632091-801553687-1001 -> {DA7A02CB-80DA-403A-8460-DA2C3CDF14E5} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10743
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-19] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-19] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {DF72524A-E493-4989-B28E-2D113D4AAF05} -  No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - No Name - {DF72524A-E493-4989-B28E-2D113D4AAF05} -  No File
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7CEA56B9-2B2F-4A70-9E73-63F2D0530E07}: [NameServer] 81.218.119.15,199.203.35.75

FireFox:
========
FF ProfilePath: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\h2z2ppju.default-1427699787578
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-19] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF Extension: Adblock Plus - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\h2z2ppju.default-1427699787578\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-30]

Chrome:
=======
CHR Profile: C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-24]
CHR Extension: (Google Docs) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-24]
CHR Extension: (Google Drive) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-24]
CHR Extension: (YouTube) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-24]
CHR Extension: (Google Search) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-24]
CHR Extension: (Google Sheets) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-24]
CHR Extension: (Google Wallet) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-24]
CHR Extension: (Gmail) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-01-07] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1243344 2014-09-03] (Intel® Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173568 2012-10-09] (Dell Products, LP.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-07] (Realsil Microelectronics Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-11-19] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-11-19] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [93400 2015-03-30] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew01.sys [3354384 2015-01-06] (Intel Corporation)
R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2012-09-04] (Realtek Semiconductor Corp.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 usb3Hub; \SystemRoot\System32\drivers\usb3Hub.sys [X]
S3 XHCIPort; \SystemRoot\System32\drivers\XHCIPort.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 03:52 - 2015-03-30 03:53 - 00026835 _____ () C:\Users\Heather\Desktop\FRST.txt
2015-03-30 03:45 - 2015-03-30 03:45 - 02095616 _____ (Farbar) C:\Users\Heather\Desktop\FRST64 (1).exe
2015-03-30 03:44 - 2015-03-30 03:44 - 02095616 _____ (Farbar) C:\Users\Heather\Downloads\FRST64.exe
2015-03-30 03:16 - 2015-03-30 03:16 - 00000000 ____D () C:\Users\Heather\Desktop\Old Firefox Data
2015-03-30 01:21 - 2015-03-30 01:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-30 01:17 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-30 01:17 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-30 01:11 - 2015-03-30 01:11 - 02347384 _____ (ESET) C:\Users\Heather\Downloads\esetsmartinstaller_enu.exe
2015-03-30 01:11 - 2015-03-30 01:11 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-29 21:07 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-29 21:07 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-29 21:06 - 2015-03-05 22:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-29 21:06 - 2015-03-05 22:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-29 20:30 - 2015-03-29 20:47 - 00000466 ____H () C:\WINDOWS\Tasks\Norton Security Scan for Heather.job
2015-03-29 20:30 - 2015-03-29 20:30 - 00003604 _____ () C:\WINDOWS\System32\Tasks\Norton Security Scan for Heather
2015-03-29 20:29 - 2015-02-06 19:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-29 20:29 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-29 20:29 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-29 20:29 - 2015-01-19 14:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-03-29 20:29 - 2014-12-08 23:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-03-29 20:29 - 2014-12-08 21:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-03-29 20:12 - 2015-02-19 23:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-29 20:12 - 2015-02-19 22:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-29 20:12 - 2015-02-19 22:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-29 20:12 - 2015-02-19 22:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-29 20:11 - 2015-03-29 20:12 - 02967032 _____ (Malwarebytes ) C:\Users\Heather\Downloads\mbae-setup-1.05.1.1016.exe
2015-03-29 20:11 - 2015-03-10 22:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-03-29 20:11 - 2015-03-10 18:08 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-03-29 20:11 - 2015-03-10 18:08 - 00943104 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-03-29 20:11 - 2015-03-10 18:08 - 00760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-03-29 20:11 - 2015-03-10 18:08 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-03-29 20:11 - 2015-03-10 18:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-03-29 20:11 - 2015-03-10 18:08 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-03-29 20:11 - 2015-02-25 19:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-29 20:10 - 2015-03-29 20:10 - 00065232 _____ (Malwarebytes) C:\Users\Heather\Downloads\regassassin-setup-1.03.exe
2015-03-29 20:10 - 2015-03-29 20:10 - 00000000 ____D () C:\82acdb2eda0fa2c44e22bd
2015-03-29 20:08 - 2015-03-29 20:08 - 04909382 _____ () C:\Users\Heather\Desktop\mbam-chameleon-3.1.7.0(1).zip
2015-03-29 20:08 - 2015-01-30 19:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-29 20:08 - 2015-01-30 19:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-29 20:08 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-29 20:08 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-29 20:08 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-29 20:08 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-29 20:07 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-29 20:07 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-29 20:07 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-29 20:07 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-29 20:07 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-29 20:07 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-03-29 20:07 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-03-29 20:05 - 2015-03-29 20:05 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Heather\Downloads\mbar-1.09.1.1004.exe
2015-03-29 20:01 - 2015-02-05 21:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-29 20:01 - 2015-02-05 21:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-29 20:01 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-29 20:01 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-29 20:01 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-29 20:01 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-29 20:01 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-29 20:01 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-29 20:01 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-29 20:01 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-29 20:01 - 2015-01-28 21:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-29 20:01 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-29 19:59 - 2015-01-29 23:01 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-29 19:59 - 2015-01-29 23:00 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-29 19:59 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-03-29 19:59 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-03-29 19:36 - 2015-01-15 18:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-03-29 19:36 - 2015-01-15 18:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-03-29 19:36 - 2015-01-14 00:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-03-29 19:36 - 2015-01-13 23:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-03-29 19:35 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-29 19:35 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-29 19:35 - 2014-12-19 04:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-03-29 19:35 - 2014-12-19 04:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-03-29 13:58 - 2015-03-30 03:00 - 00000539 _____ () C:\WINDOWS\setupact.log
2015-03-29 13:58 - 2015-03-29 21:00 - 00538870 _____ () C:\WINDOWS\PFRO.log
2015-03-29 13:58 - 2015-03-29 13:58 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-03-29 06:41 - 2015-03-30 03:47 - 01924201 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-29 05:49 - 2014-12-11 19:36 - 00002120 _____ () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2015-03-29 05:43 - 2015-03-29 05:43 - 00001767 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-29 05:43 - 2015-03-29 05:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-29 05:42 - 2015-03-29 05:43 - 00000000 ____D () C:\Program Files\iTunes
2015-03-29 05:42 - 2015-03-29 05:42 - 00000000 ____D () C:\Program Files\iPod
2015-03-29 05:42 - 2015-03-29 05:42 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-29 05:37 - 2015-03-29 05:37 - 00880208 _____ (Google Inc.) C:\Users\Heather\Downloads\ChromeSetup.exe
2015-03-29 04:59 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-29 04:59 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-29 04:37 - 2015-03-29 04:40 - 05346704 _____ (Piriform Ltd) C:\Users\Heather\Downloads\ccsetup504pro.exe
2015-03-28 22:31 - 2015-03-28 22:32 - 00084277 _____ () C:\Users\Heather\Downloads\FRST.txt
2015-03-28 22:23 - 2015-03-28 22:23 - 00000706 _____ () C:\Users\Heather\Desktop\JRT.txt
2015-03-28 20:28 - 2015-03-29 07:44 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-03-28 20:28 - 2015-03-28 20:30 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-03-25 17:49 - 2015-03-29 13:58 - 00000000 ____D () C:\WINDOWS\Sun
2015-03-25 04:36 - 2015-03-25 04:36 - 04909382 _____ () C:\Users\Heather\Downloads\mbam-chameleon-3.1.7.0.zip
2015-03-25 04:35 - 2015-03-29 07:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-03-25 04:35 - 2015-03-28 22:03 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-03-25 03:43 - 2015-03-29 23:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-25 03:42 - 2015-03-29 23:28 - 00000000 ____D () C:\Users\Heather\Desktop\mbar
2015-03-25 01:08 - 2015-03-25 01:08 - 00007615 _____ () C:\Users\Heather\AppData\Local\Resmon.ResmonCfg
2015-03-24 22:06 - 2015-03-28 21:55 - 00000000 ____D () C:\AdwCleaner
2015-03-24 22:00 - 2015-03-24 22:01 - 00041423 _____ () C:\Users\Heather\Downloads\Addition.txt
2015-03-24 21:59 - 2015-03-30 03:52 - 00000000 ____D () C:\FRST
2015-03-24 17:27 - 2015-03-24 17:27 - 51970048 _____ () C:\WINDOWS\system32\config\COMPONENTS.iobit
2015-03-24 17:05 - 2015-03-24 17:05 - 00000000 ____D () C:\Program Files\Java
2015-03-24 16:47 - 2015-03-29 07:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2015-03-24 16:47 - 2015-03-29 07:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2015-03-21 21:15 - 2015-03-21 21:15 - 05234688 _____ () C:\WINDOWS\system32\config\DRIVERS.iobit
2015-03-21 19:07 - 2015-03-21 19:07 - 00401408 _____ () C:\WINDOWS\system32\config\DEFAULT.iobit
2015-03-21 19:07 - 2015-03-21 19:07 - 00061440 _____ () C:\WINDOWS\system32\config\SAM.iobit
2015-03-21 19:07 - 2015-03-21 19:07 - 00028672 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2015-03-21 19:06 - 2015-03-21 19:07 - 90669056 _____ () C:\WINDOWS\system32\config\SOFTWARE.iobit
2015-03-21 19:04 - 2015-03-29 07:48 - 00000000 ____D () C:\ProgramData\ProductData
2015-03-21 19:03 - 2015-03-29 07:48 - 00000000 ____D () C:\ProgramData\IObit
2015-03-21 19:03 - 2015-03-24 19:00 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\IObit
2015-03-21 19:03 - 2015-03-24 16:47 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-03-21 19:03 - 2015-03-21 19:03 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2015-03-21 19:03 - 2015-03-21 19:03 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-03-21 14:47 - 2015-03-21 15:22 - 00005535 _____ () C:\Users\Heather\Downloads\umbrella.log
2015-03-21 14:47 - 2015-03-21 15:22 - 00001930 _____ () C:\Users\Heather\umbrella0.log
2015-03-21 14:47 - 2015-03-21 14:47 - 00000000 ____D () C:\Users\Heather\.shsh
2015-03-21 12:27 - 2015-03-21 12:27 - 00000015 _____ () C:\Users\Heather\apple.txt
2015-03-21 11:41 - 2015-03-29 05:43 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-19 21:08 - 2015-03-24 16:40 - 00004369 _____ () C:\Users\Heather\Sti_Trace.log
2015-03-19 21:07 - 2015-03-19 21:09 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Epson
2015-03-19 20:59 - 2015-03-19 20:59 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Leadertech
2015-03-19 20:52 - 2015-03-19 20:52 - 00000000 ____D () C:\Program Files (x86)\epson
2015-03-19 20:51 - 2015-03-19 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-03-19 20:51 - 2015-03-19 20:52 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2015-03-19 20:51 - 2015-03-19 20:51 - 00000000 ____D () C:\Program Files\EpsonNet
2015-03-19 20:51 - 2015-03-19 20:51 - 00000000 ____D () C:\Program Files\EPSON
2015-03-19 19:48 - 2015-03-19 21:22 - 00000000 ____D () C:\Users\Heather\Desktop\check stubs
2015-03-19 19:31 - 2015-03-04 17:24 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-19 19:31 - 2015-03-04 17:24 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-13 22:31 - 2015-03-29 23:54 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-03-13 19:36 - 2015-03-30 02:05 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F67859B4-9425-4C5A-A49E-D08A71D29D67}
2015-03-13 19:35 - 2015-03-13 19:35 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieUserList
2015-03-13 19:35 - 2015-03-13 19:35 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieSiteList
2015-03-13 19:35 - 2015-03-13 19:35 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieBrowserModeList
2015-03-13 18:51 - 2015-03-13 18:51 - 00000000 ____D () C:\Users\Heather\AppData\Local\Deployment
2015-03-13 17:44 - 2015-03-13 17:44 - 00001331 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-03-13 17:44 - 2015-03-13 17:44 - 00001319 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-03-13 17:39 - 2015-03-13 17:57 - 00000000 ____D () C:\Users\Heather\Desktop\New folder (3)
2015-03-11 10:55 - 2015-03-30 02:55 - 00000929 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Update {D40A601B-C86B-4794-9D35-02CD3DA773B9}.job
2015-03-11 10:55 - 2015-03-30 02:55 - 00000743 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {D40A601B-C86B-4794-9D35-02CD3DA773B9}.job
2015-03-11 10:55 - 2015-03-29 07:51 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2015-03-11 10:55 - 2015-03-11 10:55 - 00003960 _____ () C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Update {D40A601B-C86B-4794-9D35-02CD3DA773B9}
2015-03-11 10:55 - 2015-03-11 10:55 - 00003774 _____ () C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Invitation {D40A601B-C86B-4794-9D35-02CD3DA773B9}
2015-03-11 10:54 - 2015-03-29 05:33 - 00000000 ____D () C:\ProgramData\EPSON
2015-03-11 10:54 - 2014-12-02 04:46 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ILMBLBE.DLL
2015-03-11 10:54 - 2014-12-02 04:46 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ID4BLBE.DLL
2015-03-11 10:54 - 2014-12-02 04:46 - 00010752 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL
2015-03-11 10:51 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-11 10:51 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-11 10:51 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-11 10:51 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-11 10:51 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-11 10:51 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-11 10:51 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-11 10:51 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-11 10:51 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-11 10:51 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-11 10:51 - 2015-02-19 22:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-11 10:51 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-11 10:51 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-11 10:51 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-11 10:51 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-11 10:51 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-11 10:51 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-11 10:51 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-11 10:51 - 2015-02-19 21:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-11 10:51 - 2015-02-19 21:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-11 10:51 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-11 10:51 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-11 10:51 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-11 10:51 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-11 10:51 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-11 10:51 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-11 10:51 - 2015-02-19 21:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-11 10:51 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-11 10:51 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-11 10:51 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-11 10:51 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-11 10:51 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-11 10:51 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-11 10:51 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-11 10:51 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-11 10:51 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-11 10:51 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-11 10:51 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-11 10:51 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-11 10:51 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-11 10:51 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-11 10:51 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-11 10:51 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-03-11 10:51 - 2015-01-11 21:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-03-11 10:51 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-03-11 10:51 - 2015-01-11 21:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-03-11 10:51 - 2014-11-09 19:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-03-11 10:51 - 2014-11-09 19:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-03-11 10:51 - 2014-11-09 19:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-03-11 10:51 - 2014-11-09 19:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-03-11 10:51 - 2014-07-23 23:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-03-11 10:51 - 2014-07-23 23:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-03-11 10:50 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-11 10:50 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-11 10:50 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-11 10:50 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-11 10:50 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-11 10:50 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-11 10:50 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-11 10:50 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-11 10:50 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-11 10:50 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-11 10:50 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-11 10:50 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-11 10:50 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-11 10:50 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-11 10:50 - 2015-01-28 11:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-11 10:50 - 2015-01-28 11:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-11 10:50 - 2015-01-28 11:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-11 10:50 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-11 10:50 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-11 10:50 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-11 10:50 - 2014-12-02 19:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-03-11 10:50 - 2014-10-28 22:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-03-11 10:50 - 2014-10-28 22:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-03-11 10:50 - 2014-10-28 21:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-03-11 10:50 - 2014-10-28 21:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-03-11 10:50 - 2014-10-28 21:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-03-11 10:50 - 2014-10-28 21:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-03-11 10:50 - 2014-10-28 21:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-03-11 10:50 - 2014-10-28 21:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-03-11 10:47 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-11 10:47 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 03:43 - 2012-12-22 05:28 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-30 03:37 - 2012-12-23 14:17 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-30 03:17 - 2014-07-31 03:04 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-30 03:09 - 2015-01-28 21:06 - 00000000 ____D () C:\Users\Heather\OneDrive
2015-03-30 03:07 - 2014-12-11 19:37 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\ClassicShell
2015-03-30 03:07 - 2012-12-30 15:00 - 00000000 ____D () C:\Users\Heather\AppData\Local\Adobe
2015-03-30 03:06 - 2014-11-21 04:44 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-30 03:04 - 2012-12-22 05:28 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-30 03:00 - 2015-01-28 20:16 - 00017408 _____ () C:\WINDOWS\SysWOW64\rpcnetp.dll
2015-03-30 03:00 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-30 03:00 - 2012-12-22 04:44 - 00069792 ____N (Absolute Software Corp.) C:\WINDOWS\SysWOW64\rpcnet.dll
2015-03-30 02:59 - 2015-01-28 20:15 - 00029336 _____ () C:\WINDOWS\system32\wpbbin.exe
2015-03-30 02:59 - 2015-01-28 20:15 - 00017408 _____ () C:\WINDOWS\SysWOW64\rpcnetp.exe
2015-03-30 02:59 - 2015-01-28 20:15 - 00017408 _____ () C:\WINDOWS\system32\rpcnetp.exe
2015-03-30 02:59 - 2013-08-22 09:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-30 02:59 - 2012-12-22 04:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-30 02:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-30 02:10 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-30 02:04 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-30 02:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-30 01:55 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-03-30 01:42 - 2012-12-22 04:53 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4207824641-2776632091-801553687-1001
2015-03-30 00:14 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-30 00:06 - 2014-07-31 03:04 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-29 23:58 - 2013-08-22 10:44 - 05103256 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-29 23:56 - 2015-01-28 20:26 - 00000000 ____D () C:\Users\UpdatusUser.Mine
2015-03-29 23:54 - 2014-11-21 11:56 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-03-29 23:54 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-29 23:54 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-29 23:54 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-29 23:54 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-29 23:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-29 23:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-03-29 23:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-03-29 23:54 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-29 23:54 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-29 21:07 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-29 21:00 - 2012-12-22 05:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-29 08:09 - 2015-01-28 20:26 - 00000000 ___RD () C:\Users\UpdatusUser.Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-29 08:09 - 2015-01-28 20:26 - 00000000 ___RD () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-29 08:09 - 2015-01-28 20:26 - 00000000 ___RD () C:\Users\Chiara.Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-29 08:09 - 2015-01-28 20:26 - 00000000 ___RD () C:\Users\Chiara.Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-29 08:09 - 2015-01-28 20:26 - 00000000 ____D () C:\Users\Chiara.Mine
2015-03-29 08:09 - 2015-01-28 20:19 - 00000000 ____D () C:\Program Files\IDT
2015-03-29 08:09 - 2014-11-27 20:54 - 00000000 ____D () C:\WINDOWS\system32\vbox
2015-03-29 08:09 - 2014-11-21 04:25 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-03-29 08:09 - 2014-11-21 04:25 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-29 08:09 - 2014-09-29 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-03-29 08:09 - 2014-05-09 21:22 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack
2015-03-29 08:09 - 2013-12-16 05:08 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\DesktopTileResources
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\zh-HK
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\WinMetadata
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\uk-UA
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\tr-TR
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\th-TH
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sr-Latn-RS
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sr-Latn-CS
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sl-SI
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sk-SK
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\ro-RO
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Recovery
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\ras
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MSDRM
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\lv-LV
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\lt-LT
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InstallShield
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\icsxml
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\hr-HR
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\he-IL
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\et-EE
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Bthprops
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\bg-BG
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\ar-SA
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\zh-HK
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WinMetadata
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\uk-UA
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\tr-TR
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\th-TH
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sppui
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sl-SI
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sk-SK
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\ro-RO
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\ras
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\MSDRM
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\lv-LV
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\lt-LT
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\icsxml
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\ias
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\hr-HR
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\he-IL
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\et-EE
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Bthprops
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\bg-BG
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\ar-SA
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system\Speech
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\L2Schemas
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\IME
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Cursors
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\addins
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\Services
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-03-29 08:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2015-03-29 08:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\downlevel
2015-03-29 08:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-03-29 08:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\AdvancedInstallers
2015-03-29 08:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-03-29 08:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-03-29 08:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\downlevel
2015-03-29 08:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-03-29 08:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-03-29 08:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-03-29 08:09 - 2013-04-08 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCR Media Formats
2015-03-29 08:09 - 2012-12-26 05:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-29 08:09 - 2012-12-22 23:27 - 00000000 ____D () C:\WINDOWS\SysWOW64\sda
2015-03-29 08:09 - 2012-12-22 22:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-03-29 08:09 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-03-29 07:54 - 2015-01-28 21:04 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-03-29 07:54 - 2014-12-11 22:29 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-03-29 07:54 - 2014-12-11 22:29 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-03-29 07:54 - 2014-11-27 20:54 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox
2015-03-29 07:54 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm
2015-03-29 07:54 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr
2015-03-29 07:54 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\system32\winrm
2015-03-29 07:54 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\system32\slmgr
2015-03-29 07:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Speech
2015-03-29 07:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2015-03-29 07:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MsDtc
2015-03-29 07:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Licenses
2015-03-29 07:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
2015-03-29 07:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-03-29 07:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-03-29 07:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-03-29 07:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\System
2015-03-29 07:54 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\SMI
2015-03-29 07:54 - 2013-01-27 18:23 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2015-03-29 07:54 - 2012-12-23 02:39 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dell
2015-03-29 07:53 - 2013-12-16 05:08 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NSSx64
2015-03-29 07:53 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2015-03-29 07:53 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Licenses
2015-03-29 07:53 - 2013-08-22 10:45 - 00000000 ____D () C:\WINDOWS\Setup
2015-03-29 07:52 - 2015-01-28 20:26 - 00000000 ___RD () C:\Users\UpdatusUser.Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-29 07:52 - 2015-01-28 20:26 - 00000000 ___RD () C:\Users\UpdatusUser.Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-29 07:52 - 2015-01-28 20:26 - 00000000 ___RD () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-29 07:52 - 2015-01-28 20:26 - 00000000 ___RD () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-29 07:52 - 2015-01-28 20:26 - 00000000 ____D () C:\Users\UpdatusUser.Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-29 07:52 - 2015-01-28 20:26 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-29 07:52 - 2014-12-12 01:43 - 00000000 ___RD () C:\Users\Heather\Creative Cloud Files
2015-03-29 07:52 - 2014-12-11 22:10 - 00000000 ____D () C:\Users\Heather\Desktop\NVI2
2015-03-29 07:52 - 2014-12-11 22:10 - 00000000 ____D () C:\Users\Heather\Desktop\NV3DVisionUSB.Driver
2015-03-29 07:52 - 2014-12-11 22:10 - 00000000 ____D () C:\Users\Heather\Desktop\NV3DVision
2015-03-29 07:52 - 2014-12-11 22:10 - 00000000 ____D () C:\Users\Heather\Desktop\MS.NET
2015-03-29 07:52 - 2014-12-11 22:10 - 00000000 ____D () C:\Users\Heather\Desktop\HDAudio
2015-03-29 07:52 - 2014-12-11 22:10 - 00000000 ____D () C:\Users\Heather\Desktop\GFExperience
2015-03-29 07:52 - 2014-12-11 22:10 - 00000000 ____D () C:\Users\Heather\Desktop\Display.Update
2015-03-29 07:52 - 2014-12-11 22:10 - 00000000 ____D () C:\Users\Heather\Desktop\Display.Optimus
2015-03-29 07:52 - 2014-12-11 22:10 - 00000000 ____D () C:\Users\Heather\Desktop\Display.NView
2015-03-29 07:52 - 2014-12-11 22:10 - 00000000 ____D () C:\Users\Heather\Desktop\Display.Driver
2015-03-29 07:52 - 2014-12-11 21:37 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-03-29 07:52 - 2013-12-16 05:08 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\0S1F1O2Z0S2Y1H1T
2015-03-29 07:52 - 2013-12-16 04:53 - 00000000 ____D () C:\Users\Heather\AppData\Local\FreeVideoPlayer
2015-03-29 07:52 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Branding
2015-03-29 07:52 - 2013-04-24 19:14 - 00000000 ____D () C:\Users\Heather\AppData\Local\HP
2015-03-29 07:52 - 2013-04-20 22:58 - 00000000 ____D () C:\Users\Heather\Downloads\In.Bruges[2008]DvDrip-aXXo
2015-03-29 07:52 - 2013-04-05 13:50 - 00000000 ____D () C:\Users\Heather\AppData\Local\SwvUpdater
2015-03-29 07:52 - 2013-04-05 12:23 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Intel WiDi
2015-03-29 07:52 - 2013-04-05 12:23 - 00000000 ____D () C:\Users\Heather\AppData\Local\Intel
2015-03-29 07:52 - 2013-04-05 00:35 - 00000000 ____D () C:\Users\Heather\Downloads\Oz.the.Great.and.Powerful.2013.HDTS.XVID.AC3.HQ.Hive-CM8
2015-03-29 07:52 - 2013-04-04 21:16 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\uTorrent
2015-03-29 07:52 - 2012-12-22 05:19 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Thunderbird
2015-03-29 07:52 - 2012-12-22 04:45 - 00000000 ____D () C:\Users\Heather\AppData\Local\VirtualStore
2015-03-29 07:52 - 2012-12-22 04:41 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-29 07:52 - 2012-12-22 04:41 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-29 07:52 - 2012-12-22 04:41 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-29 07:52 - 2012-12-22 04:41 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-29 07:51 - 2015-02-01 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxACT
2015-03-29 07:51 - 2015-02-01 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-03-29 07:51 - 2015-01-28 23:08 - 00000000 ____D () C:\Program Files\MSBuild
2015-03-29 07:51 - 2015-01-28 20:26 - 00000000 ___RD () C:\Users\Chiara.Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-29 07:51 - 2015-01-28 20:26 - 00000000 ____D () C:\Users\Chiara.Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-29 07:51 - 2015-01-28 20:19 - 00000000 ____D () C:\Program Files\DellTPad
2015-03-29 07:51 - 2015-01-28 20:17 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-29 07:51 - 2014-12-11 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-03-29 07:51 - 2014-12-11 23:29 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-03-29 07:51 - 2014-12-11 23:28 - 00000000 ____D () C:\Program Files\My Dell
2015-03-29 07:51 - 2014-12-11 19:37 - 00000000 ____D () C:\ProgramData\ClassicShell
2015-03-29 07:51 - 2014-12-11 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-03-29 07:51 - 2014-12-11 19:36 - 00000000 ____D () C:\Program Files\Classic Shell
2015-03-29 07:51 - 2014-12-11 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-29 07:51 - 2014-09-29 14:00 - 00000000 ____D () C:\Program Files\Recuva
2015-03-29 07:51 - 2014-07-31 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-29 07:51 - 2014-01-30 09:27 - 00000000 ____D () C:\ProgramData\tperFectcouuppOoN
2015-03-29 07:51 - 2014-01-30 09:27 - 00000000 ____D () C:\ProgramData\hpbhddnlllomglndnajlgojofomigfob
2015-03-29 07:51 - 2014-01-30 09:27 - 00000000 ____D () C:\ProgramData\DownloADuitkeep
2015-03-29 07:51 - 2014-01-30 09:27 - 00000000 ____D () C:\ProgramData\3b6b9379fcbda85e
2015-03-29 07:51 - 2013-12-16 05:08 - 00000000 ____D () C:\ProgramData\Norton
2015-03-29 07:51 - 2013-12-16 05:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2015-03-29 07:51 - 2013-10-14 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAVE Downloader
2015-03-29 07:51 - 2013-04-24 19:14 - 00000000 ____D () C:\ProgramData\Visan
2015-03-29 07:51 - 2013-04-24 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-03-29 07:51 - 2013-04-24 19:14 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2015-03-29 07:51 - 2013-04-08 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-29 07:51 - 2013-04-05 02:08 - 00000000 ____D () C:\ProgramData\Wincert
2015-03-29 07:51 - 2013-01-21 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-03-29 07:51 - 2013-01-21 19:12 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2015-03-29 07:51 - 2013-01-19 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-29 07:51 - 2013-01-19 19:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-03-29 07:51 - 2012-12-23 07:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2015-03-29 07:51 - 2012-12-22 22:53 - 00000000 ____D () C:\Users\Heather\AppData\Local\Akamai
2015-03-29 07:51 - 2012-12-22 05:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-29 07:51 - 2012-12-22 04:41 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-29 07:51 - 2012-12-22 04:41 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-29 07:51 - 2012-12-22 04:41 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-29 07:51 - 2012-12-22 04:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-29 07:50 - 2015-02-01 18:42 - 00000000 ____D () C:\Program Files (x86)\Intel Driver Update Utility
2015-03-29 07:50 - 2015-01-28 23:08 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-03-29 07:50 - 2014-07-31 03:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-29 07:50 - 2014-05-09 21:23 - 00000000 ____D () C:\Program Files (x86)\Rr Savings
2015-03-29 07:50 - 2014-05-09 21:22 - 00000000 ____D () C:\Program Files (x86)\Essentials Codec Pack
2015-03-29 07:50 - 2014-05-09 21:21 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-03-29 07:50 - 2013-12-16 05:08 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan
2015-03-29 07:50 - 2013-12-16 05:08 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2015-03-29 07:50 - 2013-04-24 19:14 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2015-03-29 07:50 - 2013-04-08 19:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2015-03-29 07:50 - 2013-04-08 19:14 - 00000000 ____D () C:\Program Files (x86)\NCR Media Formats
2015-03-29 07:50 - 2013-04-08 19:14 - 00000000 ____D () C:\Program Files (x86)\NCR Label Formats for MS Word Setup
2015-03-29 07:50 - 2013-04-05 13:50 - 00000000 ____D () C:\Program Files (x86)\Conduit
2015-03-29 07:50 - 2013-01-27 18:23 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-03-29 07:50 - 2013-01-19 19:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-29 07:50 - 2012-12-23 07:16 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-03-29 07:50 - 2012-12-23 00:21 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery
2015-03-29 07:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\registration
2015-03-29 06:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Web
2015-03-29 06:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Vss
2015-03-29 06:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\vpnplugins
2015-03-29 06:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\WindowsPowerShell
2015-03-29 06:18 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-03-29 06:18 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\spp
2015-03-29 06:18 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\networklist
2015-03-29 06:17 - 2015-01-28 20:26 - 00000000 ____D () C:\Users\Heather
2015-03-29 06:17 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2015-03-29 06:17 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2015-03-29 06:16 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SystemResources
2015-03-29 06:15 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2015-03-29 06:14 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\spp
2015-03-29 06:14 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2015-03-29 06:13 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts
2015-03-29 06:13 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Speech
2015-03-29 06:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\networklist
2015-03-29 06:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\MsDtc
2015-03-29 06:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-03-29 06:10 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\InputMethod
2015-03-29 06:10 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2015-03-29 06:01 - 2013-08-22 11:36 - 00000000 ___SD () C:\WINDOWS\system32\Configuration
2015-03-29 05:59 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Speech
2015-03-29 05:59 - 2012-12-22 04:42 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak
2015-03-29 05:58 - 2013-02-08 19:00 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak1
2015-03-29 05:57 - 2014-11-21 04:25 - 00000000 ____D () C:\WINDOWS\SKB
2015-03-29 05:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\security
2015-03-29 05:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\schemas
2015-03-29 05:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Resources
2015-03-29 05:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PLA
2015-03-29 05:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Performance
2015-03-29 05:48 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\InputMethod
2015-03-29 05:46 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Help
2015-03-29 05:46 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Globalization
2015-03-29 05:45 - 2013-04-07 15:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-03-29 05:45 - 2012-12-26 05:19 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-29 05:45 - 2012-12-22 05:19 - 00002112 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-03-29 05:45 - 2012-12-22 05:19 - 00002100 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-03-29 05:44 - 2013-04-01 23:33 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-29 05:44 - 2013-04-01 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-29 05:44 - 2013-04-01 23:33 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-29 05:42 - 2014-01-16 02:27 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-03-29 05:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-03-29 05:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\ADFS
2015-03-29 05:42 - 2013-01-27 18:23 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-29 05:40 - 2015-02-01 22:03 - 00000000 ____D () C:\Users\Heather\Documents\TAXACT 2014
2015-03-29 05:40 - 2013-03-28 13:45 - 00000000 ____D () C:\Users\Heather\Documents\Fax
2015-03-29 05:39 - 2014-12-11 23:27 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\PCDr
2015-03-29 05:39 - 2013-03-30 22:34 - 00000000 ____D () C:\Users\Heather\Desktop\Adobe
2015-03-29 05:39 - 2013-03-28 13:01 - 00000000 ____D () C:\Users\Heather\Desktop\Adobe Photoshop CS6
2015-03-29 05:39 - 2013-01-27 18:23 - 00000000 ____D () C:\Program Files\Bonjour
2015-03-29 05:39 - 2013-01-27 18:23 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-03-29 05:39 - 2013-01-01 03:39 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Mozilla
2015-03-29 05:39 - 2012-12-22 23:25 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Intel
2015-03-29 05:39 - 2012-12-22 05:28 - 00002277 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-29 05:39 - 2012-12-22 04:48 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Macromedia
2015-03-29 05:39 - 2012-12-22 04:46 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Adobe
2015-03-29 05:38 - 2012-12-22 05:28 - 00003882 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-29 05:38 - 2012-12-22 05:28 - 00003646 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-29 05:38 - 2012-12-22 04:45 - 00000000 ____D () C:\Users\Heather\AppData\Local\Packages
2015-03-29 05:37 - 2013-01-27 18:22 - 00000000 ____D () C:\ProgramData\Apple
2015-03-29 05:37 - 2012-12-22 04:49 - 00000000 ____D () C:\Users\Heather\AppData\Local\Mozilla
2015-03-29 05:36 - 2015-02-01 22:03 - 00000000 ____D () C:\TaxACT
2015-03-29 05:36 - 2014-12-11 23:29 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-03-29 05:36 - 2014-12-10 19:33 - 00000000 ____D () C:\Users\Chiara.Mine\AppData\Roaming\Mozilla
2015-03-29 05:36 - 2014-12-10 19:33 - 00000000 ____D () C:\Users\Chiara.Mine\AppData\Local\Mozilla
2015-03-29 05:36 - 2014-12-10 19:24 - 00000000 ____D () C:\Users\Chiara.Mine\AppData\Roaming\Intel
2015-03-29 05:36 - 2014-12-10 19:24 - 00000000 ____D () C:\Users\Chiara.Mine\AppData\Local\Packages
2015-03-29 05:36 - 2013-12-16 05:09 - 00000000 ____D () C:\Users\Heather\AppData\Local\Mobogenie
2015-03-29 05:36 - 2013-12-16 05:08 - 00000000 ____D () C:\ProgramData\Symantec
2015-03-29 05:36 - 2013-11-23 18:30 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-29 05:36 - 2013-09-30 22:17 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-29 05:36 - 2013-08-22 09:36 - 00000000 __RHD () C:\Users\Default
2015-03-29 05:36 - 2013-01-25 09:14 - 00000000 ____D () C:\Users\Heather\AppData\Local\Apps\2.0
2015-03-29 05:36 - 2012-12-22 05:28 - 00000000 ____D () C:\Users\Heather\AppData\Local\Google
2015-03-29 05:36 - 2012-12-22 04:41 - 00000000 ____D () C:\Users\Administrator
2015-03-29 05:35 - 2014-12-12 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2015-03-29 05:35 - 2014-12-11 19:20 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-03-29 05:35 - 2013-09-30 22:15 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-29 05:35 - 2012-12-22 04:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-29 05:33 - 2013-04-24 18:58 - 00000000 ____D () C:\ProgramData\HP
2015-03-29 05:33 - 2013-04-05 14:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-29 05:33 - 2013-01-27 18:23 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-29 05:33 - 2012-12-23 14:17 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-29 05:33 - 2012-12-23 07:16 - 00000000 ____D () C:\ProgramData\Battle.net
2015-03-29 05:33 - 2012-12-22 23:31 - 00000000 ____D () C:\ProgramData\Dell
2015-03-29 05:33 - 2012-12-22 23:22 - 00000000 ____D () C:\ProgramData\Intel
2015-03-29 05:32 - 2015-01-28 23:08 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-03-29 05:32 - 2013-08-22 11:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2015-03-29 05:32 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-03-29 05:29 - 2013-04-08 19:19 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-29 05:28 - 2012-12-22 23:24 - 00000000 ____D () C:\Program Files\Intel
2015-03-29 05:27 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-29 05:27 - 2013-04-24 19:14 - 00000000 ____D () C:\Program Files\HP
2015-03-29 05:27 - 2013-03-28 13:47 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-03-29 05:27 - 2012-12-22 23:31 - 00000000 ____D () C:\Program Files\Dell
2015-03-29 05:27 - 2012-12-22 04:54 - 00000000 ____D () C:\Program Files\Common Files\Intel
2015-03-29 05:25 - 2013-03-28 13:51 - 00000000 ____D () C:\Program Files\Adobe
2015-03-29 05:24 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows NT
2015-03-29 05:23 - 2015-01-28 23:08 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-03-29 05:23 - 2015-01-28 20:17 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-29 05:23 - 2014-12-12 00:02 - 00000000 ____D () C:\Program Files (x86)\Seagate
2015-03-29 05:23 - 2014-09-19 04:20 - 00000000 ____D () C:\Program Files (x86)\RockResult
2015-03-29 05:23 - 2012-12-22 23:23 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-03-29 05:22 - 2015-01-28 20:19 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-03-29 05:22 - 2013-04-24 18:55 - 00000000 ____D () C:\Program Files (x86)\HP
2015-03-29 05:22 - 2013-04-08 19:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-29 05:22 - 2012-12-22 23:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-29 05:21 - 2013-10-14 15:50 - 00000000 ____D () C:\Program Files (x86)\Convergys
2015-03-29 05:21 - 2013-04-24 18:55 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-03-29 05:21 - 2012-12-22 05:28 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-29 05:20 - 2015-02-01 18:53 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-03-29 05:19 - 2012-12-28 19:48 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-29 04:56 - 2012-12-26 05:19 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-29 04:00 - 2015-02-01 20:14 - 00000000 _____ () C:\Recovery.txt
2015-03-21 23:10 - 2013-01-27 18:24 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Apple Computer
2015-03-21 19:11 - 2015-01-28 23:14 - 00000000 ___DC () C:\WINDOWS\Panther
2015-03-21 17:18 - 2012-12-22 05:19 - 00000000 ____D () C:\Users\Heather\AppData\Local\Thunderbird
2015-03-19 21:11 - 2014-12-12 03:55 - 00000000 ____D () C:\Users\Heather\Desktop\christmas
2015-03-19 19:40 - 2012-12-23 14:17 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-03-13 22:31 - 2013-09-26 03:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-03 09:17 - 2014-12-11 21:20 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2015-03-25 01:08 - 2015-03-25 01:08 - 0007615 _____ () C:\Users\Heather\AppData\Local\Resmon.ResmonCfg
2012-12-22 23:20 - 2012-12-22 23:22 - 0015872 _____ () C:\Users\Heather\AppData\Local\WiDiSetupLog.20121222.192043.txt
2012-12-22 23:31 - 2012-12-22 23:33 - 0025338 _____ () C:\Users\Heather\AppData\Local\WiDiSetupLog.20121222.193113.txt
2012-12-23 00:23 - 2012-12-23 00:25 - 0027588 _____ () C:\Users\Heather\AppData\Local\WiDiSetupLog.20121222.202359.txt
2013-04-24 19:14 - 2013-04-24 19:14 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-11-25 16:08 - 2013-01-17 18:09 - 0007680 _____ () C:\ProgramData\Z@!-030d8585-e30e-4ae5-b275-59206cb5a299.tmp
2013-11-25 16:12 - 2013-01-17 18:09 - 0007680 _____ () C:\ProgramData\Z@!-81030719-e458-4e7f-b787-81cfc1933dd9.tmp
2013-11-25 16:12 - 2013-01-17 18:09 - 0007168 _____ () C:\ProgramData\Z@S!-40a7073e-96bf-47bf-a8e2-8ff8f24ef30a.tmp
2013-11-25 16:08 - 2013-01-17 18:09 - 0007168 _____ () C:\ProgramData\Z@S!-95ec5bda-b5a7-49cb-9798-808710913bd9.tmp

Files to move or delete:
====================
C:\Users\Heather\7720A11.exe
C:\Users\Heather\Application_Intel_W78_A00_Setup-P41WG_ZPE.exe
C:\Users\Heather\Application_Intel_W7_A00_Setup-DF46Y_ZPE.exe
C:\Users\Heather\Application_Intel_W8_A01_Setup-V3DDH_ZPE.exe
C:\Users\Heather\Application_Intel_W8_A02_Setup-NPPC8_ZPE.exe
C:\Users\Heather\APP_Quickset_W7W8_A05_NY82X-Setup_ZPE.exe
C:\Users\Heather\App_TBTMonitor_W78_A00_Setup-X3CV1_ZPE.exe
C:\Users\Heather\Audio_IDT_W7W8_A02_3F35Y-Setup_ZPE.exe
C:\Users\Heather\CardReader_Realtek_W7_A00_Setup-MJND3_ZPE.exe
C:\Users\Heather\CardReader_Realtek_W8_A00_Setup-XP14R_ZPE.exe
C:\Users\Heather\Chipset_Intel_A00_Setup-C0G85_ZPE.exe
C:\Users\Heather\Chipset_Intel_A00_Setup-X685F_ZPE.exe
C:\Users\Heather\Chipset_Intel_W7_A01_Setup-JH8MG_ZPE.exe
C:\Users\Heather\Chipset_Intel_W8_A00_Setup-J6J56_ZPE.exe
C:\Users\Heather\DellDigitalDelivery.2.2.2000.0_Install_ZPE.exe
C:\Users\Heather\DellDigitalDelivery.Release.2.1.1000.0_ZPE.exe
C:\Users\Heather\Input_ALPS_W7_A01_Setup-R2GJ4_ZPE.exe
C:\Users\Heather\Input_ALPS_W8_A01_Setup-VWWPP_ZPE.exe
C:\Users\Heather\LOM_Realtek_W7_A01_Setup-64MJX_ZPE.exe
C:\Users\Heather\Network_Intel_BT_W84_A02_Setup-FMJWY_ZPE.exe
C:\Users\Heather\Network_Intel_W74_A01_Setup-3WV2F_ZPE.exe
C:\Users\Heather\Network_Intel_W84_A02_Setup-6YX1K_ZPE.exe
C:\Users\Heather\SATA_Intel_W8_A00_Setup-TVTKH_ZPE.exe
C:\Users\Heather\SATA_Intel_W8_A01_Setup-52H8F_ZPE.exe
C:\Users\Heather\Video_Intel_W74_A02_Setup-WP8X9_ZPE.exe
C:\Users\Heather\Video_Intel_W784_A02_Setup-HV148_ZPE.exe
C:\Users\Heather\Video_Nvidia_W78_64_A03_Setup_M3N33_ZPE.exe


Some content of TEMP:
====================
C:\Users\Heather\AppData\Local\Temp\mpam-4486488f.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-30 03:32

==================== End Of Log ============================

Attached File  Addition.txt   42.26KB   5 downloadsAttached File  FRST.txt   91.59KB   0 downloads


Edited by quicklycrazy, 30 March 2015 - 03:03 AM.


BC AdBot (Login to Remove)

 


#2 quicklycrazy

quicklycrazy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 30 March 2015 - 03:09 AM

I happened to notice updatususer as an account...it isn't listed under my user accounts and i have no earthly idea what it is.  My cousin did have an account on here when he borrowed my computer for work purposes, and I assumed he deleted it correctly, but perhaps not? Updating to add, he did follow proper removal procedure...so no clue what this is.

Edited by quicklycrazy, 30 March 2015 - 03:45 AM.


#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:35 PM

Posted 30 March 2015 - 11:16 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    GroupPolicy: Group Policy on Chrome detected 
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
    CHR HKU\S-1-5-21-4207824641-2776632091-801553687-1001\SOFTWARE\Policies\Google: Policy restriction 
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
    URLSearchHook: [S-1-5-21-4207824641-2776632091-801553687-1004] ATTENTION ==> Default URLSearchHook is missing.
    SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
    SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
    SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4207824641-2776632091-801553687-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
    Toolbar: HKLM - No Name - {DF72524A-E493-4989-B28E-2D113D4AAF05} -  No File
    Toolbar: HKLM-x32 - No Name - {DF72524A-E493-4989-B28E-2D113D4AAF05} -  No File
    Tcpip\..\Interfaces\{7CEA56B9-2B2F-4A70-9E73-63F2D0530E07}: [NameServer] 81.218.119.15,199.203.35.75
    Task: {05DA3E3C-B492-4CAA-B9E1-1C84DE98C29D} - \Yahoo! Search Updater No Task File 
    Task: {3AE3EDCB-0A45-42C7-9153-5FA4F4037822} - \Yahoo! Search No Task File 
    Task: {515C11D7-9812-4A41-A88B-FEDBBC957908} - \Advanced System Protector_startup No Task File 
    Task: {8B0D0A28-894F-4435-BFA1-AA2139F4A5FD} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe 
    Task: {9D613E25-2E71-4542-9E24-22B186DF777B} - \RegClean Pro No Task File 
    C:\Program Files (x86)\RegClean Pro
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.
 

I happened to notice updatususer as an account.

 
Please have a look:
http://answers.microsoft.com/en-us/windows/forum/windows_7-security/what-is-the-updatususer-account-in-my-accounts-for/08c759b6-124d-e011-8dfc-68b599b31bf5
 
Step 2

rzqZvBe.pngMiniToolBox
  • Please download MiniToolBox and save the file to your Desktop.
  • Close any open windows.
  • Right-Click MiniToolBox.exe and select Run as administrator to run the programme.
  • Check the following items:
    • njvAG80.png
    • kLju9nY.png
  • Click GO.
  • A log (Result.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.

Edited by deeprybka, 30 March 2015 - 11:17 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 quicklycrazy

quicklycrazy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 30 March 2015 - 03:10 PM

thanks for you personalized help.

 

fix log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Heather at 2015-03-30 15:58:46 Run:1
Running from C:\Users\Heather\Desktop
Loaded Profiles: Heather & UpdatusUser (Available profiles: Heather & UpdatusUser & Chiara)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction
CHR HKU\S-1-5-21-4207824641-2776632091-801553687-1001\SOFTWARE\Policies\Google: Policy restriction
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
URLSearchHook: [S-1-5-21-4207824641-2776632091-801553687-1004] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4207824641-2776632091-801553687-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
Toolbar: HKLM - No Name - {DF72524A-E493-4989-B28E-2D113D4AAF05} -  No File
Toolbar: HKLM-x32 - No Name - {DF72524A-E493-4989-B28E-2D113D4AAF05} -  No File
Tcpip\..\Interfaces\{7CEA56B9-2B2F-4A70-9E73-63F2D0530E07}: [NameServer] 81.218.119.15,199.203.35.75
Task: {05DA3E3C-B492-4CAA-B9E1-1C84DE98C29D} - \Yahoo! Search Updater No Task File
Task: {3AE3EDCB-0A45-42C7-9153-5FA4F4037822} - \Yahoo! Search No Task File
Task: {515C11D7-9812-4A41-A88B-FEDBBC957908} - \Advanced System Protector_startup No Task File
Task: {8B0D0A28-894F-4435-BFA1-AA2139F4A5FD} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe
Task: {9D613E25-2E71-4542-9E24-22B186DF777B} - \RegClean Pro No Task File
C:\Program Files (x86)\RegClean Pro
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-4207824641-2776632091-801553687-1001\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
Error setting Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} => Key not found.
"HKU\S-1-5-21-4207824641-2776632091-801553687-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{DF72524A-E493-4989-B28E-2D113D4AAF05} => value deleted successfully.
HKCR\CLSID\{DF72524A-E493-4989-B28E-2D113D4AAF05} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{DF72524A-E493-4989-B28E-2D113D4AAF05} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{DF72524A-E493-4989-B28E-2D113D4AAF05} => Key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7CEA56B9-2B2F-4A70-9E73-63F2D0530E07}\\NameServer => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05DA3E3C-B492-4CAA-B9E1-1C84DE98C29D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05DA3E3C-B492-4CAA-B9E1-1C84DE98C29D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3AE3EDCB-0A45-42C7-9153-5FA4F4037822}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AE3EDCB-0A45-42C7-9153-5FA4F4037822}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{515C11D7-9812-4A41-A88B-FEDBBC957908}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{515C11D7-9812-4A41-A88B-FEDBBC957908}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8B0D0A28-894F-4435-BFA1-AA2139F4A5FD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B0D0A28-894F-4435-BFA1-AA2139F4A5FD}" => Key deleted successfully.
C:\Windows\System32\Tasks\Advanced System Protector => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D613E25-2E71-4542-9E24-22B186DF777B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D613E25-2E71-4542-9E24-22B186DF777B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro" => Key deleted successfully.
"C:\Program Files (x86)\RegClean Pro" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog 15:58:49 ====

 

MTB result:

MiniToolBox by Farbar  Version: 09-03-2015
Ran by Heather (administrator) on 30-03-2015 at 16:06:07
Running from "C:\Users\Heather\Desktop"
Microsoft Windows 8.1  (X64)
Model: Inspiron 7720 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.
========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 2230 = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_16" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_17" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 14" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_6" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Mine
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #2
   Physical Address. . . . . . . . . : 84-A6-C8-BF-F0-FD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 86-A6-C8-BF-F0-F9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 14:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 84-A6-C8-BF-F0-FA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 5C-F9-DD-50-69-AC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 2230
   Physical Address. . . . . . . . . : 84-A6-C8-BF-F0-F9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::2808:aeb5:4a03:ca3f%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, March 30, 2015 4:02:45 PM
   Lease Expires . . . . . . . . . . : Tuesday, March 31, 2015 4:02:49 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 260351688
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-67-29-42-84-A6-C8-BF-F0-F9
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4006:80d::1004
      173.194.123.104
      173.194.123.102
      173.194.123.103
      173.194.123.101
      173.194.123.105
      173.194.123.99
      173.194.123.100
      173.194.123.98
      173.194.123.97
      173.194.123.110
      173.194.123.96


Pinging google.com [173.194.123.96] with 32 bytes of data:
Reply from 173.194.123.96: bytes=32 time=38ms TTL=53
Reply from 173.194.123.96: bytes=32 time=34ms TTL=53

Ping statistics for 173.194.123.96:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 34ms, Maximum = 38ms, Average = 36ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=52ms TTL=50
Reply from 98.139.183.24: bytes=32 time=51ms TTL=50

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 51ms, Maximum = 52ms, Average = 51ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  9...84 a6 c8 bf f0 fd ......Bluetooth Device (Personal Area Network) #2
  8...86 a6 c8 bf f0 f9 ......Microsoft Hosted Network Virtual Adapter
  7...84 a6 c8 bf f0 fa ......Microsoft Wi-Fi Direct Virtual Adapter
  4...5c f9 dd 50 69 ac ......Realtek PCIe FE Family Controller
  3...84 a6 c8 bf f0 f9 ......Intel® Centrino® Wireless-N 2230
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.4     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.4    281
      192.168.1.4  255.255.255.255         On-link       192.168.1.4    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.4    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.4    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.4    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  3    281 fe80::/64                On-link
  3    281 fe80::2808:aeb5:4a03:ca3f/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

**** End of log ****
 



#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:35 PM

Posted 30 March 2015 - 03:21 PM

How is the computer running now? :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 quicklycrazy

quicklycrazy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 30 March 2015 - 03:30 PM

right this second it appears to be ok.  No redirects, No underlined words with stupid  deals, but, I am not super excited...yet, at least.  It acted fine again at one other point in my scans prior to help and then came back.  Sooo...let me give it a bit and report back again?



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:35 PM

Posted 30 March 2015 - 03:44 PM

OK! :)

In the meanwhile:

Step 1

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.(NEW VERSION!)
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif



Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 quicklycrazy

quicklycrazy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 30 March 2015 - 03:52 PM

so delete my mbam that I have now that has realtime protection?  interface looks the same



#9 quicklycrazy

quicklycrazy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 30 March 2015 - 06:40 PM

mbam log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/30/2015
Scan Time: 4:55:16 PM
Logfile:
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.30.09
Rootkit Database: v2015.03.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Heather

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 630467
Time Elapsed: 36 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

----------------------------------------------------------------------------------

 

eset log

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3831695d414c8349b6596313aa966edf
# engine=23145
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-03-30 06:19:50
# local_time=2015-03-30 02:19:50 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 4692382 0 0
# scanned=70891
# found=7
# cleaned=0
# scan_time=3885
sh=15087CCA54DCBEAD06C36619A6F149241CA27873 ft=1 fh=c71c00111974b402 vn="Win32/AdWare.Adpeak.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Rr Savings\SendJson.dll.vir"
sh=22A3F74C8FA3BAF363B26F1CED92FA6E048F4A9E ft=1 fh=210043307b82281e vn="a variant of Win64/Toolbar.SearchSuite.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\del_64DLL_nsmE4E6.dll.vir"
sh=1CBE4131517EA02318B4E507FFBF2DC13C9C1640 ft=1 fh=c39ecf1f8dcb1733 vn="Win32/Toolbar.SearchSuite.M potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\del_DLL_nsmE4E6.dll.vir"
sh=C5AA96F17ED2B68CA4C839EA7394F4534B4F5C3F ft=1 fh=57a85fb4fd4bc01c vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=15087CCA54DCBEAD06C36619A6F149241CA27873 ft=1 fh=c71c00111974b402 vn="Win32/AdWare.Adpeak.H application" ac=I fn="C:\Program Files (x86)\Rr Savings\SendJson.dll"
sh=22A3F74C8FA3BAF363B26F1CED92FA6E048F4A9E ft=1 fh=210043307b82281e vn="a variant of Win64/Toolbar.SearchSuite.B potentially unwanted application" ac=I fn="C:\ProgramData\Wincert\del_64DLL_nsmE4E6.dll"
sh=1CBE4131517EA02318B4E507FFBF2DC13C9C1640 ft=1 fh=c39ecf1f8dcb1733 vn="Win32/Toolbar.SearchSuite.M potentially unwanted application" ac=I fn="C:\ProgramData\Wincert\del_DLL_nsmE4E6.dll"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3831695d414c8349b6596313aa966edf
# engine=23157
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-03-30 11:32:05
# local_time=2015-03-30 07:32:05 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 4754317 0 0
# scanned=211170
# found=21
# cleaned=0
# scan_time=6192
sh=15087CCA54DCBEAD06C36619A6F149241CA27873 ft=1 fh=c71c00111974b402 vn="Win32/AdWare.Adpeak.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Rr Savings\SendJson.dll.vir"
sh=22A3F74C8FA3BAF363B26F1CED92FA6E048F4A9E ft=1 fh=210043307b82281e vn="a variant of Win64/Toolbar.SearchSuite.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\del_64DLL_nsmE4E6.dll.vir"
sh=1CBE4131517EA02318B4E507FFBF2DC13C9C1640 ft=1 fh=c39ecf1f8dcb1733 vn="Win32/Toolbar.SearchSuite.M potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\del_DLL_nsmE4E6.dll.vir"
sh=C5AA96F17ED2B68CA4C839EA7394F4534B4F5C3F ft=1 fh=57a85fb4fd4bc01c vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=15087CCA54DCBEAD06C36619A6F149241CA27873 ft=1 fh=c71c00111974b402 vn="Win32/AdWare.Adpeak.H application" ac=I fn="C:\Program Files (x86)\Rr Savings\SendJson.dll"
sh=22A3F74C8FA3BAF363B26F1CED92FA6E048F4A9E ft=1 fh=210043307b82281e vn="a variant of Win64/Toolbar.SearchSuite.B potentially unwanted application" ac=I fn="C:\ProgramData\Wincert\del_64DLL_nsmE4E6.dll"
sh=1CBE4131517EA02318B4E507FFBF2DC13C9C1640 ft=1 fh=c39ecf1f8dcb1733 vn="Win32/Toolbar.SearchSuite.M potentially unwanted application" ac=I fn="C:\ProgramData\Wincert\del_DLL_nsmE4E6.dll"
sh=22A3F74C8FA3BAF363B26F1CED92FA6E048F4A9E ft=1 fh=210043307b82281e vn="a variant of Win64/Toolbar.SearchSuite.B potentially unwanted application" ac=I fn="C:\Users\All Users\Wincert\del_64DLL_nsmE4E6.dll"
sh=1CBE4131517EA02318B4E507FFBF2DC13C9C1640 ft=1 fh=c39ecf1f8dcb1733 vn="Win32/Toolbar.SearchSuite.M potentially unwanted application" ac=I fn="C:\Users\All Users\Wincert\del_DLL_nsmE4E6.dll"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Users\Heather\AppData\Roaming\0S1F1O2Z0S2Y1H1T\Media Player Classic Packages\uninstaller.exe"
sh=25CF9B7BB46B581ED8DE03DDC56E1574087CACAA ft=1 fh=10c5a1651be6049d vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Heather\Desktop\ccsetup326.exe"
sh=DF5019B4B4924376CA516089B75F414DD48453DA ft=1 fh=12e7a6e367cdf50a vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Heather\Downloads\cbsidlm-tr1_12-Belarc_Advisor-ORG-10007277.exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Heather\Downloads\cbsidlm-tr1_13-DFX_Audio_Enhancer-SEO-10048113.exe"
sh=3D84C7C0E316EAD02DD7A59E746EC798DAB8BC0C ft=1 fh=ce50a11e70bad71c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Heather\Downloads\ccsetup328.exe"
sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Heather\Downloads\ccsetup400.exe"
sh=6FC49F18E5EEA977F6FC05D29FC8574543BE8895 ft=1 fh=a21aacd10f8a1fff vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Heather\Downloads\ccsetup500pro (1).exe"
sh=6FC49F18E5EEA977F6FC05D29FC8574543BE8895 ft=1 fh=a21aacd10f8a1fff vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Heather\Downloads\ccsetup500pro.exe"
sh=DBD6CD321F98F235991B05130B93DDBFE74AAEFD ft=1 fh=3a9dd407a9c5067b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Heather\Downloads\ccsetup504pro.exe"
sh=72323A6053DD3E217DA7D4281C34A72D62D5F2E4 ft=1 fh=62e83ceb5adbfbf2 vn="a variant of Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Users\Heather\Downloads\Media_Player_Classic(1).exe"
sh=72323A6053DD3E217DA7D4281C34A72D62D5F2E4 ft=1 fh=62e83ceb5adbfbf2 vn="a variant of Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Users\Heather\Downloads\Media_Player_Classic.exe"
sh=0FBB09D7CAD992CA9AE1281FD8030D3210994DD2 ft=1 fh=c9b8e6a4c9b87c95 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="C:\Users\Heather\Downloads\uTorrent-3.3.exe"
 



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:35 PM

Posted 31 March 2015 - 12:03 PM

Hi there,

Step 1

Please uninstall some programs:
  • Windows 8 w8.png: Hold down the Windows logo key and press X to open a menu at the lower-left area of the screen.
  • Select Programs and Features from the menu.
  • Search and select the following programs one by one and click on Uninstall: Media Player Classic Packages
Step 2

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    "C:\Program Files (x86)\Rr Savings"
    "C:\ProgramData\Wincert"
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.
lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?

Edited by deeprybka, 31 March 2015 - 12:04 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 quicklycrazy

quicklycrazy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 31 March 2015 - 03:17 PM

all i see when I try uninstalling that program is this:

Attached File  Untitled.jpg   32.08KB   0 downloads



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:35 PM

Posted 31 March 2015 - 03:44 PM

Please set the checkbox and click close.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 quicklycrazy

quicklycrazy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 31 March 2015 - 04:05 PM

OK, done.  Here's fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Heather at 2015-03-31 16:57:59 Run:2
Running from C:\Users\Heather\Desktop
Loaded Profiles: Heather & UpdatusUser (Available profiles: Heather & UpdatusUser & Chiara)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
"C:\Program Files (x86)\Rr Savings"
"C:\ProgramData\Wincert"
EmptyTemp:
*****************

Processes closed successfully.
C:\Program Files (x86)\Rr Savings => Moved successfully.
C:\ProgramData\Wincert => Moved successfully.
EmptyTemp: => Removed 656.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 16:58:03 ====

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Heather (administrator) on MINE on 31-03-2015 17:03:22
Running from C:\Users\Heather\Desktop
Loaded Profiles: Heather & UpdatusUser (Available profiles: Heather & UpdatusUser & Chiara)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
Failed to access process -> CAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Farbar) C:\Users\Heather\Desktop\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-06] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4384928 2012-08-27] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-4207824641-2776632091-801553687-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Heather\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4207824641-2776632091-801553687-1001\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4207824641-2776632091-801553687-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-4207824641-2776632091-801553687-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2014-12-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4207824641-2776632091-801553687-1001\...\Run: [DellSystemDetect] => C:\Users\Heather\AppData\Local\Apps\2.0\V9YA9KZK.K5Z\4KLORGEL.4NJ\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2014-12-11] (Dell)
HKU\S-1-5-21-4207824641-2776632091-801553687-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
Startup: C:\Users\Chiara.Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicyUsers\S-1-5-21-4207824641-2776632091-801553687-1006\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4207824641-2776632091-801553687-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4207824641-2776632091-801553687-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-4207824641-2776632091-801553687-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKU\S-1-5-21-4207824641-2776632091-801553687-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
URLSearchHook: [S-1-5-21-4207824641-2776632091-801553687-1004] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4207824641-2776632091-801553687-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4207824641-2776632091-801553687-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4207824641-2776632091-801553687-1001 -> {6D21BFE3-4AC6-4285-8DC1-3C9E3B3F2AE5} URL = http://search.findwide.com/serp?guid={8D3087A8-D893-4566-9715-3F3BC0A29D4F}&action=default_search&serpv=22&k={searchTerms}
SearchScopes: HKU\S-1-5-21-4207824641-2776632091-801553687-1001 -> {710B9205-3055-40F0-BB08-084F93C27283} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4207824641-2776632091-801553687-1001 -> {72E79FEC-909A-4D13-BC8B-4A73BBCF2165} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4207824641-2776632091-801553687-1001 -> {DA7A02CB-80DA-403A-8460-DA2C3CDF14E5} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10743
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-19] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-19] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\h2z2ppju.default-1427699787578
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-19] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF Extension: Adblock Plus - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\h2z2ppju.default-1427699787578\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-30]

Chrome:
=======
CHR Profile: C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-24]
CHR Extension: (Google Docs) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-24]
CHR Extension: (Google Drive) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-24]
CHR Extension: (YouTube) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-24]
CHR Extension: (Google Search) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-24]
CHR Extension: (Google Sheets) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-24]
CHR Extension: (Google Wallet) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-24]
CHR Extension: (Gmail) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-01-07] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
S2 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1243344 2014-09-03] (Intel® Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173568 2012-10-09] (Dell Products, LP.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-07] (Realsil Microelectronics Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-11-19] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-11-19] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [93400 2015-03-30] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew01.sys [3354384 2015-01-06] (Intel Corporation)
R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2012-09-04] (Realtek Semiconductor Corp.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 usb3Hub; \SystemRoot\System32\drivers\usb3Hub.sys [X]
S3 XHCIPort; \SystemRoot\System32\drivers\XHCIPort.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-31 16:13 - 2015-03-31 16:13 - 00003404 _____ () C:\WINDOWS\System32\Tasks\{756FB332-C0DC-4B80-B212-3703D584DB6C}
2015-03-30 19:32 - 2015-03-30 19:32 - 00002458 _____ () C:\Users\Heather\Desktop\eset2.txt
2015-03-30 17:44 - 2015-03-30 17:44 - 02347384 _____ (ESET) C:\Users\Heather\Desktop\esetsmartinstaller_enu(1).exe
2015-03-30 17:35 - 2015-03-30 17:35 - 00001036 _____ () C:\Users\Heather\Desktop\mbam.txt
2015-03-30 16:06 - 2015-03-30 16:06 - 00009203 _____ () C:\Users\Heather\Desktop\Result.txt
2015-03-30 16:03 - 2015-03-30 16:03 - 00402944 _____ (Farbar) C:\Users\Heather\Desktop\MiniToolBox.exe
2015-03-30 15:01 - 2014-07-18 14:42 - 00026496 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\insugf64.exe
2015-03-30 03:53 - 2015-03-30 03:54 - 00043277 _____ () C:\Users\Heather\Desktop\Addition.txt
2015-03-30 03:52 - 2015-03-31 17:04 - 00023261 _____ () C:\Users\Heather\Desktop\FRST.txt
2015-03-30 03:45 - 2015-03-30 03:45 - 02095616 _____ (Farbar) C:\Users\Heather\Desktop\FRST64 (1).exe
2015-03-30 03:44 - 2015-03-30 03:44 - 02095616 _____ (Farbar) C:\Users\Heather\Downloads\FRST64.exe
2015-03-30 01:21 - 2015-03-30 01:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-30 01:17 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-30 01:17 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-30 01:11 - 2015-03-30 01:11 - 02347384 _____ (ESET) C:\Users\Heather\Downloads\esetsmartinstaller_enu.exe
2015-03-30 01:11 - 2015-03-30 01:11 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-29 21:07 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-29 21:07 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-29 21:06 - 2015-03-05 22:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-29 21:06 - 2015-03-05 22:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-29 20:30 - 2015-03-29 20:47 - 00000466 ____H () C:\WINDOWS\Tasks\Norton Security Scan for Heather.job
2015-03-29 20:30 - 2015-03-29 20:30 - 00003604 _____ () C:\WINDOWS\System32\Tasks\Norton Security Scan for Heather
2015-03-29 20:29 - 2015-02-06 19:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-29 20:29 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-29 20:29 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-29 20:29 - 2015-01-19 14:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-03-29 20:29 - 2014-12-08 23:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-03-29 20:29 - 2014-12-08 21:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-03-29 20:12 - 2015-02-19 23:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-29 20:12 - 2015-02-19 22:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-29 20:12 - 2015-02-19 22:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-29 20:12 - 2015-02-19 22:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-29 20:11 - 2015-03-29 20:12 - 02967032 _____ (Malwarebytes ) C:\Users\Heather\Downloads\mbae-setup-1.05.1.1016.exe
2015-03-29 20:11 - 2015-03-10 22:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-03-29 20:11 - 2015-03-10 18:08 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-03-29 20:11 - 2015-03-10 18:08 - 00943104 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-03-29 20:11 - 2015-03-10 18:08 - 00760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-03-29 20:11 - 2015-03-10 18:08 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-03-29 20:11 - 2015-03-10 18:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-03-29 20:11 - 2015-03-10 18:08 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-03-29 20:11 - 2015-02-25 19:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-29 20:10 - 2015-03-29 20:10 - 00065232 _____ (Malwarebytes) C:\Users\Heather\Downloads\regassassin-setup-1.03.exe
2015-03-29 20:10 - 2015-03-29 20:10 - 00000000 ____D () C:\82acdb2eda0fa2c44e22bd
2015-03-29 20:08 - 2015-03-29 20:08 - 04909382 _____ () C:\Users\Heather\Desktop\mbam-chameleon-3.1.7.0(1).zip
2015-03-29 20:08 - 2015-01-30 19:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-29 20:08 - 2015-01-30 19:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-29 20:08 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-29 20:08 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-29 20:08 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-29 20:08 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-29 20:07 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-29 20:07 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-29 20:07 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-29 20:07 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-29 20:07 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-29 20:07 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-03-29 20:07 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-03-29 20:05 - 2015-03-29 20:05 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Heather\Downloads\mbar-1.09.1.1004.exe
2015-03-29 20:01 - 2015-02-05 21:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-29 20:01 - 2015-02-05 21:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-29 20:01 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-29 20:01 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-29 20:01 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-29 20:01 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-29 20:01 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-29 20:01 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-29 20:01 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-29 20:01 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-29 20:01 - 2015-01-28 21:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-29 20:01 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-29 19:59 - 2015-01-29 23:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-29 19:59 - 2015-01-29 23:00 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-29 19:59 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-03-29 19:59 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-03-29 19:36 - 2015-01-15 18:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-03-29 19:36 - 2015-01-15 18:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-03-29 19:36 - 2015-01-14 00:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-03-29 19:36 - 2015-01-13 23:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-03-29 19:35 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-29 19:35 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-29 19:35 - 2014-12-19 04:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-03-29 19:35 - 2014-12-19 04:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-03-29 13:58 - 2015-03-31 16:59 - 00539442 _____ () C:\WINDOWS\PFRO.log
2015-03-29 13:58 - 2015-03-31 16:59 - 00000693 _____ () C:\WINDOWS\setupact.log
2015-03-29 13:58 - 2015-03-29 13:58 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-03-29 06:41 - 2015-03-31 17:02 - 01551695 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-29 05:49 - 2014-12-11 19:36 - 00002120 _____ () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2015-03-29 05:43 - 2015-03-29 05:43 - 00001767 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-29 05:43 - 2015-03-29 05:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-29 05:42 - 2015-03-29 05:43 - 00000000 ____D () C:\Program Files\iTunes
2015-03-29 05:42 - 2015-03-29 05:42 - 00000000 ____D () C:\Program Files\iPod
2015-03-29 05:42 - 2015-03-29 05:42 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-29 05:37 - 2015-03-29 05:37 - 00880208 _____ (Google Inc.) C:\Users\Heather\Downloads\ChromeSetup.exe
2015-03-29 04:59 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-29 04:59 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-29 04:37 - 2015-03-29 04:40 - 05346704 _____ (Piriform Ltd) C:\Users\Heather\Downloads\ccsetup504pro.exe
2015-03-28 22:31 - 2015-03-28 22:32 - 00084277 _____ () C:\Users\Heather\Downloads\FRST.txt
2015-03-28 22:23 - 2015-03-28 22:23 - 00000706 _____ () C:\Users\Heather\Desktop\JRT.txt
2015-03-28 20:28 - 2015-03-29 07:44 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-03-28 20:28 - 2015-03-28 20:30 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-03-25 17:49 - 2015-03-29 13:58 - 00000000 ____D () C:\WINDOWS\Sun
2015-03-25 04:36 - 2015-03-25 04:36 - 04909382 _____ () C:\Users\Heather\Downloads\mbam-chameleon-3.1.7.0.zip
2015-03-25 04:35 - 2015-03-29 07:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-03-25 04:35 - 2015-03-28 22:03 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-03-25 03:43 - 2015-03-29 23:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-25 03:42 - 2015-03-29 23:28 - 00000000 ____D () C:\Users\Heather\Desktop\mbar
2015-03-25 01:08 - 2015-03-25 01:08 - 00007615 _____ () C:\Users\Heather\AppData\Local\Resmon.ResmonCfg
2015-03-24 22:06 - 2015-03-28 21:55 - 00000000 ____D () C:\AdwCleaner
2015-03-24 22:00 - 2015-03-24 22:01 - 00041423 _____ () C:\Users\Heather\Downloads\Addition.txt
2015-03-24 21:59 - 2015-03-31 17:03 - 00000000 ____D () C:\FRST
2015-03-24 17:27 - 2015-03-24 17:27 - 51970048 _____ () C:\WINDOWS\system32\config\COMPONENTS.iobit
2015-03-24 17:05 - 2015-03-24 17:05 - 00000000 ____D () C:\Program Files\Java
2015-03-24 16:47 - 2015-03-29 07:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2015-03-24 16:47 - 2015-03-29 07:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2015-03-21 21:15 - 2015-03-21 21:15 - 05234688 _____ () C:\WINDOWS\system32\config\DRIVERS.iobit
2015-03-21 19:07 - 2015-03-21 19:07 - 00401408 _____ () C:\WINDOWS\system32\config\DEFAULT.iobit
2015-03-21 19:07 - 2015-03-21 19:07 - 00061440 _____ () C:\WINDOWS\system32\config\SAM.iobit
2015-03-21 19:07 - 2015-03-21 19:07 - 00028672 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2015-03-21 19:06 - 2015-03-21 19:07 - 90669056 _____ () C:\WINDOWS\system32\config\SOFTWARE.iobit
2015-03-21 19:04 - 2015-03-29 07:48 - 00000000 ____D () C:\ProgramData\ProductData
2015-03-21 19:03 - 2015-03-29 07:48 - 00000000 ____D () C:\ProgramData\IObit
2015-03-21 19:03 - 2015-03-24 19:00 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\IObit
2015-03-21 19:03 - 2015-03-24 16:47 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-03-21 19:03 - 2015-03-21 19:03 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2015-03-21 19:03 - 2015-03-21 19:03 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-03-21 14:47 - 2015-03-21 15:22 - 00005535 _____ () C:\Users\Heather\Downloads\umbrella.log
2015-03-21 14:47 - 2015-03-21 15:22 - 00001930 _____ () C:\Users\Heather\umbrella0.log
2015-03-21 14:47 - 2015-03-21 14:47 - 00000000 ____D () C:\Users\Heather\.shsh
2015-03-21 12:27 - 2015-03-21 12:27 - 00000015 _____ () C:\Users\Heather\apple.txt
2015-03-21 11:41 - 2015-03-29 05:43 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-19 21:08 - 2015-03-24 16:40 - 00004369 _____ () C:\Users\Heather\Sti_Trace.log
2015-03-19 21:07 - 2015-03-19 21:09 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Epson
2015-03-19 20:59 - 2015-03-19 20:59 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Leadertech
2015-03-19 20:52 - 2015-03-19 20:52 - 00000000 ____D () C:\Program Files (x86)\epson
2015-03-19 20:51 - 2015-03-19 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-03-19 20:51 - 2015-03-19 20:52 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2015-03-19 20:51 - 2015-03-19 20:51 - 00000000 ____D () C:\Program Files\EpsonNet
2015-03-19 20:51 - 2015-03-19 20:51 - 00000000 ____D () C:\Program Files\EPSON
2015-03-19 19:48 - 2015-03-19 21:22 - 00000000 ____D () C:\Users\Heather\Desktop\check stubs
2015-03-19 19:31 - 2015-03-04 17:24 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-19 19:31 - 2015-03-04 17:24 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-13 22:31 - 2015-03-29 23:54 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-03-13 19:36 - 2015-03-31 16:09 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F67859B4-9425-4C5A-A49E-D08A71D29D67}
2015-03-13 19:35 - 2015-03-13 19:35 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieUserList
2015-03-13 19:35 - 2015-03-13 19:35 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieSiteList
2015-03-13 19:35 - 2015-03-13 19:35 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieBrowserModeList
2015-03-13 18:51 - 2015-03-13 18:51 - 00000000 ____D () C:\Users\Heather\AppData\Local\Deployment
2015-03-13 17:44 - 2015-03-13 17:44 - 00001331 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-03-13 17:44 - 2015-03-13 17:44 - 00001319 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-03-13 17:39 - 2015-03-13 17:57 - 00000000 ____D () C:\Users\Heather\Desktop\New folder (3)
2015-03-11 10:55 - 2015-03-31 16:55 - 00000929 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Update {D40A601B-C86B-4794-9D35-02CD3DA773B9}.job
2015-03-11 10:55 - 2015-03-31 16:55 - 00000743 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {D40A601B-C86B-4794-9D35-02CD3DA773B9}.job
2015-03-11 10:55 - 2015-03-29 07:51 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2015-03-11 10:55 - 2015-03-11 10:55 - 00003960 _____ () C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Update {D40A601B-C86B-4794-9D35-02CD3DA773B9}
2015-03-11 10:55 - 2015-03-11 10:55 - 00003774 _____ () C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Invitation {D40A601B-C86B-4794-9D35-02CD3DA773B9}
2015-03-11 10:54 - 2015-03-29 05:33 - 00000000 ____D () C:\ProgramData\EPSON
2015-03-11 10:54 - 2014-12-02 04:46 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ILMBLBE.DLL
2015-03-11 10:54 - 2014-12-02 04:46 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ID4BLBE.DLL
2015-03-11 10:54 - 2014-12-02 04:46 - 00010752 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL
2015-03-11 10:51 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-11 10:51 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-11 10:51 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-11 10:51 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-11 10:51 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-11 10:51 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-11 10:51 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-11 10:51 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-11 10:51 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-11 10:51 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-11 10:51 - 2015-02-19 22:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-11 10:51 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-11 10:51 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-11 10:51 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-11 10:51 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-11 10:51 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-11 10:51 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-11 10:51 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-11 10:51 - 2015-02-19 21:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-11 10:51 - 2015-02-19 21:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-11 10:51 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-11 10:51 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-11 10:51 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-11 10:51 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-11 10:51 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-11 10:51 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-11 10:51 - 2015-02-19 21:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-11 10:51 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-11 10:51 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-11 10:51 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-11 10:51 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-11 10:51 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-11 10:51 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-11 10:51 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-11 10:51 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-11 10:51 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-11 10:51 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-11 10:51 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-11 10:51 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-11 10:51 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-11 10:51 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-11 10:51 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-11 10:51 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-03-11 10:51 - 2015-01-11 21:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-03-11 10:51 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-03-11 10:51 - 2015-01-11 21:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-03-11 10:51 - 2014-11-09 19:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-03-11 10:51 - 2014-11-09 19:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-03-11 10:51 - 2014-11-09 19:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-03-11 10:51 - 2014-11-09 19:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-03-11 10:51 - 2014-07-23 23:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-03-11 10:51 - 2014-07-23 23:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-03-11 10:50 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-11 10:50 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-11 10:50 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-11 10:50 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-11 10:50 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-11 10:50 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-11 10:50 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-11 10:50 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-11 10:50 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-11 10:50 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-11 10:50 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-11 10:50 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-11 10:50 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-11 10:50 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-11 10:50 - 2015-01-28 11:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-11 10:50 - 2015-01-28 11:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-11 10:50 - 2015-01-28 11:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-11 10:50 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-11 10:50 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-11 10:50 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-11 10:50 - 2014-12-02 19:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-03-11 10:50 - 2014-10-28 22:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-03-11 10:50 - 2014-10-28 22:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-03-11 10:50 - 2014-10-28 21:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-03-11 10:50 - 2014-10-28 21:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-03-11 10:50 - 2014-10-28 21:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-03-11 10:50 - 2014-10-28 21:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-03-11 10:50 - 2014-10-28 21:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-03-11 10:50 - 2014-10-28 21:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-03-11 10:47 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-11 10:47 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-31 17:01 - 2015-01-28 21:06 - 00000000 ____D () C:\Users\Heather\OneDrive
2015-03-31 17:00 - 2014-07-31 03:04 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-31 17:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-31 17:00 - 2012-12-22 05:28 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-31 16:59 - 2015-01-28 20:16 - 00017408 _____ () C:\WINDOWS\SysWOW64\rpcnetp.dll
2015-03-31 16:59 - 2015-01-28 20:15 - 00029336 _____ () C:\WINDOWS\system32\wpbbin.exe
2015-03-31 16:59 - 2015-01-28 20:15 - 00017408 _____ () C:\WINDOWS\SysWOW64\rpcnetp.exe
2015-03-31 16:59 - 2015-01-28 20:15 - 00017408 _____ () C:\WINDOWS\system32\rpcnetp.exe
2015-03-31 16:59 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-31 16:59 - 2012-12-22 04:44 - 00069792 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\rpcnet.dll
2015-03-31 16:58 - 2013-08-22 09:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-31 16:56 - 2014-12-11 19:37 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\ClassicShell
2015-03-31 16:55 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-03-31 16:43 - 2012-12-22 05:28 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-31 16:37 - 2012-12-23 14:17 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-31 16:09 - 2012-12-30 15:00 - 00000000 ____D () C:\Users\Heather\AppData\Local\Adobe
2015-03-30 16:41 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-30 16:00 - 2015-01-28 21:03 - 00000612 __RSH () C:\Users\Heather\ntuser.pol
2015-03-30 16:00 - 2015-01-28 20:26 - 00000000 ____D () C:\Users\Heather
2015-03-30 15:58 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-03-30 03:06 - 2014-11-21 04:44 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-30 02:59 - 2012-12-22 04:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-30 02:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-30 02:04 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-30 01:42 - 2012-12-22 04:53 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4207824641-2776632091-801553687-1001
2015-03-30 00:14 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-30 00:06 - 2014-07-31 03:04 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-29 23:58 - 2013-08-22 10:44 - 05103256 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-29 23:56 - 2015-01-28 20:26 - 00000000 ____D () C:\Users\UpdatusUser.Mine
2015-03-29 23:54 - 2014-11-21 11:56 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-03-29 23:54 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-29 23:54 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-29 23:54 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-29 23:54 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-29 23:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-29 23:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-03-29 23:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-03-29 23:54 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-29 23:54 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-29 21:07 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-29 21:00 - 2012-12-22 05:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-29 08:09 - 2015-01-28 20:26 - 00000000 ___RD () C:\Users\UpdatusUser.Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-29 08:09 - 2015-01-28 20:26 - 00000000 ___RD () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-29 08:09 - 2015-01-28 20:26 - 00000000 ___RD () C:\Users\Chiara.Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-29 08:09 - 2015-01-28 20:26 - 00000000 ___RD () C:\Users\Chiara.Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-29 08:09 - 2015-01-28 20:26 - 00000000 ____D () C:\Users\Chiara.Mine
2015-03-29 08:09 - 2015-01-28 20:19 - 00000000 ____D () C:\Program Files\IDT
2015-03-29 08:09 - 2014-11-27 20:54 - 00000000 ____D () C:\WINDOWS\system32\vbox
2015-03-29 08:09 - 2014-11-21 04:25 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-03-29 08:09 - 2014-11-21 04:25 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-29 08:09 - 2014-09-29 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-03-29 08:09 - 2014-05-09 21:22 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack
2015-03-29 08:09 - 2013-12-16 05:08 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\DesktopTileResources
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\zh-HK
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\WinMetadata
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\uk-UA
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\tr-TR
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\th-TH
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sr-Latn-RS
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sr-Latn-CS
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sl-SI
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sk-SK
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\ro-RO
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Recovery
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\ras
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MSDRM
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\lv-LV
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\lt-LT
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InstallShield
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\icsxml
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\hr-HR
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\he-IL
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\et-EE
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Bthprops
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\bg-BG
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\ar-SA
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\zh-HK
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WinMetadata
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\uk-UA
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\tr-TR
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\th-TH
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sppui
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sl-SI
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sk-SK
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\ro-RO
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\ras
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\MSDRM
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\lv-LV
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\lt-LT
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\icsxml
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\ias
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\hr-HR
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\he-IL
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\et-EE
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Bthprops
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\bg-BG
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\ar-SA
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system\Speech
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\L2Schemas
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\IME
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Cursors
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\addins
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\Services
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-03-29 08:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-03-29 08:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2015-03-29 08:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\downlevel
2015-03-29 08:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-03-29 08:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\AdvancedInstallers
2015-03-29 08:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-03-29 08:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-03-29 08:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\downlevel
2015-03-29 08:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-03-29 08:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-03-29 08:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-03-29 08:09 - 2013-04-08 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCR Media Formats
2015-03-29 08:09 - 2012-12-26 05:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-29 08:09 - 2012-12-22 23:27 - 00000000 ____D () C:\WINDOWS\SysWOW64\sda
2015-03-29 08:09 - 2012-12-22 22:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-03-29 07:54 - 2015-01-28 21:04 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-03-29 07:54 - 2014-12-11 22:29 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-03-29 07:54 - 2014-12-11 22:29 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-03-29 07:54 - 2014-11-27 20:54 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox
2015-03-29 07:54 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm
2015-03-29 07:54 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr
2015-03-29 07:54 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\system32\winrm
2015-03-29 07:54 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\system32\slmgr
2015-03-29 07:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Speech
2015-03-29 07:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2015-03-29 07:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MsDtc
2015-03-29 07:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Licenses
2015-03-29 07:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
2015-03-29 07:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-03-29 07:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-03-29 07:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-03-29 07:54 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\System
2015-03-29 07:54 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\SMI
2015-03-29 07:54 - 2013-01-27 18:23 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2015-03-29 07:54 - 2012-12-23 02:39 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dell
2015-03-29 07:53 - 2013-12-16 05:08 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NSSx64
2015-03-29 07:53 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2015-03-29 07:53 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Licenses
2015-03-29 07:53 - 2013-08-22 10:45 - 00000000 ____D () C:\WINDOWS\Setup
2015-03-29 07:52 - 2015-01-28 20:26 - 00000000 ___RD () C:\Users\UpdatusUser.Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-29 07:52 - 2015-01-28 20:26 - 00000000 ___RD () C:\Users\UpdatusUser.Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-29 07:52 - 2015-01-28 20:26 - 00000000 ___RD () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-29 07:52 - 2015-01-28 20:26 - 00000000 ___RD () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-29 07:52 - 2015-01-28 20:26 - 00000000 ____D () C:\Users\UpdatusUser.Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-29 07:52 - 2015-01-28 20:26 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-29 07:52 - 2014-12-12 01:43 - 00000000 ___RD () C:\Users\Heather\Creative Cloud Files
2015-03-29 07:52 - 2014-12-11 22:10 - 00000000 ____D () C:\Users\Heather\Desktop\NVI2
2015-03-29 07:52 - 2014-12-11 22:10 - 00000000 ____D () C:\Users\Heather\Desktop\NV3DVisionUSB.Driver
2015-03-29 07:52 - 2014-12-11 22:10 - 00000000 ____D () C:\Users\Heather\Desktop\NV3DVision
2015-03-29 07:52 - 2014-12-11 22:10 - 00000000 ____D () C:\Users\Heather\Desktop\MS.NET
2015-03-29 07:52 - 2014-12-11 22:10 - 00000000 ____D () C:\Users\Heather\Desktop\HDAudio
2015-03-29 07:52 - 2014-12-11 22:10 - 00000000 ____D () C:\Users\Heather\Desktop\GFExperience
2015-03-29 07:52 - 2014-12-11 22:10 - 00000000 ____D () C:\Users\Heather\Desktop\Display.Update
2015-03-29 07:52 - 2014-12-11 22:10 - 00000000 ____D () C:\Users\Heather\Desktop\Display.Optimus
2015-03-29 07:52 - 2014-12-11 22:10 - 00000000 ____D () C:\Users\Heather\Desktop\Display.NView
2015-03-29 07:52 - 2014-12-11 22:10 - 00000000 ____D () C:\Users\Heather\Desktop\Display.Driver
2015-03-29 07:52 - 2014-12-11 21:37 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-03-29 07:52 - 2013-12-16 04:53 - 00000000 ____D () C:\Users\Heather\AppData\Local\FreeVideoPlayer
2015-03-29 07:52 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Branding
2015-03-29 07:52 - 2013-04-24 19:14 - 00000000 ____D () C:\Users\Heather\AppData\Local\HP
2015-03-29 07:52 - 2013-04-20 22:58 - 00000000 ____D () C:\Users\Heather\Downloads\In.Bruges[2008]DvDrip-aXXo
2015-03-29 07:52 - 2013-04-05 13:50 - 00000000 ____D () C:\Users\Heather\AppData\Local\SwvUpdater
2015-03-29 07:52 - 2013-04-05 12:23 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Intel WiDi
2015-03-29 07:52 - 2013-04-05 12:23 - 00000000 ____D () C:\Users\Heather\AppData\Local\Intel
2015-03-29 07:52 - 2013-04-05 00:35 - 00000000 ____D () C:\Users\Heather\Downloads\Oz.the.Great.and.Powerful.2013.HDTS.XVID.AC3.HQ.Hive-CM8
2015-03-29 07:52 - 2013-04-04 21:16 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\uTorrent
2015-03-29 07:52 - 2012-12-22 05:19 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Thunderbird
2015-03-29 07:52 - 2012-12-22 04:45 - 00000000 ____D () C:\Users\Heather\AppData\Local\VirtualStore
2015-03-29 07:52 - 2012-12-22 04:41 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-29 07:52 - 2012-12-22 04:41 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-29 07:52 - 2012-12-22 04:41 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-29 07:52 - 2012-12-22 04:41 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-29 07:51 - 2015-02-01 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxACT
2015-03-29 07:51 - 2015-02-01 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-03-29 07:51 - 2015-01-28 23:08 - 00000000 ____D () C:\Program Files\MSBuild
2015-03-29 07:51 - 2015-01-28 20:26 - 00000000 ___RD () C:\Users\Chiara.Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-29 07:51 - 2015-01-28 20:26 - 00000000 ____D () C:\Users\Chiara.Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-29 07:51 - 2015-01-28 20:19 - 00000000 ____D () C:\Program Files\DellTPad
2015-03-29 07:51 - 2015-01-28 20:17 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-29 07:51 - 2014-12-11 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-03-29 07:51 - 2014-12-11 23:29 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-03-29 07:51 - 2014-12-11 23:28 - 00000000 ____D () C:\Program Files\My Dell
2015-03-29 07:51 - 2014-12-11 19:37 - 00000000 ____D () C:\ProgramData\ClassicShell
2015-03-29 07:51 - 2014-12-11 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-03-29 07:51 - 2014-12-11 19:36 - 00000000 ____D () C:\Program Files\Classic Shell
2015-03-29 07:51 - 2014-12-11 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-29 07:51 - 2014-09-29 14:00 - 00000000 ____D () C:\Program Files\Recuva
2015-03-29 07:51 - 2014-07-31 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-29 07:51 - 2014-01-30 09:27 - 00000000 ____D () C:\ProgramData\tperFectcouuppOoN
2015-03-29 07:51 - 2014-01-30 09:27 - 00000000 ____D () C:\ProgramData\hpbhddnlllomglndnajlgojofomigfob
2015-03-29 07:51 - 2014-01-30 09:27 - 00000000 ____D () C:\ProgramData\DownloADuitkeep
2015-03-29 07:51 - 2014-01-30 09:27 - 00000000 ____D () C:\ProgramData\3b6b9379fcbda85e
2015-03-29 07:51 - 2013-12-16 05:08 - 00000000 ____D () C:\ProgramData\Norton
2015-03-29 07:51 - 2013-12-16 05:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2015-03-29 07:51 - 2013-10-14 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAVE Downloader
2015-03-29 07:51 - 2013-04-24 19:14 - 00000000 ____D () C:\ProgramData\Visan
2015-03-29 07:51 - 2013-04-24 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-03-29 07:51 - 2013-04-24 19:14 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2015-03-29 07:51 - 2013-04-08 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-29 07:51 - 2013-01-21 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-03-29 07:51 - 2013-01-21 19:12 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2015-03-29 07:51 - 2013-01-19 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-29 07:51 - 2013-01-19 19:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-03-29 07:51 - 2012-12-23 07:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2015-03-29 07:51 - 2012-12-22 22:53 - 00000000 ____D () C:\Users\Heather\AppData\Local\Akamai
2015-03-29 07:51 - 2012-12-22 05:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-29 07:51 - 2012-12-22 04:41 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-29 07:51 - 2012-12-22 04:41 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-29 07:51 - 2012-12-22 04:41 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-29 07:51 - 2012-12-22 04:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-29 07:50 - 2015-02-01 18:42 - 00000000 ____D () C:\Program Files (x86)\Intel Driver Update Utility
2015-03-29 07:50 - 2015-01-28 23:08 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-03-29 07:50 - 2014-07-31 03:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-29 07:50 - 2014-05-09 21:22 - 00000000 ____D () C:\Program Files (x86)\Essentials Codec Pack
2015-03-29 07:50 - 2014-05-09 21:21 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-03-29 07:50 - 2013-12-16 05:08 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan
2015-03-29 07:50 - 2013-12-16 05:08 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2015-03-29 07:50 - 2013-04-24 19:14 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2015-03-29 07:50 - 2013-04-08 19:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2015-03-29 07:50 - 2013-04-08 19:14 - 00000000 ____D () C:\Program Files (x86)\NCR Media Formats
2015-03-29 07:50 - 2013-04-08 19:14 - 00000000 ____D () C:\Program Files (x86)\NCR Label Formats for MS Word Setup
2015-03-29 07:50 - 2013-04-05 13:50 - 00000000 ____D () C:\Program Files (x86)\Conduit
2015-03-29 07:50 - 2013-01-27 18:23 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-03-29 07:50 - 2013-01-19 19:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-29 07:50 - 2012-12-23 07:16 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-03-29 07:50 - 2012-12-23 00:21 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery
2015-03-29 07:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\registration
2015-03-29 06:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Web
2015-03-29 06:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Vss
2015-03-29 06:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\vpnplugins
2015-03-29 06:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\WindowsPowerShell
2015-03-29 06:18 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-03-29 06:18 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\spp
2015-03-29 06:18 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\networklist
2015-03-29 06:17 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2015-03-29 06:17 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2015-03-29 06:16 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SystemResources
2015-03-29 06:15 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2015-03-29 06:14 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\spp
2015-03-29 06:14 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2015-03-29 06:13 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts
2015-03-29 06:13 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Speech
2015-03-29 06:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\networklist
2015-03-29 06:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\MsDtc
2015-03-29 06:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-03-29 06:10 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\InputMethod
2015-03-29 06:10 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2015-03-29 06:01 - 2013-08-22 11:36 - 00000000 ___SD () C:\WINDOWS\system32\Configuration
2015-03-29 05:59 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Speech
2015-03-29 05:59 - 2012-12-22 04:42 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak
2015-03-29 05:58 - 2013-02-08 19:00 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak1
2015-03-29 05:57 - 2014-11-21 04:25 - 00000000 ____D () C:\WINDOWS\SKB
2015-03-29 05:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\security
2015-03-29 05:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\schemas
2015-03-29 05:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Resources
2015-03-29 05:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PLA
2015-03-29 05:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Performance
2015-03-29 05:48 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\InputMethod
2015-03-29 05:46 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Help
2015-03-29 05:46 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Globalization
2015-03-29 05:45 - 2013-04-07 15:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-03-29 05:45 - 2012-12-26 05:19 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-29 05:45 - 2012-12-22 05:19 - 00002112 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-03-29 05:45 - 2012-12-22 05:19 - 00002100 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-03-29 05:44 - 2013-04-01 23:33 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-29 05:44 - 2013-04-01 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-29 05:44 - 2013-04-01 23:33 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-29 05:42 - 2014-01-16 02:27 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-03-29 05:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-03-29 05:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\ADFS
2015-03-29 05:42 - 2013-01-27 18:23 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-29 05:40 - 2015-02-01 22:03 - 00000000 ____D () C:\Users\Heather\Documents\TAXACT 2014
2015-03-29 05:40 - 2013-03-28 13:45 - 00000000 ____D () C:\Users\Heather\Documents\Fax
2015-03-29 05:39 - 2014-12-11 23:27 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\PCDr
2015-03-29 05:39 - 2013-03-30 22:34 - 00000000 ____D () C:\Users\Heather\Desktop\Adobe
2015-03-29 05:39 - 2013-03-28 13:01 - 00000000 ____D () C:\Users\Heather\Desktop\Adobe Photoshop CS6
2015-03-29 05:39 - 2013-01-27 18:23 - 00000000 ____D () C:\Program Files\Bonjour
2015-03-29 05:39 - 2013-01-27 18:23 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-03-29 05:39 - 2013-01-01 03:39 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Mozilla
2015-03-29 05:39 - 2012-12-22 23:25 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Intel
2015-03-29 05:39 - 2012-12-22 05:28 - 00002277 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-29 05:39 - 2012-12-22 04:48 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Macromedia
2015-03-29 05:39 - 2012-12-22 04:46 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Adobe
2015-03-29 05:38 - 2012-12-22 05:28 - 00003882 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-29 05:38 - 2012-12-22 05:28 - 00003646 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-29 05:38 - 2012-12-22 04:45 - 00000000 ____D () C:\Users\Heather\AppData\Local\Packages
2015-03-29 05:37 - 2013-01-27 18:22 - 00000000 ____D () C:\ProgramData\Apple
2015-03-29 05:37 - 2012-12-22 04:49 - 00000000 ____D () C:\Users\Heather\AppData\Local\Mozilla
2015-03-29 05:36 - 2015-02-01 22:03 - 00000000 ____D () C:\TaxACT
2015-03-29 05:36 - 2014-12-11 23:29 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-03-29 05:36 - 2014-12-10 19:33 - 00000000 ____D () C:\Users\Chiara.Mine\AppData\Roaming\Mozilla
2015-03-29 05:36 - 2014-12-10 19:33 - 00000000 ____D () C:\Users\Chiara.Mine\AppData\Local\Mozilla
2015-03-29 05:36 - 2014-12-10 19:24 - 00000000 ____D () C:\Users\Chiara.Mine\AppData\Roaming\Intel
2015-03-29 05:36 - 2014-12-10 19:24 - 00000000 ____D () C:\Users\Chiara.Mine\AppData\Local\Packages
2015-03-29 05:36 - 2013-12-16 05:09 - 00000000 ____D () C:\Users\Heather\AppData\Local\Mobogenie
2015-03-29 05:36 - 2013-12-16 05:08 - 00000000 ____D () C:\ProgramData\Symantec
2015-03-29 05:36 - 2013-11-23 18:30 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-29 05:36 - 2013-09-30 22:17 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-29 05:36 - 2013-08-22 09:36 - 00000000 __RHD () C:\Users\Default
2015-03-29 05:36 - 2013-01-25 09:14 - 00000000 ____D () C:\Users\Heather\AppData\Local\Apps\2.0
2015-03-29 05:36 - 2012-12-22 05:28 - 00000000 ____D () C:\Users\Heather\AppData\Local\Google
2015-03-29 05:36 - 2012-12-22 04:41 - 00000000 ____D () C:\Users\Administrator
2015-03-29 05:35 - 2014-12-12 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2015-03-29 05:35 - 2014-12-11 19:20 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-03-29 05:35 - 2013-09-30 22:15 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-29 05:35 - 2012-12-22 04:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-29 05:33 - 2013-04-24 18:58 - 00000000 ____D () C:\ProgramData\HP
2015-03-29 05:33 - 2013-04-05 14:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-29 05:33 - 2013-01-27 18:23 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-29 05:33 - 2012-12-23 14:17 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-29 05:33 - 2012-12-23 07:16 - 00000000 ____D () C:\ProgramData\Battle.net
2015-03-29 05:33 - 2012-12-22 23:31 - 00000000 ____D () C:\ProgramData\Dell
2015-03-29 05:33 - 2012-12-22 23:22 - 00000000 ____D () C:\ProgramData\Intel
2015-03-29 05:32 - 2015-01-28 23:08 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-03-29 05:32 - 2013-08-22 11:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2015-03-29 05:32 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-03-29 05:29 - 2013-04-08 19:19 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-29 05:28 - 2012-12-22 23:24 - 00000000 ____D () C:\Program Files\Intel
2015-03-29 05:27 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-29 05:27 - 2013-04-24 19:14 - 00000000 ____D () C:\Program Files\HP
2015-03-29 05:27 - 2013-03-28 13:47 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-03-29 05:27 - 2012-12-22 23:31 - 00000000 ____D () C:\Program Files\Dell
2015-03-29 05:27 - 2012-12-22 04:54 - 00000000 ____D () C:\Program Files\Common Files\Intel
2015-03-29 05:25 - 2013-03-28 13:51 - 00000000 ____D () C:\Program Files\Adobe
2015-03-29 05:24 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows NT
2015-03-29 05:23 - 2015-01-28 23:08 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-03-29 05:23 - 2015-01-28 20:17 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-29 05:23 - 2014-12-12 00:02 - 00000000 ____D () C:\Program Files (x86)\Seagate
2015-03-29 05:23 - 2014-09-19 04:20 - 00000000 ____D () C:\Program Files (x86)\RockResult
2015-03-29 05:23 - 2012-12-22 23:23 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-03-29 05:22 - 2015-01-28 20:19 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-03-29 05:22 - 2013-04-24 18:55 - 00000000 ____D () C:\Program Files (x86)\HP
2015-03-29 05:22 - 2013-04-08 19:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-29 05:22 - 2012-12-22 23:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-29 05:21 - 2013-10-14 15:50 - 00000000 ____D () C:\Program Files (x86)\Convergys
2015-03-29 05:21 - 2013-04-24 18:55 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-03-29 05:21 - 2012-12-22 05:28 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-29 05:20 - 2015-02-01 18:53 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-03-29 05:19 - 2012-12-28 19:48 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-29 04:56 - 2012-12-26 05:19 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-29 04:00 - 2015-02-01 20:14 - 00000000 _____ () C:\Recovery.txt
2015-03-21 23:10 - 2013-01-27 18:24 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Apple Computer
2015-03-21 19:11 - 2015-01-28 23:14 - 00000000 ___DC () C:\WINDOWS\Panther
2015-03-21 17:18 - 2012-12-22 05:19 - 00000000 ____D () C:\Users\Heather\AppData\Local\Thunderbird
2015-03-19 21:11 - 2014-12-12 03:55 - 00000000 ____D () C:\Users\Heather\Desktop\christmas
2015-03-19 19:40 - 2012-12-23 14:17 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-03-13 22:31 - 2013-09-26 03:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-03 09:17 - 2014-12-11 21:20 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2015-03-25 01:08 - 2015-03-25 01:08 - 0007615 _____ () C:\Users\Heather\AppData\Local\Resmon.ResmonCfg
2012-12-22 23:20 - 2012-12-22 23:22 - 0015872 _____ () C:\Users\Heather\AppData\Local\WiDiSetupLog.20121222.192043.txt
2012-12-22 23:31 - 2012-12-22 23:33 - 0025338 _____ () C:\Users\Heather\AppData\Local\WiDiSetupLog.20121222.193113.txt
2012-12-23 00:23 - 2012-12-23 00:25 - 0027588 _____ () C:\Users\Heather\AppData\Local\WiDiSetupLog.20121222.202359.txt
2013-04-24 19:14 - 2013-04-24 19:14 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-11-25 16:08 - 2013-01-17 18:09 - 0007680 _____ () C:\ProgramData\Z@!-030d8585-e30e-4ae5-b275-59206cb5a299.tmp
2013-11-25 16:12 - 2013-01-17 18:09 - 0007680 _____ () C:\ProgramData\Z@!-81030719-e458-4e7f-b787-81cfc1933dd9.tmp
2013-11-25 16:12 - 2013-01-17 18:09 - 0007168 _____ () C:\ProgramData\Z@S!-40a7073e-96bf-47bf-a8e2-8ff8f24ef30a.tmp
2013-11-25 16:08 - 2013-01-17 18:09 - 0007168 _____ () C:\ProgramData\Z@S!-95ec5bda-b5a7-49cb-9798-808710913bd9.tmp

Files to move or delete:
====================
C:\Users\Heather\7720A11.exe
C:\Users\Heather\Application_Intel_W78_A00_Setup-P41WG_ZPE.exe
C:\Users\Heather\Application_Intel_W7_A00_Setup-DF46Y_ZPE.exe
C:\Users\Heather\Application_Intel_W8_A01_Setup-V3DDH_ZPE.exe
C:\Users\Heather\Application_Intel_W8_A02_Setup-NPPC8_ZPE.exe
C:\Users\Heather\APP_Quickset_W7W8_A05_NY82X-Setup_ZPE.exe
C:\Users\Heather\App_TBTMonitor_W78_A00_Setup-X3CV1_ZPE.exe
C:\Users\Heather\Audio_IDT_W7W8_A02_3F35Y-Setup_ZPE.exe
C:\Users\Heather\CardReader_Realtek_W7_A00_Setup-MJND3_ZPE.exe
C:\Users\Heather\CardReader_Realtek_W8_A00_Setup-XP14R_ZPE.exe
C:\Users\Heather\Chipset_Intel_A00_Setup-C0G85_ZPE.exe
C:\Users\Heather\Chipset_Intel_A00_Setup-X685F_ZPE.exe
C:\Users\Heather\Chipset_Intel_W7_A01_Setup-JH8MG_ZPE.exe
C:\Users\Heather\Chipset_Intel_W8_A00_Setup-J6J56_ZPE.exe
C:\Users\Heather\DellDigitalDelivery.2.2.2000.0_Install_ZPE.exe
C:\Users\Heather\DellDigitalDelivery.Release.2.1.1000.0_ZPE.exe
C:\Users\Heather\Input_ALPS_W7_A01_Setup-R2GJ4_ZPE.exe
C:\Users\Heather\Input_ALPS_W8_A01_Setup-VWWPP_ZPE.exe
C:\Users\Heather\LOM_Realtek_W7_A01_Setup-64MJX_ZPE.exe
C:\Users\Heather\Network_Intel_BT_W84_A02_Setup-FMJWY_ZPE.exe
C:\Users\Heather\Network_Intel_W74_A01_Setup-3WV2F_ZPE.exe
C:\Users\Heather\Network_Intel_W84_A02_Setup-6YX1K_ZPE.exe
C:\Users\Heather\SATA_Intel_W8_A00_Setup-TVTKH_ZPE.exe
C:\Users\Heather\SATA_Intel_W8_A01_Setup-52H8F_ZPE.exe
C:\Users\Heather\Video_Intel_W74_A02_Setup-WP8X9_ZPE.exe
C:\Users\Heather\Video_Intel_W784_A02_Setup-HV148_ZPE.exe
C:\Users\Heather\Video_Nvidia_W78_64_A03_Setup_M3N33_ZPE.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-30 16:24

==================== End Of Log ============================

 

 

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Heather at 2015-03-31 17:04:37
Running from C:\Users\Heather\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-4207824641-2776632091-801553687-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Dell Digital Delivery (HKLM-x32\...\{F91BF1B5-4213-440C-8539-C6EB2F1D1734}) (Version: 2.2.4000.0 - Dell Products, LP)
Dell System Detect (HKU\S-1-5-21-4207824641-2776632091-801553687-1001\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.214 - ALPS ELECTRIC CO., LTD.)
EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (HKLM\...\{791D3241-C6A4-417F-82E6-00543B6E5012}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Product Detection (HKLM-x32\...\{879F7C80-BCA3-4A11-BDB1-658252ECD7E0}) (Version: 11.15.0005 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6426.0 - IDT)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{89a03d4c-5e14-4180-984e-6932893138fc}) (Version: 17.14.0 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4207824641-2776632091-801553687-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.5.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 en-US)) (Version: 31.5.0 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NCR Label Formats for MS Word Setup (HKLM-x32\...\NCR Label Formats for MS Word Setup) (Version:  - )
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.0.1.16 - Symantec Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.32 - Dell Inc.)
RAVE Downloader (HKLM-x32\...\{480E1853-1801-491B-BD5E-92F554380574}) (Version: 1.2.0 - Convergys)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.39034 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RrSavings (x32 Version: 1.0.0.0 - RrSavings) Hidden
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
TaxACT 2014 - 1040 Edition (HKLM-x32\...\TaxACT 2014 - 1040 Edition) (Version: 1.02 - TaxACT, Inc.)
TaxACT 2014 New York (HKLM-x32\...\TaxACT 2014 New York) (Version: 1.0 - TaxACT, Inc.)
TaxACT 2014 Vermont (HKLM-x32\...\TaxACT 2014 Vermont) (Version: 1.0 - TaxACT, Inc.)
Windows Essentials Media Codec Pack 4.7 [64-Bit] (HKLM-x32\...\Windows Essentials Media Codec Pack) (Version: 4.7 - Media Codec)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4207824641-2776632091-801553687-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4207824641-2776632091-801553687-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Heather\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207824641-2776632091-801553687-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Heather\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207824641-2776632091-801553687-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Heather\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207824641-2776632091-801553687-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Heather\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207824641-2776632091-801553687-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Heather\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

13-03-2015 17:42:50 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
19-03-2015 20:32:01 Windows Update
21-03-2015 13:07:24 avast! antivirus system restore point
24-03-2015 16:13:16 Windows Update
24-03-2015 19:41:32 Driver Booster : Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
28-03-2015 20:01:54 Windows Update
28-03-2015 23:20:21 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2012-07-26 01:26 - 00000407 ____A C:\WINDOWS\system32\Drivers\etc\hosts
loopback                 127

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {106583A5-018B-4B37-95A9-203E78E04D9B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {1621109D-5418-4D29-B63E-E561A1F4AC16} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {20441FD3-88B3-4CF0-A08C-3D390F63371B} - System32\Tasks\IntelBootstrapCCDashServer => C:\Program Files\Intel\WiFi\bin\CCDashServer.exe
Task: {30E33A02-1F31-4AE6-93F2-8D7FBB891891} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4649129F-1305-467C-BFAE-DB0C7F04F77C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {50A4E9FC-FCD5-49A0-B967-A6A4B2697F3C} - System32\Tasks\EPSON XP-310 Series Update {D40A601B-C86B-4794-9D35-02CD3DA773B9} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-12-02] (SEIKO EPSON CORPORATION)
Task: {54F8D3BC-DCCA-464F-9D18-6AC56F937A24} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {5F68B3CA-1374-4288-8AE4-6354B967F810} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-03-19] (Microsoft Corporation)
Task: {74F9E481-F170-4385-8761-5E10CEB3E99C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {78BDD71E-4809-47EB-A5E2-BC5659E9A4B9} - System32\Tasks\Norton Security Scan for Scott => C:\PROGRA~2\NORTON~2\Engine\401~1.16\Nss.exe
Task: {7AD40627-C189-42F1-B579-F6C4DC850CDE} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {7D45D807-36D5-4F67-8C8F-4340378E34F4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-19] (Adobe Systems Incorporated)
Task: {855BE102-DD03-403D-8DC1-D0DCC354E8D5} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-hjohnson113@nycap.rr.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {A603468A-1589-41FC-ACA1-E22F0A0F4509} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {A6F26B7B-4DAD-46F4-9D49-99C055AB4E88} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-26] (Microsoft Corporation)
Task: {AC57C648-5686-4775-9029-08FD9F9EF161} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B27FE278-D1C2-45C9-BC40-FFF23808F4BA} - System32\Tasks\Norton Security Scan for Heather => C:\Program Files (x86)\Norton Security Scan\Engine\4.0.1.16\Nss.exe [2013-05-07] (Symantec Corporation)
Task: {C01AF45B-27D4-4E54-AC70-A927C7EB7223} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.)
Task: {CC45DB28-7FC7-48D8-8F05-6EC38D5D196E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {CD14BB3B-3DCE-47E4-A146-24411ACB7360} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.)
Task: {CDC65C11-9ED1-46B1-BAC2-BBC0F911230D} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-19] (Intel)
Task: {E3118645-D60F-4B3D-8B3B-F27C48A6970D} - System32\Tasks\EPSON XP-310 Series Invitation {D40A601B-C86B-4794-9D35-02CD3DA773B9} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-12-02] (SEIKO EPSON CORPORATION)
Task: {FACDEEC4-55E5-4789-9BA0-B0924AE272FC} - System32\Tasks\AdobeAAMUpdater-1.0-Mine-Scott => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {FADEA3E3-B226-4700-8CBA-6C8345ADB63A} - System32\Tasks\{756FB332-C0DC-4B80-B212-3703D584DB6C} => pcalua.exe -a "C:\Users\Heather\AppData\Roaming\0S1F1O2Z0S2Y1H1T\Media Player Classic Packages\uninstaller.exe" -c /Uninstall /NM="Media Player Classic Packages" /AN="0S1F1O2Z0S2Y1H1T" /MBN="Media Player Classic Packages"
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {D40A601B-C86B-4794-9D35-02CD3DA773B9}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {D40A601B-C86B-4794-9D35-02CD3DA773B9}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{D40A601B-C86B-4794-9D35-02CD3DA773B9} /F:UpdateWORKGROUP\MINE$
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Norton Security Scan for Heather.job => C:\PROGRA~2\NORTON~1\Engine\401~1.16\Nss.exe
Task: C:\WINDOWS\Tasks\Norton Security Scan for Scott.job => C:\PROGRA~2\NORTON~2\Engine\401~1.16\Nss.exe

==================== Loaded Modules (whitelisted) ==============

2013-12-18 15:42 - 2013-12-18 15:42 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-12-22 04:53 - 2013-10-23 04:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-21 04:19 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-12-19 15:57 - 2014-12-19 15:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-03-19 19:47 - 2015-03-19 19:47 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-12-18 15:42 - 2013-12-18 15:42 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2012-12-22 23:26 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Heather\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4207824641-2776632091-801553687-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Heather\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
HKU\S-1-5-21-4207824641-2776632091-801553687-1004\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKU\S-1-5-21-4207824641-2776632091-801553687-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-4207824641-2776632091-801553687-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"

==================== Accounts: =============================

Administrator (S-1-5-21-4207824641-2776632091-801553687-500 - Administrator - Disabled)
Chiara (S-1-5-21-4207824641-2776632091-801553687-1006 - Limited - Enabled) => C:\Users\Chiara.Mine
Guest (S-1-5-21-4207824641-2776632091-801553687-501 - Limited - Disabled)
Heather (S-1-5-21-4207824641-2776632091-801553687-1001 - Administrator - Enabled) => C:\Users\Heather
UpdatusUser (S-1-5-21-4207824641-2776632091-801553687-1004 - Limited - Enabled) => C:\Users\UpdatusUser.Mine

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/31/2015 04:59:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: twinui.dll, version: 6.3.9600.17415, time stamp: 0x54503c45
Exception code: 0x80270249
Fault offset: 0x00000000002f497f
Faulting process id: 0xd30
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (03/31/2015 04:59:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CAMService.exe, version: 1.0.0.1, time stamp: 0x54077d08
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c850f5
Exception code: 0xc0000005
Fault offset: 0x0000000000039a5a
Faulting process id: 0x7a0
Faulting application start time: 0xCAMService.exe0
Faulting application path: CAMService.exe1
Faulting module path: CAMService.exe2
Report Id: CAMService.exe3
Faulting package full name: CAMService.exe4
Faulting package-relative application ID: CAMService.exe5

Error: (03/31/2015 04:53:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (03/31/2015 04:18:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: uninstaller.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: uninstaller.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x000b93fc
Faulting process id: 0x1ee8
Faulting application start time: 0xuninstaller.exe0
Faulting application path: uninstaller.exe1
Faulting module path: uninstaller.exe2
Report Id: uninstaller.exe3
Faulting package full name: uninstaller.exe4
Faulting package-relative application ID: uninstaller.exe5

Error: (03/31/2015 04:15:26 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073422302

Error: (03/31/2015 04:05:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 72517593

Error: (03/31/2015 04:05:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 72517593

Error: (03/31/2015 04:05:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/30/2015 07:54:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bf8

Start Time: 01d06b4413ed9a95

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 07de45a9-d738-11e4-bf25-84a6c8bff0fd

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/30/2015 07:33:16 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.


System errors:
=============
Error: (03/31/2015 05:01:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/31/2015 05:00:02 PM) (Source: DCOM) (EventID: 10010) (User: MINE)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (03/31/2015 04:59:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CAM Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/31/2015 04:58:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application Local Management Service service failed to start due to the following error:
%%3

Error: (03/31/2015 04:58:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%1069

Error: (03/31/2015 04:58:27 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/31/2015 04:58:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/31/2015 04:58:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/31/2015 04:58:23 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/31/2015 04:58:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth OBEX Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (03/31/2015 04:59:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.dll6.3.9600.1741554503c458027024900000000002f497fd3001d06bf595b93a54C:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\twinui.dlle2937604-d7e8-11e4-bf26-84a6c8bff0fd

Error: (03/31/2015 04:59:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CAMService.exe1.0.0.154077d08ntdll.dll6.3.9600.1766854c850f5c00000050000000000039a5a7a001d06bf58fceb72dC:\Program Files\Intel\CAM\bin\CAMService.exeC:\WINDOWS\SYSTEM32\ntdll.dlld939162c-d7e8-11e4-bf26-84a6c8bff0fd

Error: (03/31/2015 04:53:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (03/31/2015 04:18:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: uninstaller.exe0.0.0.02a425e19uninstaller.exe0.0.0.02a425e19c0000005000b93fc1ee801d06befe1430e0fC:\Users\Heather\AppData\Roaming\0S1F1O2Z0S2Y1H1T\Media Player Classic Packages\uninstaller.exeC:\Users\Heather\AppData\Roaming\0S1F1O2Z0S2Y1H1T\Media Player Classic Packages\uninstaller.exe1f309a68-d7e3-11e4-bf25-84a6c8bff0fd

Error: (03/31/2015 04:15:26 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073422302

Error: (03/31/2015 04:05:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 72517593

Error: (03/31/2015 04:05:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 72517593

Error: (03/31/2015 04:05:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/30/2015 07:54:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689bf801d06b4413ed9a954294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe07de45a9-d738-11e4-bf25-84a6c8bff0fdmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (03/30/2015 07:33:16 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe


CodeIntegrity Errors:
===================================
  Date: 2015-03-31 16:54:24.633
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-31 16:54:24.553
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-31 16:54:24.454
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-31 16:54:24.379
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-31 16:54:24.083
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-31 16:54:24.008
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-31 16:54:23.771
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-31 16:54:23.695
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-31 16:54:22.865
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-31 16:54:22.788
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 29%
Total physical RAM: 8046.54 MB
Available physical RAM: 5671.02 MB
Total Pagefile: 9326.54 MB
Available Pagefile: 6856.91 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:921.93 GB) (Free:779.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E67B6C9C)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 8792ABAD)

Partition: GPT Partition Type.

==================== End Of Log ============================



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:35 PM

Posted 01 April 2015 - 05:55 AM

That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or appreciate the assistance you received, then you can consider a donation: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions:



Java 8 Update 31
 

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:35 PM

Posted 04 April 2015 - 03:12 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users